Databases Reference
In-Depth Information
3.A
What is a VPN?
A Virtual Private Network (VPN) utilizes existing communication services
and infrastructure to create a communication environment where access
privileges are restricted to permit peer communication only within a well-
defined community. More specific to this chapter and topic, an Internet-
based VPN uses the Internet as the communication infrastructure and
employs various protocols, systems, and services to tunnel private informa-
tion between endpoints over the public Internet.
A VPN is used in environments where you need to extend your internal
network to include users and systems that are not physically located within
your internal network. This can include mobile users, people working from
remote offices, or any other scenario that would require you to use a Wide
Area Network (WAN). In this case, it is often most economical to use the
public Internet, and one of the thorny questions is how that is accom-
plished without letting anyone on the public Internet have access to your
internal network.
VPNs support all of these scenarios by using various authentication,
authorization, and encryption technologies. Without going into too much
detail, VPNs tunnel sensitive communications over the public Internet, as
shown in Figure 3.A. Inside the tunnel the communications are similar to
the type of communications that occur on your internal network. However,
all of these communications are encrypted as part of what the VPN end-
points do. Also, in order to participate in a VPN session, you need to have a
certain key that allows you to authenticate with the VPN endpoint, making
sure that unauthorized users cannot become part of the VPN.
There are three main components in a VPN solution: security gateways,
security policy servers, and certificate authorities. Security gateways sit
between public and private networks and prevent unauthorized access to
the private network. Gateways are responsible for tunneling. They encrypt
communications before they are transmitted on the Internet. Security gate-
ways for a VPN fall into one of the following categories: routers, firewalls,
integrated VPN hardware, and VPN software:
Routers have to examine and process every packet that leaves the
LAN, and they can be a good VPN enabler—this is the Cisco view of
the world.
Many firewall vendors include a tunnel capability in their products.
Like routers, firewalls must process all IP traffic—in this case, to pass
Search WWH ::
Custom Search