When it comes to deploying a highly secured and reliable data transmission system to meet the inter-organization and intra-organization communication needs, most organizations choose to adapt one among 3 types of networking techniques; Private Network, Hybrid Network and Virtual Private Network. In this post, we will look at each network type, and discuss Virtual Private Network, VPN tunneling, techniques & types of VPN and how to create and setup a VPN network.
Before we get to VPN, let’s take a closer look at private and hybrid networks.
Private Network is actually an isolated LAN that uses private IP address space to share data between connected nodes. In private network, applications and data portals (used to manage the communication), are designed to make the whole data exchange process secure from outsiders. Private Network is suitable for organizations where all nodes are present in one place. If private network is to be deployed for multiple sites at different locations, organization may need to purchase a dedicated line for communication followed by private network management system to address the connectivity, data exchange and data transfer speed issues.
Hybrid Network architecture is particularly deployed to communicate with organization’s site offices and access global WAN for exchanging data and communicating with public. As the name hints, it combines both private and public network techniques to communicate with public as well as secure intra-organization communication from external sources. The Hybrid Network routes all the intra-organization communication and data exchange via private network, while rest of communication, and data send and receive requests are routed through public network links. Just like Private Network, the deployment of hybrid network for multiple sites require leasing a dedicated line for private communication and designing a data exchange management system.
Why Organizations prefer VPN?
The Private Network ensures the security of data which is to be sent & received as well as fast data transfer speed. This simple network architecture requires using one dedicated line to send and receive classified information, but after deploying a Private Network, a public network for inter-organization communication is required. This begets the need of Hybrid Network, which is a combination of both Private and Public network. Hybrid Network uses two dedicated lines for public and private communication. For instance, If an organization has 4 sites, it needs to purchase a highly secured data transmission line to link all sites and design a central data repository to conveniently manage the communication, while the public link is used to access public WAN (internet) for inter-organization data transmission. Since Hybrid Networks need two separate channels for public and private data exchange, many organizations opt-in for Virtual Private Network.
VPN (Virtual Private Network)
As mentioned earlier, private and hybrid networks are expensive and require purchasing separate lines for using private IP address space in order to communicate with connected nodes. VPN technology greatly cuts the cost of deploying public and private network, as it enables organizations to use global WAN for both public and private communication. The reason why it’s called virtual is that it doesn’t require physical private network to secure the data transmission. The network is physically public but virtually private. The VPN technology uses staunch encryption to protect data transmission channels from external data theft and like attacks; it uses IPsec, L2TP, PPP, PPTP etc. tunneling techniques to ensure not only data privacy but authentication and integrity as well.
How VPN works
The VPN network is quite akin to simple server/client architecture, where the server is responsible for storing and sharing encrypted data, providing gateway to initiate intra-organization communication and authorizing clients connected with the network, while VPN clients, just like clients in isolated LAN, send requests to server for retrieving shared information, establish connection with other clients on VPN and process secured information using provided application.
What makes VPN end-to-end communications different from simple LAN environment is Tunneling. You can think of it as a tunnel in the internet cloud through which the send and receive data requests travel.
The Tunnel is actually just a concept that helps us better understand the VPN network dynamics. When you initiate communication or send data over VPN network, the Tunneling protocol(s) used by the VPN network (like PPTP, L2TP, IPSec etc.) wraps up the data packets into another data packet and encrypts the package that is to be sent through the tunnel. At receiver’s end, the tunneling device/protocol deciphers the package and then strips the wrapped data packet to read and access the original message and reveal the source of packet and other classified information.
Compulsory And Voluntary Tunneling
The classification of Tunneling is based on the source that initiates the connection. Based on the source, there are primarily two types of Tunneling – Compulsory Tunneling and Voluntary Tunneling. The Compulsory Tunneling is initiated by Network Access Server without requiring user’s input. Moreover, VPN clients don’t have access to information on VPN server, since they are neither responsible nor in control of connection initiation. The compulsory tunneling acts as an intermediary between VPN server and clients, and responsible for authenticating the client and setting it up with VPN server.
The Voluntary Tunneling is initiated, controlled and managed by user. Unlike Compulsory Tunneling which is managed from carrier network, it requires users to establish connection with local ISP followed by running the VPN client application. You may have used numerous VPN client software that create secured tunnels for a specific VPN server. When VPN client software attempts to initiate a connection, it targets a specific or user-defined VPN server. Voluntary Tunneling requires nothing more than installing an additional tunneling protocol on the user’s system, so that it can be used as one end-point of the tunnel.
