Вы находитесь на странице: 1из 11

[DOCUMENT TITLE]

[Document subtitle]
Table of Contents
INTRODUCTION ................................................................................................................ 1
Uses of VPN .................................................................................................................. 1
VPN CLASSIFICATION ........................................................................................................ 2
Feasibility Study: .............................................................................................................. 6
Operational Plan: ............................................................................................................. 7
Conclusion: ....................................................................................................................... 9

INTRODUCTION

A VPN, or Virtual Private Network, permits you to make a protected network with another
network over the Internet. VPNs can be utilized to get to limited district sites, shield your
perusing action from prying eyes on open Wi-Fi.
Regularly, while connecting to the web you first connect with your Internet Service Provider
(ISP), which then associates you to any sites (or other web assets) that you wish to visit. All
your web movement goes through your ISP's servers and can be seen by your ISP.
At the point when utilizing VPN, you interface with a server keep running by your VPN
provider (a VPN server) through an encrypted interface (referred as VPN tunnel). All
information going between your PC and the VPN server is secured/encrypted so that only
you and the VPN server see the data.{1}

Uses of VPN
 Access a Business Network during Travels: VPNs are utilized by business voyagers to
get to their business' system, including all its nearby system assets.
 Hide Your Browsing Activity from Your Local Network and ISP: it allows you to
conceal your movements along the web.
 Access Geo-Blocked Websites: Whether you're an American attempting to get to
your Netflix account while going out of the nation or you wish you could utilize
American media, you'll have the capacity to get to these areas limited
administrations.
 Bypass Internet Censorship: Many individuals utilize VPNs to get around the
Firewalls access the whole Internet if they are blocked.{1}

VPN CLASSIFICATION

There are several types of VPN available for any number of usage needs from home
browser privacy to business site-to-site encryption needs. They vary in cost, implementation
complexity, encryption severity, speed and even stability.
Some common VPN types that I will discuss are:{3}
 PPTP
 Site-to-Site
 L2TP
 IPsec
 SSL
 MPLS
 Hybrid

VPN’s are used for Remote Access and Site-to-Site authentication and encryption.
In my research I have learned that VPN’s are most commonly used for remote users to
access a private network over the Internet. While remote access may be the most common,
site-to-site is still very widely used by businesses to connect locations because it is basically
a router to router private ‘tunnel’ through the Internet. In other words, privately
communicating over public networks, which is the goal. By using either of these types of
VPN organizations no longer need to employ long distance leased lines (in the past these
were long distance dial up services as well) in lieu of a leased line to an Internet Service
Provider (ISP){2}.

With site-to-site VPN’s two different private networks, or two different locations of
the same business, are connected over the Internet. This is basically dedicated WAN link. In
this type of link, one router, the client, will ‘call’ the other router, the VPN server, and
authenticate. Then the same authentication happens in reverse to complete a mutual
authentication. This same mutual authentication occurs in remote access VPN scenarios as
well. With remote access connections the initiating ‘call’ is made by a client. This is typically
a single computer connecting to a private network from a remote location. The VPN server,
after mutual authentication, then provides the remote client access to the private network
resources according to the user permissions.

VPN Connecting a Remote Client to a Private Intranet

(TechNet, 2003)1

VPN Connecting Two Remote Sites Across the Internet


(TechNet, 2003)2

Both of these use cases can be applied to a VPN connection across an intranet as well as the
Internet.
VPN Connection Allowing Remote Access to a Secured Network over an Intranet

(TechNet, 2003)3

VPN Connecting Two Networks over an Intranet

(TechNet, 2003)4
PPTP (Point to Point Tunneling Protocol) is the most common type of VPN as it is
used by remote users to connect to private networks{4}. With this protocol, as the name
implies, a tunnel is created that encapsulates all the data communicated. Another reason for
the ubiquitessness of PPTP VPN is that it is widely compatible (Windows, Mac OS,
UNIX/LINUX) and very cheap, or free, as small software packages.

Another common VPN is L2TP (Layer 2 Tunneling Protocol). This was a joint
development of Cisco and Microsoft as a way of extending PPTP with better encryption. To
gain better security L2TP connects the two ends with a tunnel, just as PPTP, and then uses
another VPN to encrypt the connection. This added VPN is generally IPsec. In this way L2TP
can provide secured data and better data integrity versus PPTP.

