A Virtual Private Network (VPN) is a private network that extends through an encapsulation process and in some cases encryption, data packets from different remote points, using public transport infrastructures. The data packets of the private network travel through a tunnel defined in the public network.
In the case of remote access, the VPN allows the user to access their corporate network, assigning their addresses and privileges to their remote computer, even if the connection has been made through a public Internet access : Sometimes, it may be interesting that The communication that travels through the tunnel established in the public network is encrypted to allow greater confidentiality.
The VPN uses Protocol Point Tunneling (PPTP, Point-to-Point Tunneling Protocol) or Tunneling Protocol level two (L2TP, Layer Two Tunneling Protocol) through which can be accessed safely to resources of a network when connecting to a remote access server through the Internet or another network. The use of private and public networks to create a network connection is called a virtual private network, Virtual Private Network.
Factors To Consider
VPNs can be established using devices dedicated to this appliances task or also through the use of software running on servers. Microsoft provides VPN functionality on its Microsoft Windows 2003 and Microsoft Small Business Server servers .
It is very important that the equipment used to establish VPNs and Firewalls have their operating system hardened ” hardened ” This means that all those functionalities are removed that are not critical for the system. In some cases the manufacturer even demolishes the GUI graphic interface. The purpose of hardening the operating system is to reduce the vulnerable points and limit the capacity of an eventual intruder to exploit these vulnerabilities through services that run at the operating system level and are not configured properly. In other words, the less modules the OS has loaded, the harder it will be to find a vulnerable point.
Appliances are a good example of a hardened operating system, as they are built specifically for a job, the manufacturer customizes the operating system embedded in the machine (Normally Linux ) and on this Mini- Kernel mounts all the functionality of the Appliance .
These Boxes are designed from the beginning with an objective in mind and both its memory and processor and architecture are optimized for the work of VPN tunnel or Firewall as appropriate.
Advantages And Disadvantages Of VPN
Few Advantages Of VPN
The main advantage of using a VPN is that it allows us to enjoy a network connection with all the features of the private network that we want to access. The VPN client fully acquires the status of a member of that network, thereby applying all the security guidelines and permissions of a computer on that private network.
Thus, the information published for that private network can be accessed: databases, internal documents, etc. through public access. At that time, all Internet access connections from the VPN client computer will be carried out with the resources and connections that the private network has.
Few Disadvantages Of VPN
Among the disadvantages, a higher load on the VPN client can be mentioned, since it has to perform the additional task of encapsulating the data packets once again. This situation is aggravated when, in addition, an encryption of the data is produced that causes a greater slowdown of most connections.
There is also greater complexity in data traffic, which may have undesirable effects on changing the numbering assigned to the VPN client and that may require changes in application or program settings (proxy, mail server, name-based permissions and IP number).
Basic Requirements Of VPN
- User Identification: The VPN must be able to verify the identity of the users and restrict access to the VPN to those users who are not authorized. Likewise, you must provide statistical records that show who accessed, what information and when.
- Address Management: The VPN must establish a client address on the private network and make sure that the private addresses are kept that way.
- Data Coding: The data to be transmitted through the public network must be previously encrypted so that they cannot be read by unauthorized clients of the network.
Key Management: The VPN must generate and renew the encryption keys for the client and server.
- Support For Multiple Protocols: The VPN must be able to handle the common protocols used in the public network. These include the Internet Protocol ( IP ), the Internet Package Exchange ( IPX ) among others.
Examples Of VPN Programs
- Hamachi: It ‘s free application (freeware) virtual private network framer capable of establishing direct links between computers that are under firewalls of NAT without requiring any reconfiguration (in most cases)
- Cisco VPN Client: The VPN client software Cisco supports connections IPSec to Cisco VPN concentrators. This VPN software application runs on Windows , Linux and Mac OS X.
- OpenVPN: OpenVPN is an implementation of virtual private networks that allows remote access of workstations in encrypted form through secure tunnels
- Shimo 2: Apple Mac OS includes built-in support for virtual private networks. Shimo is a GUI client for Mac OS X computers . The latest Shimo version 2 works as a substitute for the Cisco VPN client on Mac computers and is compatible with others such as PPTP , L2TP and SSH VPN-based technologies including Hamachi and OpenVPN .
- Tinc VPN Daemon: It is an IPSec VPN software solution for Linux networks. The active development of FreeS / WAN has stopped, making this solution of interest primarily to students and researchers.