What is VPN (Virtual Private Network)?
A virtual private network is a network that allows transmission of data securely by providing access to the intended recipients only. The ultimate goal of this virtual private network is to provide data security over internet. This is a significant private network that resists from data hacking and improving internet standards through quality of service with help of encryption technologies. This virtual private network is utilized in intranets, remote access, internets and extranets also to ensure security. There are many technologies introduced by virtual private network to protect the flow information in different networks. Among those IPsec (Internet Protocol Security) has occupied immense significance that made internet very standard for data transmission.
Virtual private network is defined as “It is a private network where privacy is introduced by method of virtualization and this could between two end systems, two organizations, among several systems within organization or multiple organizations across global internet and among individual applications”. VPN will allow protected encrypted connections between remote locations of organization and its users through a service provider. In order to promote security, VPN requires firewall and using both in conjunction may give rise to difficulties. VPN server is installed on present firewall that is available with company’s network rather making different configurations. This facilitates VPN serving remote networks for traffic encryption, allow firewall to restrict inbound access from internet and allowing firewall to access internet all three activities at solo point. There is another opportunity to for using firewall with VPN server that is using both in parallel. In this mode firewall in a network will make packets to be received by VPN machine. This transfer of packets to VPN can be done by placing router among these VPN, firewall and network machines. Apart from this VPN can be configured with its own firewall and implement it for the communication network of organization.
Types of VPN
There are two types of VPN, site to site and remote access where site to site VPN allows whole networks to connect with every other. Intranet VPN and extranet VPN are comprised under this site to site virtual private network. Intranet VPN is used for a network that posse’s regular network infrastructure across different LAN. These intranet virtual private networks will secure strong confidential data transmission through perfect encryption and support upgradable feature as there are chances for addition of new users in this network. Extranet VPN will utilize internet as base and the security here is assured for wider range of users and for corporate companies possessing many branches. The security in case of large scale of locations can be acquired through internet protocol security of VPN. The remote access VPN is associated for corporate users to obtain connectivity of their organization network through various types of connections. In remote access private networks the authentication is more considered than that of security because, access is for corporate communications and data transfer.
Advantages of VPN
Cost savings: The organizations approaching VPN will exploit universal internet for acquiring the connectivity of their corporate site to users and all their branches that are located remotely. This network will evade cost inefficiencies that are spent for wide area network links across the locations company is present.
Security: Security is the major and significant feature of virtual private network that assists organizations to enable secured data transmission over the network irrespective of user, client or their employee accessing it. The advanced encryption and authentication protocols used in these private networks will ensure privacy, security of data transfer and accessibility from illicit access.
Scalability: The virtual private network will assure for flexibility of including new users in network. This is achieved because VPN make use of internet infrastructure in internet service providers that allows scalability possible. This feature turns an added benefit for corporate companies to widen their users scale across network without any additional changes for infrastructure.
Compatibility with broadband technology: The compatibility with broad technology is another benefit these private networks are providing. VPN technologies will enable users like mobile workers accessing their corporate sites connecting remotely. This is made possible because VPN supports service providers of broad brand through cables or DSL.
VPN enabling technologies and protocols
The following are various technologies used by virtual private network to ensure transmission of data confidentially.
Internet protocol Security (IPsec): IP sec is introduced to promise information transfer securely over internet possessing unprotected IP arrangement in layer three of OSI. Internet protocol security ensures data integrity, privacy through encryption and authentication for accurate authorization in network. All these factors never allow intended intruder to hack data and make changes for confidential data transmitted. Authentication header (AH) and encapsulated security payload (ESP) are two security protocols used by IP sec for providing its services. Authentication header will look after data packets integrity that is transferred in network along with authentication restricting hacking. This will not support any encryption and this authentication header is added in front of every data packet that restrains information sent. ESP acquires data privacy besides integrity and packet authentication. This privacy is equipped using algorithms that are assigned at source and destination hosts. The security of IP through IP sec is done by key management that can be automatically set or manually set up.
Point to point tunneling protocol (PPTP): ‘’PPT protocol is an OSI layer two protocol’’ that used to acquire connectivity to internet through dial up. Connection can be established by dialing internet service provider by users through this PPTP. This point to point protocol will provide internet connection for remote users where from each client a virtual network is organized with session. The authentication and encryption are mutually provided for this protocol that includes IP header, GRE header, PPP header and encrypted PPP information. IP header is to ensure authentication for data transmitted through frames. GRE header controls traffic for carrying PPP data packets. The data wrapped within packet is subjected to encryption and encrypted codes of PPP frame as well as GRE header values are stored in IP header along with source and destination addresses. Once the destine host having PPTP server will detect IP header and GRE to decrypt data encapsulated.
Layer 2 tunneling protocol (L2TP): This protocol is enables the PPP frames wrapped to be transmitted through internet protocol or other networks. This is made possible as multiple connections are allowed over single tunnel and the protocols that can be used simultaneously on OSI second layer. The authentication of this L2TP is similar to that of point to point protocol which allows data subjected to encapsulation. As it is combination of both PPTP and L2F (layer 2 forwarding) the data of PPP frames are wrapped and stored in PPP header along with L2TP header. Once again entire information of this L2TP is encapsulated and stored in UDP header along with source, destination addresses. Finally, all these individual encapsulation are collectively wrapped up into IP header and in parallel obtaining source, destination IP addresses of VPN server and client.
Secure socket layer or Transport layer protocol (SSL/TLP): “This is a transport layer protocol”. This protocol has different cryptographic abilities that assure data integrity, privacy and security. It requires a web browser that is initiated virtually on every computer that allows protected channel among network and remote system. The SSL VPN server is only required which is capable enough to acquire security. The authentication is achieved by this protocol through digital certificates at time of hand shake between client remote system and server. Keys are established in process of hand shake for further encryption that is done in period of remote access. This protocol in virtual private network is considered as “self signed digital certificate” which is not enough conviction capable for web browsers.