How do VPNs work?
70
|
The Complete Cisco VPN Configuration Guide (Networking Technology)
Price: $59.73
List Price: $80.00 |
|
VPNs: A Beginner's Guide
Price: $24.00
List Price: $39.99 |
|
SSL Remote Access VPNs (Network Security) (Networking Technology: Security)
Price: $26.95
List Price: $50.00 |
|
MPLS and VPN Architectures (Networking Technology)
Price: $33.97
List Price: $75.00 |
|
MPLS VPN Security (Networking Technology)
Price: $32.00
List Price: $55.00 |
Introduction
Virtual Private Networks (VPN) are one of the fundamental technologies that have made it safer to navigate the Internet, particularly for companies who need to provide remote access to their employees.
The VPN itself is a combined hardware/software solution that typically sits just outside of a corporate network. The hardware can be hosted by a company itself or by a service provider or ISP. The hardware is essentially a router, with added authentication capabilities.
Just what does all this mean?
Signing In to Your Computer
Consider how you sign in to your computer using your user ID and password. If you've disabled this security feature, you're taking a big risk, even if you only sign in from home.
The basic concept behind user IDs and passwords is that somewhere there is a database entry or a secure file that contains a copy of your user ID matched up with your password. When you sign in to your computer, the computer compares the data you entered with the data that is stored in the secure file or database. If those pieces of data match, bingo! You're in. If they don't match, better luck next time.
Signing in to Your Company's Network
Now, take it one step further. Let's say you want to sign in to your company's network to enter your online timecard for the week. The information stored on your company's network is very sensitive. You don't want just anybody getting in there. So of course, you must sign in to your company's network using a user ID and a password. Your company's network contains one or more authentication servers that perform the same basic process of checking your user ID and password against a stored value somewhere on the network.
So far, so good.
A Little History
A few years ago, this kind of remote access was possible but very expensive. You may not recall, but you generally had to "dial in" to a special phone number that was provided to you by your company's system administrator. That phone number was for a dedicated data line that was reserved for use by employees of your company. Unless somebody managed to get both the phone number and the authorization codes to use that line, it was pretty unlikely that anything bad would happen. Still, it did happen that those lines sometimes got crowded with lots of employees dialing in and sending big chunks of data over them. You might have been bumped off the line, or your data might have been corrupted from time to time. And, as mentioned before, these lines were very expensive.
Enter the Internet
The Internet changed everything about communications. As connectivity to the Internet became ubiquitous, company's began to realize that they could let their employees connect to their corporate networks using the same connections they used to play games, send personal email, and surf the Web.There was one problem, though.
Security.
The Internet isn't particularly secure. In some ways it's like the old party lines that rural communities used to share. Companies wanted a way to secure the remote access to their networks but keep the cost benefits of using the Internet.
VPNs solved the problem.
When you sign in to your company's network today, you likely do so over a web page or perhaps a small software program that appears on your computer desktop.
A Brief Aside
There are two basic types of VPNs, SSL and IPSec. Using the IPSec form of a VPN means that your computer will have a piece of software installed that will allow you to make the connection. Typically, if you're using IPSec, you'll have a small software program that you run before you sign in to your company network. If you're using an SSL VPN, you're using a special set of rules created by Netscape called Secure Sockets Layer (SSL) to connect to a secure site over the Internet, typically by way of a web page. It gets a lot more complicated than that, but for the purposes of our discussion, that's probably enough information.
Back to VPNs
The VPN solution creates a secure tunnel between your computer and your company's network. Once you've signed in and your company's authentication system verifies that you are who you say you are, the VPN creates a tunnel inside the bigger tunnel that we think of as the Internet.
If you visualize the Internet as a big pipe, your VPN connection is like a wire that runs through the Internet pipe and connects your tin can (your computer) with your company's tin can (the company network). Anything that passes between the two of you is, theoretically, safe from the snooping of other Internet users.
This is why it's so important for you to sign out properly when you leave your company's network, or your online banking account or other accounts for that matter. Although most VPN vendors now provide security measures that monitor the loss of a connection, it's always safer to formally close out your remote session, just to make sure nobody can sign in as you.
|
The Tao of Network Security Monitoring: Beyond Intrusion Detection
Price: $33.97
List Price: $64.99 |
|
Cryptography and Network Security (4th Edition)
Price: $59.93
List Price: $99.00 |
|
Network Security: Private Communication in a Public World (2nd Edition) (Radia Perlman Series in Computer Networking and Security)
Price: $43.07
List Price: $69.99 |
|
Network Security: The Complete Reference
Price: $31.47
List Price: $62.99 |
Adding More Security
As VPN technology has evolved, more and more security measures have been added. In fact, most SSL VPNs now even include some form of IPSec "client" software, meaning that the VPN system downloads a small program to your computer while you're connected to your company's network. This small software package, usually written in the very portable Java language, stays on your computer until you sign off. The package monitors various other software programs to make sure they don't compromise your secure tunnel, and it also cleans up your system to make sure you haven't saved any passwords or sensitive data on your computer that needs to stay on the company network.
Randomized Passwords
Additionally, because most people don't create very strong passwords (believe it or not, your child's birthdate is not a secure password) many companies now require their employees to use a token or fob that generates a random number ever few minutes. That number is combined with a self-designated PIN to create a unique and temporary password. Often, when you sign in to a secure network, you'll be required to enter your regular user ID and password, as well as your user ID and the randomized number and PIN combination. It's highly unlikely that a hacker or thief will be able to figure out all of those pieces of information.
It can happen, though. So, do everything you can to protect your data and your identity. But you can feel a little better knowing that VPNs provide another layer of security while you're online.
Resources
Vendor websites are some of the best places to find out more about VPNs, although you usually have to wade through some of the hype. Also, check out Wikipedia for more details about VPNs.
A Few More Interesting Links
- Virtual private network - Wikipedia, the free encyclopedia
- IPsec - Wikipedia, the free encyclopedia
- Howstuffworks "How Virtual Private Networks Work"
- An Illustrated Guide to IPsec
- Securing Communications with SSL/TLS: A High-Level Overview
- What is VPN? - A Word Definition From the Webopedia Computer ...
- Virtual Private Network Consortium -- VPNC
Share it! — Rate it: up down [flag this hub]
working