IPsec (Internet Protocol Security) is a VPN used to secure communication over


Internet Protocol (IP). It does this by session verification and encryption of every individual
data packet from start to end of transfer. IPsec has two communication modes that differ
slightly. One mode is transport mode, which encrypts the message within the data packet.
The other mode is tunneling mode, which encrypts the whole data packet. IPsec uses 256-bit
encryption whereas PPTP uses 128-bit encryption{7}. Because IPsec encapsulates data twice
when used with L2TP it can require greater CPU usage.

SSL (Secure Sockets Layer) is actually SSL and TLS (Transport Layer Security) working
as one protocol. With this connection type a web browser is the client connecting to a web
server providing a secure, private session. This type of secure connection is almost
transparent to the user because web browsers have this built in. You may notice it when you
browse to a web site using SSL that the URL will change from HTTP:// to HTTPS:// and may
even light up green or show a key icon{8}.

MPLS (Multi-Protocol Label Switching) is a type of VPN used mainly in site-to-site


connections. MPLS uses a label-based forwarding method instead of IP based forwarding. In
this type of communication the first router looks up the destination address and determines
the path to it from the source. A label is applied which is used by all the routers on the path
with no IP look-ups needed along the way. At the destination, the label is removed and the
packet is delivered. This allows the route to be specified and predetermined (route
engineering).

In Hybrid VPN’s both MPLS and IPsec are combined with the IPsec VPN appliance
used as a redundancy for backup of MPLS. Connecting these together needs a gateway to
bypass the IPsec tunnel and route it to the MPLS tunnel on the other side, which keeps the
encryption in place. These setups are expensive but more flexible to changes and variations
in communication technologies{2}.

Businesses benefit from VPN’s in many ways. As mentioned above, businesses no


longer need to pay for a long distance line lease because with a VPN setup they only need a
connection to an ISP. Businesses use VPN’s to allow work from remote locations, even other
countries, while still maintaining network security and integrity. The same use account
permissions and restrictions apply because the user is still accessing the network as
him/herself. This last month I have been interacting with an HP engineer that resides in
Philadelphia and works from home. His home office is in Boise, ID where he was always
connected via remote access VPN. Businesses also benefit by being able to connect sites to
each other and/or connect multiple remote sites, each with an office full of users, to a
central corporate location. This site-to-site connection is kept live at all times and is seamless
to the end users. VPN’s are used for cheap (relative to a dedicated physical line) secured
communications by millions of users and businesses worldwide.

All the VPN products described provide a solid and secure network connection
besides guaranteeing security. However, the choice lies on how it might meet the needs of the
organization (Fineberg, 2003). Typically, when making the choice, the organization ought to
consider a wide range of factors which include connectivity requirements as well as client
software and OS support capabilities{1}.

Feasibility Study:
So why would a company want to spend implementing VPN for remote access? Let's say
you want users to be able to work from home. Or maybe someone needs to retrieve a
file while traveling. Without VPN, in order to make resources on the office network
available to users, the network administrator would have to weaken the security of your
network by opening holes in your firewall -- which isn't usually a good idea. Or the
remote user would have to dial in over a phone line, sometimes incurring long-distance
charges.
With VPN, the integrity of your office network remains intact, but you can allow remote
users to act as part of the office network. After connecting over VPN, remote users can
access files, print to printers, and generally do anything with their computers that they
would be able to do in the office{7}.
Still, using VPN is not the same as being in the office. Most office networks are pretty
fast. Most Internet connections are not. Even the fastest DSL and cable connections are
around one-tenth the speed of your average office LAN. This means that accessing
resources on the LAN will be much slower over VPN. It would also depend on the
"upstream" or upload speed of your office's network connection. As opposed to working
on files directly over the VPN connection{5}, it is often more time-efficient to copy them
to your computer over the VPN connection. When you are done working with them you
would copy them back to the file server.

