VPN (Virtual Private Network)
A VPN (virtual private network) is a method to use a public telecommunication set-up, such as the Internet, to provide remote offices or specific users with protected access to their organization’s network
Why do we need a VPN?
VPN is very useful for accessing the organization’s machines placed behind firewalls from other networks provides a secure way of extending a network without obtaining leased lines or connecting via a physical medium
- VPN is an encrypted tunnel.
- It encrypts data.
- Its secure traffic across the Internet.
- It transfers your data safe from hackers and attacks
VPNs provide three tools to combat attacks:
- Device authentication
- Packet integrity checking
Types of VPN:
A VPN type describes the type of entities that are involved with the authentic VPN connection. There are 4 general types of VPN:
- Site-to-Site VPNs
- Remote Access VPNs
- Firewall VPNs
- User-to-User VPNs
A site-to-site VPN uses a tunnel mode communication between VPN gateways to guard traffic between two or more sites. This is typically set up as an IPsec network connection between networking equipment. Site-to-site connections are commonly denoted to as LAN-to-LAN (L2L) connections. With Site-to-Site VPNs, a central device at each location provides the protection of traffic between the sites. This protection process, and the transport network active between the two VPN gateway devices, is see-through to the end-user devices at the two sites.
Cisco have the following devices can work for site-to-site VPN’s
- VPN 3000 series concentrators
- IOS-based routers with VPN software
- PIX and ASA security appliances.
Cisco has main features like:
- IOS router has advanced QOS, GRE tunneling, routing, and scalable and advanced VPN S2S abilities.
- Cisco VPN 3000 concentrator Is easy to set up, maintain and troubleshoot.
- PIX Security Appliance firewall Has advanced firewall and security features, which includes stateful filtering, application filtering, and advanced address translation abilities.
Remote Access VPNs
A remote access VPN is a impermanent connection between users and organization, classically used for access to data center applications. This connection could use IPsec, but it is also common to use an SSL VPN to set up a connection between a user’s endpoint and a VPN gateway.
Remote access VPNs typically are used for low-bandwidth or broadband connections between a single-user device. Remote access VPNs typically use tunnel mode for their connections.
With remote access, the traffic requests to be protected from the source to destination device, which verifies the protected information (and decrypts it if it was encrypted). The destination device will receive the unprotected information.
There are 3 basic VPN categories that define where a VPN is used:
An intranet VPN connects resources from the same company across that company’s infrastructure. The VPN typically is an alternative to a leased line
The benefits of an Intranet VPN are as follows: –
- It Reduces WAN bandwidth costs
- It Connect new sites easily
- And Increased network uptime by permitting WAN link redundancy across service providers
An extranet- VPN connects LAN to LAN between multiple firms (such as customers and providers) so that they can work in a shared environment. An extranet VPN connects resources from one company to another company. An example of an extranet could be a company that has outsourced its help desk services and sets up a VPN to facilitate a secure connection from its office to the outsourcing company. The extranet VPN facilitates e-commerce.
The benefits of an intranet VPN are as follows:
- Comfort of Extranet deployment and management.
- Extranet connectivity is installed using the similar architecture and protocols utilized in executing intranet and remote access VPNs.
An Internet VPN uses a public network as the support to transport VPN traffic between devices and to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield browsing activity from snooping eyes on free/public Wi-Fi.
List of some of the more important components that are part of a VPN implementation.
- Address Management
- Application and Protocol Support
- Data Encryption
- Encapsulation Method
- Key Management
- Packet Integrity