Virtual private network (VPN)

Monday, 08 January 2007

A virtual private network (VPN) is a system for securing communications between computers over an open network such as the Internet. A virtual private network is a private data network that makes use of the public telecommunications infrastructure, maintaining privacy through the use of a tunneling protocol and security procedure. The public Internet is presently being used more and more for sensitive and mission critical communications. Computer networking is a widespread approach to the sharing of data and software among users with a common interest in such resources. Virtually every business, governmental, or other organization with more than a very few computers has those computers networked so that individual workstations can share the resources of one or more common processors or servers. Network access systems are becoming increasingly important in modern society. People from around the world may now utilize networks such as the Internet to remotely exchange data, information, and ideas. Many corporations have corporate local area networks (LANs) that employees and clients may remotely access. Additionally, network access systems are often utilized in electronic commerce, such as during Internet transactions, credit card transactions, and automated teller machine (ATM) withdrawals. In today's business world, security is a significant concern in the communication between computer networks over a public network, e.g., institutional intranets and Internet. Public networks provide the capability for a large number of diverse users to establish communication links between each other. A series of servers and switching systems route packets of data between various users based upon addresses using communication protocols such as TCP/IP. Many businesses protect their data from unauthorized access by installing firewalls into their network infrastructure. Typically, a firewall is configured to prevent unidentified users from accessing network data from a remote location. Although firewalls are generally very beneficial for enabling a business to have more control over who accesses its network data, they also have the undesirable consequence. Firewalls provide a strong barrier between private networks and the Internet. Firewalls can restrict the number of open ports, what type of packets are passed through, and which protocols are allowed through.

One solution to secure the transfer of data between senders and recipients over a public network is through a virtual private network. The concept of a virtual private network (VPN) has been developed to satisfy the need for lower cost, efficient networking of dispersed computers. A virtual private network (VPN) is an extension of an enterprise's private intranet across a public network such as the Internet, creating a secure private connection, commonly referred as a "tunnel." Virtual private networking is a widely deployed generic business service offering which provides customers with a closed user group environment across a plurality of physical locations. A VPN securely conveys information across the Internet connecting remote users, branch offices, and business partners into an extended corporate network. A virtual private network (VPN) provides end users a means to securely transport information from an intranet across a public Internet Protocol (IP) network such as the Internet. This is accomplished by creating a secure tunnel between two network entities using security mechanisms such as authentication and encryption. A virtual private network is established on top of an untrusted network such as the Internet by constructing encrypted data transmission channels. By securing communications between the computers, the computers are linked together as if they were on a private local area network (LAN), effectively extending the reach of the network to remote sites without the infrastructure costs of constructing a private network. A virtual private network is typically used to connect distant offices of an organization to each other over the public Internet. All traffic from the local area network of a first office directed to a second office is encrypted by a network element at the first office, sent in encrypted form over the internet to the second office, where a network element decrypts the transmitted data and forwards the decrypted data to the local area network of the second office. To make communication between computers private, VPNs use security methods, such as encryption, to maintain privacy. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee. An Internet-based virtual private network (VPN) is virtual because although the Internet is freely accessible to the public, the Internet appears to the organization to be a dedicated private network.

Virtual private networks may be either hardware or software based. A hardware based system consists of a dedicated processor running any of a number of commercially available or proprietary VPN software packages that perform the necessary VPN functions, such as encryption/decryption and authentication. The VPN is implemented by communicatively coupling a plurality of routers, switches, gateways, and firewalls in one or more local area networks, wide area networks, or internetworks. End stations such as personal computers, workstations, servers, printers, and IP phones are communicatively coupled to the network devices. Although the internetwork infrastructure is public, the end stations are generally associated with one or more unrelated organizations. Hardware based systems are most appropriate for larger organizations because they offer tighter security, and the ability to handle larger volumes of traffic with a dedicated VPN processor. A virtual private network (VPN) is characterized by a set of connections among N nodes. The connections may assume any topology such as full-mesh, partial-mesh, or stars. The connections may be uni-directional, bi-directional, point-to-point or point-to-multipoint, symmetric or asymmetric. VPN connections are usually associated with a set of performance requirements typically summarized in a service level agreement (SLA). The secure private connection, i.e., tunnel, is established between sites, commonly referred to as "nodes." A virtual private network may be configured by having one node designated as the server node and a plurality of nodes designated as client nodes. One of the keys to a VPN system is its ability to "tunnel" through public telecommunications lines so that data or applications are passed only between authorized users. Tunnels are virtual point-to-point connections that offer authentication, encryption, and access control between tunnel endpoints. Tunnels can exist at several protocol layers. Each client node is connected to the server node establishing a plurality of tunnels between the client nodes and the server node. A tunnel definition defines the end points of a tunnel thereby establishing a tunnel. Once the tunnel is established, data may be transmitted between nodes without the risk of interception by unauthorized users through the use of encryption, e.g., preshared keys, public keys. A preshared key is a value that is used to authenticate the nodes of a tunnel. That is, the sane preshared key must be possessed by the two nodes in order to create a tunnel between the nodes.

Related Information about Virtual private network (VPN)