Professional Documents
Culture Documents
Page | 1
Table of Content
Introduction What is Virtual Private Network (VPN) Why VPN Categories of VPN VPN Topology Type of VPN Internet Protocol Security (IPsec) Two Modes in IPsec Risk and Limitation of VPN Conclusion References 3 3 4 5 7 8 12 15 17 18 18
Page | 2
Introduction
In this new high technology digital world, the usage of internet is increase rapidly. A lot of data or information may obtain from the internet. However, there is a problem for the usage of internet. That is the privacy. Data or information may be stealing or attacked by hacker in the process of transmission. There are various ways to protect our data. One of the examples is by using Virtual Private Network (VPN). VPN is a secure and private network connection between the system that use the data communication capability of an unsecured and public network.
Page | 3
VPN are commonly used to extend the intranets worldwide to disseminate information and news to a wide user base. There are three types of VPN which are Trusted VPN, Secure VPN and Hybrid VPN. Besides that, there are two mode of VPN which are Tunnel Mode and the Transport Mode.
Why VPN?
When we talk about Virtual Private Network (VPN), the key word private is the main issues. VPN is the best technology in the recent time to protect our data as it completely secures our data through military grade encryption in the transmission of important data. It creates a tunnel for the transmission and therefore not outsiders are allowed to view the data except the receiver. Hence, it is secure and privacy is protected. Besides that, VPN services will conceal the real IP and replace it with one of the IP of the services provider. In doing so, the connection or internet activity is anonymous and therefore prevent the attack from attacker or hacker to tracking your IP address. In addition, information transfer through public Wi-Fi is unsecure. There are a sentences that saying using Public Wi-Fi is like you are walking naked on the road but you dont want anyone to see you naked. The uses of VPN will ensure the public Wi-Fi connection in a secure mode. VPN will form tunnel around the connection that cannot be intercepted by any hacker or attacker. [2]
Page | 4
Categories of VPN
There are three main categories of VPN which are Trusted VPN, Secure VPN and Hybrid VPN.
Trusted VPN
Trusted VPN uses leased circuit from services provider and conducts packet switching over there leased circuit. The privacy afforded by Trusted VPN or also known as legacy VPN was only the communications provider assured the customer that no one else would use the same circuit. This allows customer who use it to have its own IP addressing and their own security policies. In addition, the VPN customer trusted the VPN services provider to maintain the integrity of the circuits and to use the best available business practices to avoid snooping of the network traffic. [1][5]
Secure VPN
Secure VPN are the network or the communication environment is constructed using encryption. It use security protocol and encrypt traffic transmitted across the communication network. Secure VPN will encrypt the traffic or data at the edge of one network or the sender and moved over the internet like any other data. Data will decrypt when it reached the receiver. This encrypt traffic will act like a secure
Page | 5
tunnel between the two network (sender and receiver). Even if there are any attacker can see the traffic, they cannot read it or change the direction of the traffic. Hence the communication is secure. [1][5]
Hybrid VPN
A Secure VPN can be run as a part of a Trusted VPN as well and this created the third type of VPN in the market which is Hybrid VPN. Hybrid VPN is the VPN that combine the characteristic of the two VPN discussed before which are Trusted VPN and Secure VPN. It provides the encrypted traffic or transmissions as in the Secure VPN over the entire Trusted VPN network. The secure part of the Hybrid VPN might be controlled by the customer or by the VPN services provider that provide Trusted VPN. [1][5]
Page | 6
VPN Topology
In this section, we will discuss about how a VPN work. To begin using VPN, first we may need an internet connection which can be leashed from an Internet Services Provider (ISP). Then a specially designed router or switch is needed for each Internet access circuit to provide access from the origin network to the VPN. A virtual circuit that resembles a leashed line is created through tunnels which allow the sender to encrypt their data in an IP packet that hide the underlying routing and switching infrastructure of the internet from both the senders and receiver is created. This circuit is known as Permanent Virtual Circuit (PVCs). The sender devices will then take the outgoing packet and encapsulates it to move through the VPN tunnel across the Internet to the receiver. This transmission of packet form the sender to the receiver is transparent to both of the sender and the receiver and even transparent to the ISP and the whole internet user. When it reached to the receiver, the receiver will strip off the VPN frame and deliver the original packet to the destination network. [3] Figure 1 show the two networks connected over an intranet.
