Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
FBI warns of holiday cyber scams
U.S. Open used Web filtering to prevent online gambling
Google Earth used by terrorists in India attacks
Mumbai terrorist attacks don't deter technology companies
Google layoffs: 10,000 jobs being cut, report claims
Experts to Feds: Sign the DNS root ASAP
Cisco shutting down between holidays
Sprint completes Clearwire WiMAX deal
Mobile sales to beat economic gloom, forecasts Ovum
Start-ups starting to feel economic pain
Spam levels fluctuate as crooks try to revive botnets
Mozilla eyes extra beta for Firefox 3.1
Grim forecast for holiday e-commerce sales
Talking Web, memory assistants and solar-powered cell phones headed mainstream, IBM says
Massive botnet returns from the dead, starts spamming
WAN Services /

Script: VPN audio primer

Related linksToday's breaking news
Send to a friendFeedback

Network World Fusion

As companies become more decentralized, they find themselves with employees all over the country and around the world. Increasingly, these workers need the same access to corporate information as those still at headquarters.

This presents a challenge for network managers - how to beef up the information flow while keeping WAN costs in check. Some users are finding they can meet both goals through Internet-based virtual private networks, or VPNs. Basically, VPNs let you turn the Internet into your corporate network. Through the use of encryption, VPN connections are protected from outside users, safeguarding data and allowing the secure, remote use of important applications.

Because the Internet has become so ubiquitous, virtually everybody can plug into it, potentially reducing the need for banks of remote-access servers and modems, or for users to dial long-distance into such facilities. And because the Internet is always there, you can often use it in place of dedicated lines.

Advertisement:

All of this can mean fairly substantial savings over traditional leased-line connections or frame relay permanent virtual circuits.

Users can expect to save hundreds of dollars a month on dedicated Internet access connections when compared to dedicated private lines from a long-distance service provider.

Naturally, there is a catch. Two of them, in fact.

Because the Internet is not inherently secure, you'd probably want to think twice about sending confidential corporate data over it. And because the Internet is not inherently designed for real-time communications, you have to consider what might happen when part of the 'Net goes down or becomes congested.

Firewall and router vendors and Internet service providers (ISP) deal with the security issue by using encryption to protect the privacy of data.

A typical approach involves the use of "tunnelling" software, which relies on sending encrypted packets across a temporary point-to-point connection over the network. The tunnels typically let users encapsulate all sorts of data, even non-IP traffic.

At each end of a VPN sits a firewall or router. The sending firewall encrypts every outgoing packet and then encapsulates it within another IP packet for routing across the public 'Net. The Internet Engineering Task Force (IETF) recommends the use of a 128-bit key, either by Triple-DES or the newer Advanced Encryption Standard (AES).

The receiving firewall then authenticates and decrypts the packets. This way, even if packets are intercepted en route, they can't be deciphered easily. Ideally, the receiving device should also check the data's integrity - in other words, ensure that it hasn't been modified en route.

Most firewall and router vendors now offer tunnelling abilities. However, not all tunnelling systems interoperate, so you have to be careful to make sure that all of your encryption and decryption devices use the same protocol - for example, by using the same hardware at all sites.

Building your own VPN requires purchasing, installing and managing the routers and firewalls at your different sites - and often remote-access systems, as well. But setting up your own VPN also means you will likely pay less for your Internet access connections - because you're using your ISP basically for straight access. If you have a knowledgeable staff it may be more economical to keep your VPN in-house.

Companies including Motorola, Lucent and WatchGuard now offer VPN devices for remote offices and telecommuters, which combine hardware-based encryption with firewalls, packet-filtering and even IP voice capabilities. Firewall and other security features are particularly important for "always-on" cable modem and DSL connections, common in many home office setups.

An alternative to building or buying VPN gear is to order a managed VPN service from an ISP. The ISPs promise greater security - by limiting VPN traffic to their own backbones, so that it never gets onto the public Internet.

Increasingly, however, the ISPs are also issuing promises to deal with the other potential problem of VPNs - the inherent lack of Internet reliability. A number of ISPs have come out with service level agreements that guarantee a certain level of performance across their backbones.

So if you're intrigued by the idea of an IP-based VPNs, here are a couple of items to keep in mind:

Get out your calculator and make sure a VPN actually will save your company money. In most cases it will, but it never hurts to double check.

If you have existing firewall servers, be sure any additional equipment you buy supports the same tunneling protocol.

If you decide to outsource a VPN, press your provider for additional service level guarantees - those cost savings won't mean much if your traffic doesn't go through reliably. If your ISP doesn't budge, find another ISP.

Also be aware of some potential problems with VPNs. Clients behind other organizations' firewalls might not be supported by certain VPN packages. Older products don't always work with clients using private IP addresses behind firewalls or network address translation. And, if you are upgrading to DSL, make sure the DSL service will support the VPN connection you need.

If you do all of your homework and ask the right questions beforehand, your VPN installation will go much more smoothly.

Back to the VPN primer page.

RELATED LINKS

Contact Multimedia Editor Jason Meserve


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.