Tuesday, 2 April 2013

Virtual Private Network


Virtual Private Network


A virtual private network (VPN) extends a private network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if they were an integral part of the private network with all the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.



The VPN connection across the Internet is technically a wide area network (WAN) link between the sites. From a user perspective, the extended network resources are accessed in the same way as resources available from the private network—hence the name "virtual private network".

Types of VPN


Early data networks allowed VPN-style remote connectivity through dial-up modems or through leased line connections utilizing Frame Relay and Asynchronous Transfer Mode (ATM) virtual circuits, provisioned through a network owned and operated by telecommunication carriers such as AT&T or Verizon. These networks are not considered true VPNs because they passively secure the data being transmitted by the creation of logical data streams. They have given way to VPNs based on IP and IP/Multiprotocol Label Switching Networks (MPLS), due to significant cost-reductions and increased bandwidth provided by new technologies such as Digital Subscriber Line (DSL) and fiber-optic networks.

VPNs can be either remote-access (connecting an individual computer to a network) or site-to-site (connecting two networks together). In a corporate setting, remote-access VPNs allow employees to access their company's intranet from home or while traveling outside the office, and site-to-site VPNs allow employees in geographically separated offices to share one cohesive virtual network. A VPN can also be used to interconnect two similar networks over a dissimilar middle network; for example, two IPv6 networks over an IPv4 network.

VPN systems can be classified by:

  • The protocols used to tunnel the traffic
  • The tunnel's termination point, i.e., customer edge or network-provider edge
  • Whether they offer site-to-site or remote-access connectivity
  • The levels of security provided
  • The OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity


Security mechanisms


To prevent disclosure of private information, VPNs typically allow only authenticated remote access and make use of encryption techniques.
VPNs provide security through the use of tunneling protocols and through security procedures such as encryption.

The VPN security model provides:

  • Confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and Deep packet inspection), an attacker would only see encrypted data.
  • Sender authentication to prevent unauthorized users from accessing the VPN.
  • Message integrity to detect any instances of transmitted messages having been tampered with.

1 comment:

  1. An additional level of security by VPN is it involves encrypting not only the data, but also the originating and receiving network addresses.
    vpn service

    ReplyDelete