VPN Introduction :
VPN (Virtual Private Network) is the one that can solve many day to day issues of our lives. It is helping in including strategic partners and consumers in business to extend enterprise, in making secure the corporate data before transporting it over the internet and in providing isolated users with secure multi-protocol access to corporate inter-nets.
What is a VPN?
Vendors largely disagree. Here you will be provided with significant information on what is a VPN and where it can be used and what are the advantages.
Working in any IT industry extends your working premises. You are not confined to your computer only but to all the other systems present in the local area network. The interconnectivity enables colleagues to share data and to work collectively and of course smoothly. Local area network enables you to meet the task as long as you are on your office chair but once you are out of your chair data is out of your reach. In case you have to take some of your home to work and you have limited time to transfer data to your USB or to email files to your personal account then the situation gets critical as there are possibilities of leaving behind some critical file. You can also take your laptop with you but this is not the solution as your laptop isolates you from your office set up and the programs installed there, and to get the proper opportunity you have to access the local area network set up in your office. Ideal solution in this case is an external network that can enable employees to access the internal network which can be achieved by forwarding ports of local service via firewall. If you expose your ports to the internet your network becomes vulnerable. You can use single port for all services named VPN joined with user authentication and encryption.
Internet has many advantages but also backdrops. Its wideness is its power but also its weakness. It holds promises like e-business (e-banking has already taken place) but there are some hurdles which must be dealt with before transferring business on internet. Mission critical applications were earlier employed by organizations in LANs (local area networks) and WANs (Wide Are Networks) where admittance to a known infrastructure is quite restricted. At the end an infrastructure for private data communication is achieved that has some security, performance and expected applications available.
In public network, most of the deployed applications are mission critical, where it is worth pondering that the success of a business can be at risk or in danger due to the poor performance of an application. It is said that Form Follows Function. Despite of the comforts and/or benefits that an application brings, it remains useless if its functions are not smooth, consistent and reliable. For e-business the unexpected internet traffic can be a huge risk.
Internet is a world that is so enlarged that it has shrunk the gaps. Your security is exposed to more and more risks as your connectivity widens. Even an isolated computer that is disconnected to the internet is also vulnerable and in danger as soon as it comes into physical contact to a person. In case you connect your computer to the internet, the vulnerability of the system multiplies. Data in transport on internet is exposed to session hijacking, spoofing, sniffing and middle attack.
The avail the benefits that are associated with the internet and the risks that automatically spring with it has given rise to a new technology that is known as Virtual Private Network (VPN). These are IP based networks, commonly public internet that securely connects users in corporate network, links branch offices to intranet (enterprise network) and extends the infrastructure of existing computing in the organization so it may include consumers, suppliers and partners by using encryption and channeling. The technology helps in boosting trust on an affordable public network where people can easily build up relationships without compromising security. An ideal VPN is like a private network which is highly available, highly secure and of predictable performance.
There are many types of VPN already available where each day dawns with many more to develop, to market and to deploy. Each of which has specifications that vary with the purpose of utilization.
Goals- Advantages of VPN Servers
Confidentiality, Integrity and Authentication are the three goals of a VPN. We will hereby discuss these approaches one by one.
When any two groups exchange information then confidentiality ensures privacy. Each of VPN gives some sort of encryption. Today’s prime cryptographers are:
- Secret key cryptography; and
- Public key cryptography.
Secret key cryptography employs a key to both encrypt and decrypt messages. Key exchange is a major issue with the key cryptographer as these keys cannot be sent on internet unencrypted.
Public key cryptography makes use of a mathematically linked key pair for both communicating party. It means that in a pair one key can encrypt data which can be decrypt by its counterpart. With recipient’s public key, a sender can encrypt message that will be available in public or server where the recipient can use his or her private key to decrypt the message. Example is Diffie-Hellman public key algorithm used in conjunction with the DES secret key algorithm-Diffie-Hellman.
There are chances that exchanges information can be altered during transit and integrity is there to make sure that no changes have occurred. There are three technologies employed in VPNs for integrity.
One Way Hash Functions: Depending on the arbitrary length input file, it produces a fixed length output value. To calculate the hash value is quite easy where to produce mathematical a file that will hash to the value is quite complicated. Integrity of a file will be authenticated by the recipient by calculating the hash value of a file and to compare that value with the hash value provided by the sender. This enables recipient to judge that the file is unaltered where MD5, SHA-1 and RIPE-MD-160 are has algorithms.
Message-Authentication Codes (MACs): Sender has to create a file and calculate Mac based on a key that will be shared with the recipient and affix it to the file. It adds key to hash functions. Recipient can easily collect the MAC and compared it to the affixed one to determine integrity.
Digital Signatures: It is a reciprocal of data integrity purposes. The digital ‘sign’ of a sender is identified by the recipient by the help of public key of sender.
Identity of all parties that are communicating at a time is identifies by authentication. VPNs employ more than one form to determine whether the resource is a human or a computer.
Password authentication are used in most of the methods. It is the most widely used authentication method these days but it is also the weakest as passwords are guessable and stolen.
Multi factor authentication is comparatively stronger form and uses something that you have in conjunction with something you know. They are like ATM cards that are physically available and can be unlocked by private key or pin.
Digital certificates are also getting popular. They are based on electronic document that is given to a person by a Certificate Authority that takes responsibility for an individual’s identity.
These three technologies that are used to meet authentication, integrity and confidentiality are combined in VPN protocol. IPsec, tunneling and Socks5 are the three mostly used protocols.
By simultaneously addressing critical issues of performance and security, a VPN can be a feasible option to dedicated, private network links. Proper understanding of VPN will lead to making businesses more efficient in the virtual world of tomorrow.