Operational Plan:
To plan a managed IP VPN services offerings, a service provider must first consider if the
proposed offerings match the requirements of the enterprises. Buying criteria do not
differ for technology and services—buying decisions are based to a large extent on a
solution's ability to solve business problems or overcome challenges. Today, the most
pressing enterprise business concerns fall into three areas:
- Protection: Enterprises want to identify and address uncertainties and mitigate risks
whenever possible. Global uncertainty and a declining economy raise questions about
how to be prepared to sustain operations in a challenging environment encompassing
restricted travel, a displaced workforce, loss of resources, new laws and regulations, and
other complications{10}.
- Profits: In today's economic climate, profits have dropped in many sectors and there is
a need to optimize investments and reduce operational costs while continuing to sustain
operations and satisfy customers. Reducing total cost of ownership (TCO) and using
networking technologies to lower costs are current priorities in this area.
- Productivity: The need to increase worker productivity is driving the adoption of on-line
collaboration, customer relationship management (CRM), and workflow automation
applications that can both increase efficiency and strengthen a business' competitive
position. Better access to resources—being able to access resources on demand,
regardless of location—also improves productivity by minimizing wasted time and
allowing remote workers to do something that was previously impossible{9}
Based on concerns about protection, profits, and productivity, enterprises are evaluating
current wide-area networks (WANs) and looking for ways to:
- Consolidate voice, video, and data networks as a means to enable collaboration while
lowering costs
- Move to distributed, regionalized data centers for increased productivity, application
availability, and lowered costs
- Achieve any-to-any connectivity for increased productivity among business offices and
employees, and simplify overall infrastructure support
- Offer secure teleworker solutions that allow workers to access corporate resources
from any location
Accomplishing these types of improvements requires a dependable network foundation
supported by five persuasive, key attributes:
- High availability
- Security
- QoS
- Multicast
- Comprehensive management solutions
These five network attributes repeatedly surface in the questions being raised in today's
enterprises. Today's enterprises will embrace managed IP VPN services when they find
answers to all of their questions and they are convinced that all of the key network
attributes—high availability, security, QoS, multicast, and ease of management—are
more cost-effectively realized by involving service providers. Enterprise requirements
must also be clearly understood by service providers as they relate to network topologies
(moving to full mesh topologies), convergence of multiple types of traffic onto one
network, teleworker access, and overall cost reduction. The following sections cover each
of these topics.

Conclusion:
VPNs are commonly ignored during a vulnerability assessment, due to the myth that they
are inherently secure. While VPNs do provide a means for secure communication, if they
are incorrectly configured they are still vulnerable, just as any other Internet-facing
system. The compromise of a VPN server may have an extremely negative impact on the
organization's business as it may provide unauthorized access to internal company
resources. Thus, organizations should pay special attention to the design,
implementation, configuration and assessment of VPN systems, and ensure a proper
penetration test has been completed.

References

1. Acunetix. (2018). Keeping Web and Database Servers Secure. [online] Available at:
https://www.acunetix.com/websitesecurity/webserver-security/ [Accessed 31 Dec.
2018].
2. Anon, (2018). [online] Available at:
https://www.coursehero.com/file/p6d7ohl/NETWORK-SECURITY-4-Summary-and-
Conclusion-Network-security-is-an-important/ [Accessed 31 Dec. 2018].
3. Dosal, E. (2018). 5 Common Network Security Problems and Solutions. [online]
Compuquip.com. Available at: https://www.compuquip.com/blog/5-common-
network-security-problems-and-solutions [Accessed 31 Dec. 2018].
4. Garden, H. and Hardware, C. (2019). How VPNs Work. [online] HowStuffWorks.
Available at: https://computer.howstuffworks.com/vpn4.htm [Accessed 4 Jan.
2019].
5. Gupta (2019). Virtual Private Network main. [online] Slideshare.net. Available at:
https://www.slideshare.net/KanikaGupta43/virtual-private-network-main
[Accessed 4 Jan. 2019].
6. Rossi, B. (2018). Five years in information security – what has changed? -
Information Age. [online] Information Age. Available at: https://www.information-
age.com/five-years-information-security-what-has-changed-123461477/ [Accessed
31 Dec. 2018].
7. Underwood, J. (2018). The Importance of Network Security. [online]
Info.nutmegtech.com. Available at: http://info.nutmegtech.com/it-insider-blog/the-
importance-of-network-security [Accessed 31 Dec. 2018].
8. Vpnmentor.com. (2019). What is a VPN and Do You Need One?. [online] Available
at: https://www.vpnmentor.com/blog/what-is-a-vpn-and-do-you-need-
one/?keyword=what%20is%20vpn&geo=9056927&device=&keyword=what%20is%
20vpn&campaignID=1358988612&matchtype=e&adgroupID=53229198366&adpos=
1t2&extension=&kwd=aud-406415361482:kwd-
49355860&location=&geo=9056927&matchtype=e&device=&ad=264691561094&pl
acement=&adposition=1t2&gclid=Cj0KCQiApbzhBRDKARIsAIvZue8KG4sKJcWdqp2eS
--PoBWVuIH0vEnVPNRygNeR8nfy3tgCEeK5c7MaApzZEALw_wcB [Accessed 4 Jan.
2019].
9. Vpnoneclick.com. (2019). Types of VPN and types of VPN Protocols - VPN One Click.
[online] Available at: https://www.vpnoneclick.com/types-of-vpn-and-types-of-vpn-
protocols/ [Accessed 4 Jan. 2019].