| |
| SOLUTIONS : SOLUTION BY TECHNOLOGY
: VPN |
.. |
What is a VPN?
A Virtual Private Network or Virtual Private Networking (VPN)
is a private communications network that carries controlled
information, protected by various security mechanisms, between
known parties to communicate confidentially over a publicly
accessible network. VPN message traffic can be carried over
a public networking infrastructure (e.g. the Internet) on
top of standard protocols, or over a service provider's private
network with a defined Service Level Agreement (SLA) between
the VPN customer and the VPN service provider.
How does a VPN work?
VPN involves a protected or "inside" network, which
provides physical and administrative security to protect the
transmission; and a less trustworthy, "outside"
network or segment (usually through the Internet). Generally,
a firewall sits between a remote user's workstation or client
and the host network or server. As the user's client establishes
the communication with the firewall, the client may pass authentication
data to an authentication service inside the perimeter. A
known trusted person, sometimes only when using trusted devices,
can be provided with appropriate security privileges to access
resources not available to general users. Many VPN client
programs can be configured to require that all IP traffic
must pass through the tunnel while the VPN is active, for
better security. From the user's perspective, this means that
while the VPN client is active, all access outside their employer's
secure network must pass through the same firewall as would
be the case while physically connected to the office Ethernet.
This reduces the risk that an attacker might gain access to
the secured network by attacking the employee's laptop: to
other computers on the employee's home network, or on the
public internet, it is as though the machine running the VPN
client simply does not exist. Such security is important because
other computers local to the network on which the client computer
is operating may be untrusted or partially trusted. Even with
a home network that is protected from the outside internet
by a firewall, people who share a home may be simultaneously
working for different employers over their respective VPN
connections from the shared home network. Each employer would
therefore want to ensure their proprietary data is kept secure,
even if another computer in the local network gets infected
with malware. And if a traveling employee uses a VPN client
from a Wi-Fi access point in a public place, such security
is even more important. However, the use of IPX/SPX is one
way users might still be able to access local resources.
What are the different types of VPN?
Secure VPN (SVPN)
SVPN use cryptographic tunneling protocols to provide the
necessary confidentiality (preventing snooping), sender authentication
(preventing identity spoofing), and message integrity (preventing
message alteration) to achieve the privacy intended. When
properly chosen, implemented, and used, such techniques can
provide secure communications over unsecured networks. Because
such choice, implementation, and use are not trivial, there
are many insecure VPN schemes on the market. Secure VPN technologies
may also be used to enhance security as a "security overlay"
within dedicated networking infrastructures. Secure VPN protocols
include the following: IPsec (IP security) - commonly used
over IPv4, and an obligatory part of IPv6. SSL used either
for tunneling the entire network stack, such as in OpenVPN,
or for securing what is essentially a web proxy. Although
the latter is often called a "SSL VPN" by VPN vendors,
it is not really a fully-fledged VPN.
PPTP (point-to-point tunneling protocol), developed jointly
by a number of companies, including Microsoft. VPN Tunneling
Protocols Several interesting network protocols have been
implemented specifically for use with VPN tunnels. The three
most popular VPN tunneling protocols listed below continue
to compete with each other for acceptance in the industry.
These protocols are generally incompatible with each other.
Point-to-Point Tunneling Protocol (PPTP)
Several corporations worked together to create the PPTP specification.
People generally associate PPTP with Microsoft because nearly
all flavors of Windows include built-in client support for
this protocol. The initial releases of PPTP for Windows by
Microsoft contained security features that some experts claimed
were too weak for serious use. Microsoft continues to improve
its PPTP support, though.
Internet Protocol
Security (IPsec)
IPsec is actually a collection of multiple related protocols.
It can be used as a complete VPN protocol solution, or it
can used simply as the encryption scheme within PPTP. IPsec
exists at the network layer (Layer Three) in OSI.
Summary
VPN requires a high degree of maintenance to meet the swarm
of security challenges. For this, one would have to dedicate
constant vigilance, command a solid grasp of digital security
fundamentals and possess the depth of specialist skills that
simply isn’t available within many organizations, especially
the smaller ones with constrained IT budgets. Also, managing
a VPN with other security devices is tedious, time consuming
and increases the TCO. The White Knight VPN uses a variety
of advanced encryption methods to protect data, and allows
you to use a combination of VPN clients that meet the needs
for convenience and security of a number of different users.
White Knight’s VPN could be used to replace expensive
point to point leased lines, and provide secure remote access
to internal network resources for mobile workforce. |
|
| |
|
|
|
