| |
| SOLUTIONS : SOLUTION BY
TECHNOLOGY : VPN |
|
.. |
What is a
VPN?
A Virtual Private Network or Virtual Private Networking (VPN) is a
private communications network that carries controlled information,
protected by various security mechanisms, between known parties to
communicate confidentially over a publicly accessible network. VPN
message traffic can be carried over a public networking infrastructure
(e.g. the Internet) on top of standard protocols, or over a service
provider's private network with a defined Service Level Agreement (SLA)
between the VPN customer and the VPN service provider.
How does a VPN work?
VPN involves a protected or "inside" network, which provides physical
and administrative security to protect the transmission; and a less
trustworthy, "outside" network or segment (usually through the
Internet). Generally, a firewall sits between a remote user's
workstation or client and the host network or server. As the user's
client establishes the communication with the firewall, the client may
pass authentication data to an authentication service inside the
perimeter. A known trusted person, sometimes only when using trusted
devices, can be provided with appropriate security privileges to access
resources not available to general users. Many VPN client programs can
be configured to require that all IP traffic must pass through the
tunnel while the VPN is active, for better security. From the user's
perspective, this means that while the VPN client is active, all access
outside their employer's secure network must pass through the same
firewall as would be the case while physically connected to the office
Ethernet. This reduces the risk that an attacker might gain access to
the secured network by attacking the employee's laptop: to other
computers on the employee's home network, or on the public internet, it
is as though the machine running the VPN client simply does not exist.
Such security is important because other computers local to the network
on which the client computer is operating may be untrusted or partially
trusted. Even with a home network that is protected from the outside
internet by a firewall, people who share a home may be simultaneously
working for different employers over their respective VPN connections
from the shared home network. Each employer would therefore want to
ensure their proprietary data is kept secure, even if another computer
in the local network gets infected with malware. And if a traveling
employee uses a VPN client from a Wi-Fi access point in a public place,
such security is even more important. However, the use of IPX/SPX is
one way users might still be able to access local resources.
What are the different types of VPN?
Secure VPN (SVPN)
SVPN use cryptographic tunneling protocols to provide the necessary
confidentiality (preventing snooping), sender authentication
(preventing identity spoofing), and message integrity (preventing
message alteration) to achieve the privacy intended. When properly
chosen, implemented, and used, such techniques can provide secure
communications over unsecured networks. Because such choice,
implementation, and use are not trivial, there are many insecure VPN
schemes on the market. Secure VPN technologies may also be used to
enhance security as a "security overlay" within dedicated networking
infrastructures. Secure VPN protocols include the following: IPsec (IP
security) - commonly used over IPv4, and an obligatory part of IPv6.
SSL used either for tunneling the entire network stack, such as in
OpenVPN, or for securing what is essentially a web proxy. Although the
latter is often called a "SSL VPN" by VPN vendors, it is not really a
fully-fledged VPN.
PPTP (point-to-point tunneling protocol), developed jointly by a number
of companies, including Microsoft. VPN Tunneling Protocols
Several interesting network protocols have been implemented
specifically for use with VPN tunnels. The three most popular VPN
tunneling protocols listed below continue to compete with each other
for acceptance in the industry. These protocols are generally
incompatible with each other.
Point-to-Point Tunneling Protocol (PPTP)
Several corporations worked together to create the PPTP specification.
People generally associate PPTP with Microsoft because nearly all
flavors of Windows include built-in client support for this protocol.
The initial releases of PPTP for Windows by Microsoft contained
security features that some experts claimed were too weak for serious
use. Microsoft continues to improve its PPTP support, though.
Internet Protocol Security (IPsec)
IPsec is actually a collection of multiple related protocols. It can be
used as a complete VPN protocol solution, or it can used simply as the
encryption scheme within PPTP. IPsec exists at the network layer (Layer
Three) in OSI.
Summary
VPN requires a high degree of maintenance to meet the swarm of security
challenges. For this, one would have to dedicate constant vigilance,
command a solid grasp of digital security fundamentals and possess the
depth of specialist skills that simply isn’t available within
many organizations, especially the smaller ones with constrained IT
budgets. Also, managing a VPN with other security devices is tedious,
time consuming and increases the TCO. The Syntensia VPN uses a variety
of advanced encryption methods to protect data, and allows you to use a
combination of VPN clients that meet the needs for convenience and
security of a number of different users. Syntensia’s VPN could be
used to replace expensive point to point leased lines, and provide
secure remote access to internal network resources for mobile
workforce. |
|
| |
|
|
|
|