VPN Types & Technologies
PPTP (Point-to-Point Tunneling Protocol) VPN is one of the most simple VPN technologies, which uses the ISP provided internet connection for creating a secured tunnel between client and server as well as client and client systems. PPTP is a software based VPN system; you may know that Windows OS has built-in PPTP, and all it needs to connect with VPN network is a VPN client software. Although PPTP doesn’t provide encryption and other security features essential to make data exchange processes confidential (Point to Point Protocol does that for PPTP), Windows natively implements authentication and encryption with PPTP to secure the data packets. The advantage is that it doesn’t require purchasing extra hardware for implementation, and client can employ provided software to connect with VPN. Nevertheless, the drawback is that it relies on Point-to-Point protocol for adding security to data packets, so before data packets start traveling through the tunnel, they can be deciphered by external sources.
SSH Tunneling (Secure Shell Tunneling), as the name implies, uses secure shell protocol to create a tunnel for transferring data from one end to another. The biggest advantage of SSH based tunneling is that it bypasses the internet firewalls. Organizations (which want to compel their workers to use dedicated proxy servers for accessing public websites and data portals) use SSH protocols to route all traffic from dedicated servers. It’s quite different from SSL based VPN technique, where HTTPS protocol is enforced on applications, communication management system, web browsers etc, to secure the transmission from prying eyes. It creates a secure session for connecting servers from web browser and doesn’t need additional devices to configure VPN network, as only HTTPS protocol is required to initiate communication between two ends.
Developed by IETF, IPSec’s responsibility mainly includes securing the (IP) Internet Protocol communication between end points of VPN tunnel. The data packets that pass through IPSec get encrypted with AES, DES or 3DES. Moreover, it provides both compression and authentication at network level. IPsec VPN technique uses tunnel instead of transport mode. Before sending data, it encapsulates IP packet into a new IPSec packet, ensuring the confidentiality of data packet. It adds an additional IP header, along with ESP (Encapsulated Security Payload) header to add security policy and provide encryption to original data packet. Apart from ESP, it uses AH (Authentication Header) as a sub-protocol to apply additional security layer to original data packet; this prevents third party interferences and IP spoofing.
Microsoft, in conjunction with Cisco, developed an alternative to PPTP, known as L2TP (Layer to Tunneling Protocol) to provide data integrity. It must be noted the L2TP, just like PPTP, doesn’t provide encryption and relies on PPP (Point-to-Point Protocol) to encrypt the data packets. L2TP tunneling adds L2TP data header to original payload and transfer it to end point in UDP datagram. Apart from Point-to-Point protocol, the confidentiality, authentication and encryption can be achieved by using IPSec at network layer.
How to Create & Setup VPN
There are arguably endless ways in which an organization can create a VPN network for their clients, customers and sponsor companies to fearlessly share private information and provide gateway to their internal network(s). Leaving that large scale VPN network architecture aside, if you want to create a VPN network on small scale for connecting your PCs with a friend’s home network, you can use previously featured Gbridge. It’s a free VPN solution that lets you setup your very own virtual private network, so you can remotely connect with others’ private networks.
Connect With Remote VPN Network (Office VPN)
Like previous Windows versions, Windows 7 also provides a simple way to connect with VPN server. If you’re planning to connect with your Office, PPTP/L2TP VPN network, you can use Windows VPN client for establishing connection. Here’s how to do it.
Before you start off, make sure that you have configured the additional devices as instructed by your network administrator. Now open Network & Sharing Center, and click Set up a new connection or network. It will open the connection wizard. Now select Connect to a workplace option and then hit Next.
In the next step, choose the connection you want to use to connect with your office VPN. It lets you connect with VPN network using your current connection or the destination’s phone number.
The next step requires entering the information provided by the administrator. Here, you need to enter the IP address or domain along with destination name. Windows 7 also lets you enable VPN connection for other users and use smart card for authorization.
Clicking Next will open the last step of the wizard. It requires username and password assigned by your office network administrator.
When done, click connect to start establishing the connection with your VPN network. Once you’re connected with the VPN network, you can check IP detail from Network and Sharing Center or use ipconfig command in CMD to verify that you’re connected with both VPN network and internet.
Virtual Private Network has truly revolutionized the way of securing data transmission between multiple remote locations. It provides the best solution for ever-growing organizations and businesses that need to deploy both a secured network to share private information, and a public network to communicate with their customers, clients and competitors. In addition to being a cost effective solution, VPN technology eliminates the need of creating multiple data management centers to manage communication. For this very reason, VPN is the method of choice all over the globe for small companies and huge corporations alike.
[first 2 images via globalspec]