Data Bases • Custom Term Papers • Free Term Papers • Free Research Papers • Free Essays • Free Book Reports • Plagiarism? Links • Top 100 Term Paper Sites • Top 25 Essay Sites • Top 50 Essay Sites • Search 97,000 Papers @ DirectEssays.com • Search 101,000 Papers @ ExampleEssays.com • Search 90,000 Papers @ MegaEssays.com Free Essays • Term Paper Sites • Chuck III's Free Essays • Free College Essays • TermPaperSites.com • My Term Papers • Get Free Essays • Essay World • Planet Papers	Search Lots of Essays Back to Subjects - Computers Virtual Private Networks Virtual Private Networks Virtual Private Networks (VPNs) are an easy and cost effective way to connect two or more networks over the Internet. This is achieved by using encrypted tunnels for security and efficiency. VPNs use encapsulated and encrypted IP packets and transport them across leased Local Area Network (LAN) lines. The benefits of using VPNs are reduced cost overhead, reduced management overhead, and added security (Microsoft Press, 2000). Least network lines are expensive and VPNs reduce then need for extra data connections. This in turn also aids in reducing the amount of overhead associated with managing a network. The added security benefits for a network include encrypted transmission of network data and user authentication. Passing datagrams across the Internet between sites can cause major security risk. When a datagram is passed internally within a private network it is secured behind a router and /or firewall. When datagrams are passed externally outsiders can monitor them as they pass over networks owned by other organizations (Comer, 1995). This can cause great security problems. Unencrypted packet headers contain valuable information about the internal structure of an organizations network. VPNs have overcome the problem of direct Internet access to servers and clients through a combination of the following security components: IP encapsulation, cryptographic authentication, and data payload encryption. For a true VPN to exist, it must contain all three of these components (Strebe, Matthew & Perkins, Charles, 2000). While payload encryption and cryptographic authentication may seem like the same thing, they are not. Cryptographic authentication is used for remote user authentication. Windows and Unix platforms can both provide for this function. While payload encryption is used for encrypting the data that is sent within the packet. An example of data payload encryption is Secure Socket Layer (SSL). SSL can encrypt data without cryptographic authentication of the remote user. VPN cryptographic authentication is used to securely validate the identity of a remote user and determine the level of access and security appropriate for them. It may also be used to authenticate for the exchange of secret or public payload encryption keys. Shared secret or Private encryption keys rely on both parties knowing the keys value. Challenge response can be used to ensure that the hashes of the Private key and not the key itself are transmitted. In addition, one-time password variations can be employed to ensure that the Private key is changed every time that they are used. Before data is encapsulated and sent over the Internet, it is encrypted. This is called data payload encryption. Data payload encryption is used to encode all the contents of an IP packet, both data and header, to hide any information about the nature of the network and data being transmitted. This will prevent any snoopers from gathering information about the network that is sending the packet. Data payload encryption can be accomplished in any one of a number of secure cryptographic methods and will be different depending on the VPN solution that is implemented. In a VPN all traffic between networks should be transparent to the computers. To do this you need to set up a private and protected tunnel through the Internet. Computers outside of the VPN should not be able to view or insert data in the communication stream. IP packets contain all kinds of information like program files, spreadsheet data, network traps, and even other IP packets. This is also called IP on IP. By encapsulating encrypted IP packets the information about the networks and the data being exchanging is reduced to the sending and receiving routers. Just like data payload encryption, encapsulation can be done in many ways depending on your solution. One of the advantages to VPNs is that you can use arbitrary IP addresses. This is because the VPN is hidden from the rest of the world. It is conceivable that an organization can use a few IP addresses assigned to them by their Internet Service Provider (ISP) and create a large network with arbitrary IP address. This is achieved by setting the VPN on both networks and establishing an encrypted tunnel by using cryptographic authentication. . When a computer sends data to another computer on the other end of the VPN it is first a private or public key would then be agreed upon and then the data is encrypted. After that it is encapsulated within a packet and sent to the router of the other network. There the header is stripped off and the data is unencrypted and passed to the computer it was addressed to. At no time are the contents of the data readable to any computer on the Internet. If it where intercepted it could not be read because of the encryption. There are however some security risks that come with this connivance. A firewall with packet filtering, that rejects unknown hosts, is a must to provide security. Secure all remote hosts. It is also advisable to use a single ISP and use a secure network operating system. With the number of IP addresses running out and companies are always trying to save costs. A VPN solution provides an effective and secure method of connecting local area and wide area networks for less traditional methods. This allows for companies and organizations to share resources without having to consolidate locations. Bibliography: References Comer, D. E. (1995). Internetworking with TCP/IP (4th ed.). Upper Saddle River, NJ: Prentice Hall. Microsoft Press (2000) Microsoft Windows 2000 Server Development Planning Guide. Redmond, WA: Microsoft Press Strebe, Matthew & Perkins, Charles (2000) Firewalls 24 Seven. Alameda, CA: Sybex Inc. Word Count: 885
Copyright © 1998-2008 College Term Papers, INC All Rights Reserved. DMCA Notifications and Requests