[3]
Page | 7
Types of VPN
VPN are traditionally used for the three main purposes: Intranets, Remote Access and Extranets.
Intranet VPN
Intranets are used for the connection within an organization. The connection normally is created between the headquarters offices and its branch office. VPN is created within this location to protect the information of the organization from being stolen or attacked by any outsider. The connection within this organization is often used for some e-mail or file sharing. Intranet provides a virtual circuit between the organizations over the Internet. Figure 2 show the intranet VPN within organizations. The advantage of using Intranet VPN is it will reduce the WAN bandwidth cost of the organization. Intranet VPN allow the organization to use the WAN bandwidth efficiency and hence congestion avoidance with the use of bandwidth management traffic shaping. [3][5]
Page | 8
[3]
greater scalability. Figure 3 show the Remote Access VPN implemented in an organization. [3][5]
There are two types of Access VPS which are Client-Initiated VPN and NAS-Initiated Access VPN. In the Client-Initiated VPN, the business operation initiate the VPN task by manage the client software to initiate the tunnel. This also ensures end-to-end security between the client and the host. Besides that, the client software will also be installed at the remote site which can terminate into a firewall for termination into the corporate network. The biggest advantage of this type of VPN is the service provider access network used for dialing to the point of presence is much more secured. In a NAS-Initiated VPN, the client software element is eliminated. The remote access user starts the connection by dialing to the services provider and obtains the
Page | 10
authentication from the services provider and in turn, initiates a secure, encrypted tunnel to the corporate network. This will then eliminated the client software issue and hence reduce the client management burden associated with the remote access VPN. In the other word, there is no end user client software for the corporate to maintain.
Extranet VPN
Extranet are secure connection between two or more organization. Due to the connection cost, time delays and access availability, IPsec-based VPN are ideal for extranet connection that connects two organizations. The concept of setting up an extranet VPN is similar to the intranet VPN. The only different is the user which is within an organization and one is between two or more organization. Figure 4 show the implementation of an Extranet VPN. [3][5]
Page | 11
Page | 13
Page | 14
Transport Mode
In transport mode, the data is encrypted except the header information. Therefore, the IP packet can directly to be transmitting to the remote host by create a secure link between the sender and the receiver. The content of the packet is encrypted and protected. Transport mode VPN eliminates the need for special servers and tunneling software. Since the header of the packet is not encrypted in Transport mode, the destination of the packet may be known. Figure 7 show the package in Transport Mode. [1][6]
[6]
Transport Mode is normally to be used in the end-to-end transport of encrypted data. Figure 8 show the Transport Mode VPN
Page | 15
[1]
Tunnel Mode
In Tunnel Mode, the entire packet is encrypted and protected. The original IP packet with its header or destination address is inserted into a new IP packet. ESP and AH are then applied to the new packet. It will then establish two perimeter tunnel server and the new IP header is pointed to the end point of the tunnel. Once the packet reach the destination point, the end point of the tunnel will then decrypt the packet. The advantage of using tunnel mode is the entire packet is protected and secure. The sender and the receiver location are not viewed by attacker. Figure 9 show the packet in Tunnel Mode. [1][6]
Page | 16
[1]
This will then explore the vulnerability of the machine. If the client machine is compromised without the knowledge of the owner, and the owner connect his machine to the secure VPN network, finally this will poses a risk to the connecting network.
Conclusion
VPN is an emerging technology that has come a long way. VPNs technology is still developing, and this is a great advantage to businesses, which need to have technology that is able to scale and grow along with them. With VPN businesses now have alternative benefits to offer to their employees, employees can work from home, take care of children while still doing productive, and have access work related information at any time. In conclusion, VPN did contribute to the security field and protect the communication between two networks.
Page | 18
References
1. Michael E. Whitman, Herbert J. Mattord: Principles of Information Security, 2nd Edition, Thomson Course Technology, 2005 2. 5 reason VPN is a must taken from http://www.bestvpnservice.com/blog/5reasons-why-use-a-vpn 3. Virtual Private Network by Germaine Bacon, Lizzi Beduya, Jun Mitsuka, Betty Huang, Juliet Polintan in November 19, 2002 4. Virtual Private Network Architecture by T. Braun, M. Gnter, M. Kasumi, I. Khalil
5. 1Introduction to VPN VPN Concepts, Tips, and Techniques Version 1.0, July 2003
6. VPN SECURITY February 2008 by The Government of the Hong Kong
Page | 19