VPN (English version)

From ICO wiki test
Revision as of 10:24, 5 May 2017 by Ccataldo (talk | contribs)
Jump to navigationJump to search

VPN (Virtual Private Network)

A VPN or Virtual Private Network enables users to send and receive data across shared or public networks as if their computing devices were directly connected to a private network. It is a method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. VPNs are most often used by corporations to protect sensitive data.

Individual Internet users may secure their wireless transactions with a VPN, to circumvent geo-restrictions and censorship, or to connect to proxy servers for the purpose of protecting personal identity and location. However, some Internet sites block access to known VPN technology to prevent the circumvention of their geo-restrictions.

A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. A VPN available from the public Internet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resources available within the private network can be accessed remotely.[1]

VPN solution Benefits

Users or business partners in a secure network and information exchange is crucial for many organizations. Some VPN advantages are:

  • can be used to transfer data between different public networks, being independent of the data transmission protocol;
  • ensure the data is supported by many VPN solutions for a variety of encryption and authentication protocol;
  • remote users can connect from across the organization's network;
  • can also be ordered from the relevant service providers. However it is important to make sure the reliability of the service.

Creating tunnel

In the form of a virtual private network is a secure solution for exchanging information between trusted parties, which are not open to public traffic. Remote users and different applications are able to connect through a private tunnel.

VPN tunnel creates a logical network connection between the terminal equipment that is not necessarily the physical topology alongside one another. In this connection, according to a VPN kapseldadakse format generated network packets, or the necessary basic transport protocol and sent to the VPN server. Encapsulation is removed from the target point.

Some protocols to create VPN tunnels are:

  • IPsec (Internet Protocol Security) - developed by the IETF and implemented at the network layer of the OSI model (Network Layer). This is a collection of various security measures, which uses a variety of cryptographic protocols for data confidentiality, integrity, authentication and key management reasons;
  • GRE (Genaral Routing Encapsulation, RFC 1702 , RFC 2784 ) - Originally developed by Cisco protocol which is able to encapsulate several different protocols packages;
  • PPTP (Point-to-Point Tunneling Protocol, RFC 2637 ) - acts as a transmission layer of the OSI model (the Data Link Layer). The data is encapsulated in the PPP (Point to Point Protocol) packets, which are encapsulated into IP packets. PPTP supports data encryption and packing and use the GRE protocol to transfer data;
  • L2F (Layer2 Forwarding) - acts as a transmission layer of the OSI model. L2F does not have the encryption option and has been replaced by L2TP;
  • L2TP (Layer2 Tunneling Protocol, RFC 2661 ) - acts as a layer of the OSI model, data transfer, a Microsoft PPTP and Cisco L2F protocols properties.

VPN types

Technology

Trusted VPN transfers encrypted data through your ISP for leased lines. Privacy ensures the service promise that through rented channels provide a single customer data. Thus, depending on the data confidentiality and integrity of customer data against the service provider's discretion. One of the best known solutions is the VPN protocols entrusted MPLS (Multi-Protocol Label Switching)

Secure VPN transmits encrypted data over public networks. The data is encrypted in the device or the home network gateway, and the encryption is removed according to the destination gateway or terminal equipment. Encryption behaves destinations between the tunnel, even if a third party to connect monitors, they lack the ability to read and modify data. Some secure VPN protocols to be used are:

  • IPsec with encryption;
  • L2TP over IPsec encapsulated;
  • SSL encryption.

Usage

The two most common types of VPN use is the Remote-Access VPN and Site-to-Site VPN.

Entrance VPN (Remote Access VPN), sometimes known as a virtual private dial-up (virtual private dial-up network, VPDN), is the user and the LAN connection between organizations, which are used to connect remote users to the network. Entrance VPN uses a client-server architectures, in which a remote user VPN client acquires the rights to the entrance to a network through a network of peripheral areas of the VPN server. Because the remote user võrgusätestused often not static, is responsible for initiating a VPN session, the remote user equipment is located in VPN client. 11

Site-to-Site solution, is mounted between the networks and the static VPN connection NETWORK terminal devices are not aware of the existence of the VPN. VPN gateway is responsible for the TCP / IP packet encapsulation and encryption for. Site-to-Site VPN is divisible into two:

  • intranet VPN, mainly for the larger companies and is designed to connect the company's departments, secure channel using a single network headquarters;
  • extranet VPN, for customers and partners to secure the connection to companies place by linking networks.

Hybrid VPN (Hybrid VPN), it is possible to transmit encrypted data through a leased line. Since the trusted and secure the use of a VPN are not mutually exclusive, the VPN is a hybrid of the technologies for making a parallel implementation.

Other Details

References

[1] Microsoft Technet. "Virtual Private Networking: An Overview".



Author: Christian Cataldo

Curriculum: Cyber Security Engineering

Group: C11

Date created: April 9, 2017

Last modification: April 9, 2017