Virtual Private Network - VPN

This is a theme that is quite complicated to explain in general due to its great level of complexity and variety of technologies that can be used inside of VPN. There is a huge number of shortcuts with unknown meaning for ‘mortals’ who have only just begun exploring different IT that exist out there in the world. The point of this article is to try and simplify the explanation for the VPN as much as it can be done so that everyone understands it, including those with lousy dictionary about information technologies.

In general what is a VPN?

Well a Virtual Private Network is connection between two or more subjects, which are connected between them using open communication resources, like the Internet, but taking the advantage of keeping the data secret for the users of the VPN. However this wasn’t always so as before, on the beginning of establishing such connection major companies have used private lines which are isolated from other WAN, used then and they had only one purpose and that is security. However maintain and having such lines has become too expensive and not affordable at all, except in special cases, but 99% of the market that uses VPN have now started to use this type of VPN. However, due to these special cases, this number won’t probably ever go to 100%, and it can go only down. VPN are very useful if you want to establish connection to another user which can be 100m away or 100, 1000 km far away. Everything has a price that has been proven long ago.

The major problem here is the sensitivity of the data that is transferred from point A to point B and in reverse. Using private lines such things are impossible to happen that is to be exposed and the data is secure for transfer. But this type of connection can sometimes become too expensive and unaffordable, and that is why almost everybody is turning to the new VPN technologies of nowadays in search for security, efficiency and affordability. The point of using VPN is creating a tunnel, whether it is virtual or physical it depends on you, and then using that tunnel to transfer the necessary data from one location to another, using specific rules of maintaining security. VPN represents a firewall for any type of user that wants to login and become a part of a specific VPN, whether his location is inside a company in which the VPN is set, or at a client’s or employees home.

To be able to access the wanted connection, you must go through a series of different security checkouts: Authorization, Authentication, Data encryption and Packet filtering.

• Authorization - is used for determining the users that have already been earlier determined as authorized for access using their routers.
• Authentication - This is a vital security concern. Authentication takes place at two levels:
• Machine-level authentication – when IPSec protocol is used for a VPN connection, machine-level authentication is performed through the exchange of machine certificates during the establishment of the IPSec connection.
• User-level authentication – before data can be sent over the PPTP or L2TP tunnel, the user must be authenticated. This is done through the use of a PPP authentication method.
• Data Encryption – this is a protocol that is used for securing the data that is about to be sent over an established connection. You don’t have to secure your data through encryption, however this option is mostly out of the question. Note that data encryption for a VPN connection does not provide end-to-end security (encryption), but only security between the client and the VPN server. In order to provide a secure end-to-end connection, the IPSec protocol can be used once a VPN connection has been established.
• Packet filtering – in order to enhance security of the VPN server, packet filtering must be configured so that the server only performs VPN routing.

Multiple types of VPN

Trusted VPN can be explained very easily as their security lies not in the hands of the creator of the VPN than in the provider of the connection that is within the hands of the ISP. The data that is sent through the Trusted VPN is monitored by the ISP (Internet Service Provider), which has the obligation of creating a series of checkouts in terms of security so no third party users can access the data you want to protect from unwanted guests. The ones that are able to access the VPN are determined before its creation, so that later no one can access, manage, change or do any type of action with the data or VPN itself if he or she isn’t a client of the VPN. The technologies used are divided into Layer 2 (Circuits ATM (Asynchronous Transfer Mode); Transmission circuits; Layer 2 transport over MPLS) and Layer 3 (MPLS with limited distribution information of the route through BGP (Border Gateway Protocol)). MPLS stands for multiprotocol layer switching.

However the necessity for a greater level of security has not been sufficient with the Trusted VPN, and there for a greater level of security has been established for the data that have been sent over the internet, so that only the receiver and sender can read them. This type of connection is called Secured VPN. This manifest has been called ‘tunneling’ as the data that is encrypted, even if accessed by a third party, it can’t be read and in such case the receiver will be notified and warned by possible interference in the sent data by a third party. Basically the biggest advantage of this type of connection is that not only the encryption is unreadable for any type of users out there, but also for those who have the luxury of possessing one of the supercomputers, as even they can’t decrypt it without the proper set of encryption keys. All traffic on a Secure VPN must be encrypted and authenticated. Many of the protocols used to create secure VPN networking allow authenticated but are not encrypted. Although such a network is more secure than a network without authentication, it cannot be regarded as a VPN because it protects privacy. Technologies used by Secured VPN: IPsec with encryption in each tunnel; Internal IPsec L2TP; SSL 3.0 or TLS encryption.

Hybrid VPN - basically what you have is the combination of the two previously mentioned examples Trusted VPN and Secured VPN, which integrates some of the security protocols of Secured VPN to the Trusted VPN. So part of the package is security and that is settled there, but from the Trusted VPN it gets the QoS (Quality of Service) with the providers that satisfy the its standards, but also the new Trusted VPN gives you an easier way to create a VPN on a larger scale. However this technology is pretty much in the test phase and still needs to be examined to determine which is the best possible configuration for a specific type of users.

Besides the huge number of protocols that are used to create and implement VPN, like the PPTP, L2TP, and other layer 2 and layer 3 protocols, the main goal for using VN are cost reduction of a company that uses VPN, globalization of the companies network, making it accessible from anywhere around the world and still secure for using those data from anywhere, reduction in the time spent on transfers for data that are huge, support at any time that you might need it, and so forth…

This was an example how to use a VPN for companies, who deal with sensitive data, but nowadays you will encounter many examples for the creation of VPN between two standard PC users, for the same or similar reasons, which is a pretty good indicator of how far and fast this technology has evolved in twenty years. 1990 was the end of the expensive private connections and today the virtualization technology has almost archived the same result when separate private communications lines where used.

TAGS: