Role of VPN in Globalized World

A VPN supports at least three different modes of use:

· Remote access client connections

· LAN-to-LAN internetworking

· Controlled access within an intranet

However, it would be better to find to discuss about the types of VPNs before analyzing the things where it can accommodate.

Secure VPNs use cryptographic tunneling protocols to provide the necessary confidentiality (preventing snooping), sender authentication (preventing identity spoofing), and message integrity (preventing message alteration) to achieve the privacy intended. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. Because such choice, implementation, and use are not trivial, there are many insecure VPN schemes on the market. Secure VPN technologies may also be used to enhance security as a 'security overlay' within dedicated networking infrastructures

Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. Multi-protocol label switching (MPLS) is commonly used to build trusted VPNs

Technology Behind VPNs

Several network protocols have become popular as a result of VPN developments:

· PPTP

· L2TP

· IPsec

· SOCKS

These protocols emphasize authentication and encryption in VPNs. Authentication allows VPN clients and servers to correctly establish the identity of people on the network. Encryption allows potentially sensitive data to be hidden from the general public. Many vendors have developed VPN hardware and/or software products. Unfortunately, immature VPN standards mean that some of these products remain incompatible with each other.



VPN Tunneling: VPN technology is based on the idea of tunneling. Network tunneling involves establishing and maintaining a logical network connection .On this connection, packets constructed in a specific VPN protocol format are encapsulated within some other base or carrier protocol, then transmitted between VPN client and server, and finally de-encapsulated on the receiving side).

Two Types of VPN Tunneling

VPN supports both voluntary and compulsory tunneling. Both types of tunneling can be found in practical use. In voluntary tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider (an ISP in the case of Internet VPNs). Then, the VPN client application creates the tunnel to a VPN server over this live connection. In compulsory tunneling, the carrier network provider manages VPN connection setup. When the client first makes an ordinary connection to the carrier, the carrier in turn immediately brokers a VPN connection between that client and a VPN server. From the client point of view, VPN connections are set up in just one step compared to the two-step procedure required for voluntary tunnels.

Compulsory VPN tunneling authenticates clients and associates them with specific VPN servers using logic built into the broker device. This network device is sometimes called the VPN Front End Processor (FEP) (also Network Access Server (NAS) or Point of Presence (POP) servers). Compulsory tunneling hides the details of VPN server connectivity from the VPN clients and effectively moves control over the tunnels from clients to the ISP. In return, service providers must take on the additional burden of installing and maintaining FEPs.

VPN Tunneling Protocols

Several interesting network protocols have been implemented specifically for use with VPN tunnels. The three most popular VPN tunneling protocols listed below continue to compete with each other for acceptance in the industry. These protocols are generally incompatible with each other.

Point-to-Point Tunneling Protocol (PPTP)

Several corporations worked together to create the PPTP specification. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in client support for this protocol. The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use. Microsoft continues to improve its PPTP support, though.

Layer Two Tunneling Protocol (L2TP)

The original competitor to PPTP for VPN tunneling was L2F, a protocol implemented primarily in Cisco products. In an attempt to improve on L2F, the best features of it and PPTP were combined to create new standard called L2TP.

Internet Protocol Security (IPsec)

IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution, or it can used simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer (Layer Three) in OSI.

VPN SECURE

The most important part of a VPN solution is security, the nature of VPNs — putting private data on public networks — raises concerns about potential threats to that data and the impact of data loss, where a Virtual Private Network must address all types of security threats by providing security services in the areas of:

Authentication - Authentication is the process of ensuring that a user or system is who the user claims to be, there are many types of authentication mechanisms, all work off of one or more of the following principles: a login name, a password, a token, a card key, fingerprint, retinal scan. A weak authentication makes use of one of these components, usually a simple login/password sequence but a strong authentication combines at least two authentication components from different areas.

Presentation - Encryption is based on two components: an algorithm and a key, a cryptographic algorithm is a mathematical function that combines data with the string of digits contained in a key to produce encrypted text. There are several major types of encryption of varying degrees of complexity, as measured by lengths (bits) of cryptographic keys like Advanced Encryption Standard (AES), RSA, Elliptic Curve Cryptosystems (ECC).

Transportation - The modification of data packets in a network is an attack on data integrity. Message authentication is the procedure used to verify that received messages come from the alleged source and have not been altered

Non repudiation - Non-repudiation is a means to verify that an electronic message has been sent and received by the specified parties. This protects both parties to ensure that neither the sender nor the recipient can later claim the transaction did not take place, which is a vital not only while dealing contracts, but also for online sales of digital goods such as music and entertainment.

Unfortunately, VPN technology alone does not provide reliable proof about who is accessing the data at either end of the tunnel without strong authentication is incorporated, information may be shielded as it crosses the network only to fall into the wrong hands. However, RSA Security’s authentication solutions greatly reduce this risk by forcing external users to present multiple forms of identity to provide assurance that they are who they claim to be before they are granted access.

VPNs for Remote Access- A VPN can support the same intranet/extranet services as a traditional WAN, but VPNs have grown in popularity for their ability to support remote access service. In recent years, many organizations have increased the mobility of their workers by allowing more employees to telecommute where Employees continue to travel and face an increasing need to stay plugged in to the company network. Typically, a corporation that wishes to set up a large remote-access VPN provides some form of Internet dial-up account to their users using an Internet Service Provider (ISP). The telecommuter can then dial a 1-800 number to reach the Internet and use their VPN client software to access the corporate network. It can be better utilized when a company needs a remote-access for a large firm with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third- party service provider. The overhead of maintaining such a system internally, coupled with the possibility of high long distance charges incurred by travelers, make VPNs an appealing option here.

VPNs INTERNETWORKING

VPN remote access architecture’s extension provides an entire remote network to join the local network. A server-server VPN connection joins two networks to form an extended Intranet or extranet rather than a client-server connection. To implement limited access to individual subnets on the private network, Intranets use VPN technology. In this mode, VPN clients hook up to a VPN server, which acts as a gateway to computers behind it on the subnet, However, it takes benefits of the security features and handiness of VPN technology.

ADVANTAGES

VPNs promise two main advantages over competing approaches – Cost Savings-One way a VPN lowers costs is by eliminating the need for expensive long-distance leased lines, with the help of VPNs, an organization needs only a relatively short dedicated connection to the service provider could be a local leased line (much less expensive than a long-distance one).

Another way VPNs reduce costs is by lessening the need for long distance telephone charges for remote access where VPN clients need only call into the nearest service provider's access point but in some cases it require a long distance call, but in many cases a local call will suffice.

A third, subtler way that VPNs may lower costs is through offloading of the support burden with VPNs, the service provider rather than the organization must support dial-up access, where Service providers can in theory charge much less for their support than it costs a company internally because the public provider's cost is shared amongst potentially thousands of customers.

Scalability -The cost to an organization of traditional leased lines may be reasonable at first but can increase exponentially as the organization grows. A Company with two branch offices, for example, can deploy just one dedicated line to connect the two locations. If a third branch office needs to come online, just two additional lines will be required to directly connect that location to the other two. However, as an organization grows and more companies must be added to the network, the number of leased lines required increases dramatically. Four branch offices require six lines for full connectivity, five offices require ten lines, and so on. Mathematicians call this phenomenon a "combinatorial explosion," and in a traditional WAN this explosion limits the flexibility for growth. VPNs that utilize the Internet avoid this problem by simply tapping into the geographically distributed access already available.

Compared to leased lines, Internet-based VPNs offer greater global reach, given that Internet access points are accessible in many places where dedicated lines are not available. The only way to properly deploy the appropriate VPN for any organization is to evaluate the needs of your operation and it’s remote clients. At that point you must evaluate the hardware involved on both ends, the operating systems on both ends, the Internet service on both ends, the applications software involved and more. Performance, security, and limitations of the existing infrastructure always dictate how you move ahead. Often this process is short and simple but there are a variety of unforeseen problems that can crop up if you do not carefully evaluate these elements. Whether in-house or through a vendor it is important to evaluate your existing systems and requirements first, to save time and money later. Once you have finished this part of the evaluation it will be a much simpler task to choose among various VPN approaches. Often something in the initial evaluation will mandate a certain VPN approach, if this is the case your choices will be easily defined. If you have very few limitations placed by your existing technology the decision becomes one of ROI, performance, and security demands.

DISADVANTAGES

With the hype that has surrounded VPNs historically, the potential pitfalls or weak spots in the VPN model can be easy to forget. These four concerns with VPN solutions are often raised like 1. VPNs require an in-depth understanding of public network security issues and taking proper precautions in VPN deployment. 2. The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control. 3. VPN technologies from different vendors may not work well together due to immature standards. 4. VPNs need to accommodate protocols other than IP and existing ("legacy") internal network technology. Generally speaking, these four factors comprise the hidden costs of a VPN solution. Whereas VPN advocates tout cost savings as the primary advantage of this technology, detractors cite hidden costs as the primary disadvantage of VPNs.

CONCLUDING REMARKS:

The success of VPNs in the future depends mainly on industry dynamics. Most of the value in VPNs lies in the potential for businesses to save money. Should the cost of long-distance telephone calls and leased lines continue to drop, fewer companies may feel the need to switch to VPNs for remote access. Conversely, if VPN standards solidify and vendor products interoperate fully with other, the appeal of VPNs should increase. The success of VPNs also depends on the ability of Intranets and extranets to deliver on their promises. Companies have had difficulty measuring the cost savings of their private networks, but if it can be demonstrated that these provide significant value, the use of VPN technology internally may also increase. VPNs do not offer any network services that aren't already offered through alternative mechanisms. However, a VPN does use a unique mix of technologies that promises to improve on the traditional approaches. A well-designed VPN should incorporate the following: Security, Reliability, Scalability, Network Management, and Policy Management

"http://www.articlesbase.com/information-technology-articles/role-of-vpn-in-globalised-world-497961.html"