A VPN (Virtual Private Network) is a virtual computer network that exists over the top of an existing network. The purpose of a VPN is to allow communications between systems connected to the VPN using an existing shared network infrastructure as the transport, without the VPN network being aware of the existence of the underlying network backbone or without the VPN interfering with other network traffic on the backbone. A VPN between two networks is often referred to as a VPN Tunnel.
Most VPN technologies can be separated into two broad categories, Secure VPNs and Trusted VPNs.
Secure VPNs are designed to provide information security features such as authentication and confidentiality and are often used to secure traffic travelling over the Internet. Secure VPNs may be implemented by organizations wishing to provide remote access facilities to their employees or by organizations wishing to connect multiple networks together securely using the Internet to carry the traffic. A common use for Secure VPNs is in remote access scenarios, where VPN client software on an end user system is used to connect to a remote office network securely.
Trusted VPNs are commonly created by carriers and large organizations and are used for traffic segmentation on large core networks. They often provide quality of service guarantees and other carrier-grade features. Trusted VPNs may be implemented by network carriers wishing to multiplex multiple customer connections transparently over an existing core network or by large organizations wishing to segregate traffic flows from each other in the network.
Trusted VPNs differ from Secure VPNs in that they do not provide security features such as data confidentiality through encryption. Secure VPNs however do not offer the level of control of the data flows that a Trusted VPN can provide such as bandwidth guarantees or routing.
Some other types of VPN may not fit neatly within these two categories. For example, an end-user managed GRE tunnel may not necessarily use encryption to protect the tunnel contents. L2TP can also be used to tunnel traffic from a network access server to another location without enforcing encryption.
Clients and Servers
A VPN server is a piece of hardware or software that can acts as a gateway into a whole network or a single computer. It is generally ‘always on’ and listening for VPN clients to connect to it.
A VPN Client is most often a piece of software but can be hardware too. A client initiates a ‘call’ to the server and logs on. Then the client computer can server network can communicate. They are on the same ‘virtual’ network. Many broadband routers can 'pass' one or more VPN sessions from your LAN to the Internet. Each router handles this differently.
VPN Software
VPN ‘server’ software is rather rare. Windows Server level operating systems like ‘Windows 2000 Server’ have a ‘VPN server’ built in. I know if no software products priced for home or small business that allows you to set up a VPN server.
VPN ‘client’ software is much more common. When loaded on your computer, this software allows you create a secure VPN tunnel across the Internet and into another network fronted by a VPN server.
VPN Languages
There are two major 'languages' or protocols that VPN's speak. Microsoft uses PPTP or Point to Point Tunneling Protocol and most everyone else uses IPSec - Internet Protocol Security. Most broadband routers can pass PPTP traffic by forwarding port 1723 but IPSec is more complex. If your router does not explicitly support IPSEC pass through, then even placing your computer in the DMZ might not work.
PPTP has 'good' encryption and also features 'authentication' for verifying a user ID and password. IPSec is pureley an encryption model and is mutch safer but does not include authentication routines. A third standard, L2TP is IPSec with authentication built in.
Broadband Routers with VPN Servers
Until recently, VPN server hardware was VERY expensive. As home networks become more sophisticated, the demand for home level VPN’s increase. At the end of 2001, the home network industry responded by adding VPN servers into some broadband routers. These products are often priced at under $300 (us) and some are as inexpensive as $170.
VPN functionality is very processor intensive and most broadband routers have somewhat slow processors in them. Broadband router based VPN servers are often limited in throughput because of their microprocessors. Most have a maximum VPN throughput of around .6Mbps or 600Kbps.
No comments:
Post a Comment