Basics of Networking: Computer Network Design

ComputerNetworkingNotes.
com
Basics of Networking
Linking of computer devices is called networking. Both hardware and software play a
crucial role in establishing contact between computers. There are various computer
network designs. The network is divided according to its geographic coverage. Setting up
a computer network is different from connecting to the internet. Read on.
The article covers
• Basics of Networking
• Computer Network Design
• Computer Hardware Required to Setup a Network
• TCP/IP Suite and Member Protocols
Linking of two or more computing devices to share resources is networking. Both

Hardware and Software play a role in creating a link between computers. The resources
that can be accessed by users and every one on the network are termed as network
resources (printer, CD drive, and modem). A stand alone computer on a network that
provides access to its local resources and network resources is called a workstation.
Computer Network Design
Network basics in Computer networks deal with different designs.
• Peer-to-peer networks are where all the computers support the same functions.
These are found more in homes and for connecting two or a small number of
computers.
• Client-Server is more common in business and consists of a centralized computer
that distributes and stores resources for other network users. This centralized
computer is called the server and the user's computer that accesses the server for
resources is called a client.
• Servers are important to all users and management of its resources is required for
better service to clients (some important clients and other not so important
clients). The server software therefore directs the different uses of its resources by
granting access rights to some users and preventing others. It prevents users from
using resources that are not meant for them. Thus it performs the role of
administration and security as well.
• Network Topology is a pattern of links connecting nodes (node can be any
device) of a network. The pattern of connection can be a simple one way link or a
two way link between two nodes. The interconnection of various nodes can be
done in a variety of ways; for example bus, ring, star or mesh.
• Geographic coverage of the network gives us names like Local Area Network
(LAN), Metropolitan Area Network (MAN), Wide Area Network ( WAN) or
interconnection of all the networks( Internet, which envelops the whole world and
is also termed as the world-wide-web www)
Computer Hardware Required to Setup a Network

ComputerNetworkingNotes.com
The Hardware components you obtain need depends on the type of network and the
various additions to the network. The most important aspect is the specifications of the
various components, since they need to be compatible (be able to connect and work in
tandem) with each other. Setting up a computer network should not be confused with
connecting to the internet.
List of basic network hardware
• Network interface Card (NIC), is an add-on-card, to enable a desktop computer or

laptop to connect to the network. The industry standard used now days is 'PCI-
Peripheral Component Interconnect' which is the specification(physical size,
electrical characteristics, bus timing and protocol) of a computer bus (group of
wires) for attaching peripheral devices to a computer motherboard. These are
either integrated circuits fitted on the motherboard it self or a set of sockets into
which add-on-cards are fitted to provide expansion in services. Old industry
standards are ESA, ISA, VESA local bus and the new industry standard is PCI
Express. PCI variants are
• PCI 2.2 for 66MHz signaling and 533MB/s of peak transfer rate
• PCI-X for 133MHz signaling and 1066MB/s of peak transfer rate. The
protocol for this is slightly changed.
• PCI-X 2.0 gives 266MHz/533MHz rate and 2133MB/s peak transfer rate.
A 16 bit bus variant and configuration space of 4096 bytes is a value
addition.
• Mini PCI is for use in laptops
• Hub, Switch or router is an entry point to the network. Hub provides multiple
ports (for data sending and receiving) to connect computers to your network. A
switch is like a hub but differs in operation. It sends received data only to the
appropriate place. By directing traffic it improves performance. Router is even
more flexible by providing a simple way to share your high speed connection.
• Cable is an important part if you are adding each computer to your network. The
various types being twisted cable, co-axial cable and Fiber optic cables.
Introduction to Internet Protocols

Any communication requires two parties (active-listening and speaking). Communication
between devices is done in machine language. Different types of devices manufactured
by various companies need to communicate using a common language which is known as
a protocol.
Any introduction to internet protocols should explain the various other protocols that are
a part of TCP/IP suite. A protocol is basically a set of rules and conventions that need to
be followed to establish connection and transfer of data between two devices. There are
various protocols and networks often support multiple protocols. The mostly used
protocol that is found on the internet and in home networks is TCP/IP - Transmission
Control Protocol/Internet Protocol. TCP/IP consist of many other associated network
protocols and owes its existence to ISO/OSI which now serves as a reference to all other
protocols.
Rate this Article

Excellent
Good
Average
Bad
Terrible
Current Rating
TCP/IP Suite
The layer structure is built in a manner such that each layer treats all of the information it
receives from the upper layer as data and adds control information (header) in the front of
that data and passes it on to the lower layer. When data is received the opposite process
takes place. Functions of the layers are
Application Layer (Layer 5)

This provides functions for user application to communicate over the network and is
highly specific to the application being performed. This layer includes all applications
protocols that use host-to-host transport. It manages sessions ('socket' and 'port' is used by
TCP/IP for sessions) between cooperating applications. Other functions are data
encryption, decryption, compression and decompression. There are many protocols
implemented in the application layer they are
• BGP-Border Gateway Protocol Version4

• COPS - Common Open Policy Service
• DNS - Domain Name Service
• FANP - Flow Attribute Notification Protocol
• Finger - User Information Protocol
• FTP - File Transfer Protocol
• HTTP - Hypertext Transfer Protocol
• IMAP4 - Internet Message Access Protocol, rev 4
• IMPPpre/IMPPmes - Instant Messaging and Presence Protocols
• IPDC - IP Device Control
• IRC - Internet Relay Chat Protocol
• ISAKMP - Internet Message Access Protocol (version 4rev1)
• NTP - Network Terminal Protocol
• POP3 - Post Office Protocol version 3

• Radius - Remote Authentication Dial In User Service
• RLOGIN - Remote Login
• RTSP - Real-time Streaming Protocol
• SCTP-Stream Control Transmission Protocol
• S-HTTP - Secure Hypertext Transfer Protocol
• SLP - Service Location Protocol
• SMTP - Simple Mail Transfer Protocol
• SNMP- Simple Network Management Protocol
• SOCKS - Socket Secure (Server)
• TACACS+ - Terminal Access Controller Access Control System
• TELNET - TCP/IP Terminal Emulation Protocol
• TFTP - Trivial File Transfer Protocol
• WCCP - Web Cache Coordination Protocol
• X-Window - X Window
Transport Layer (Layer 4)

Whatever be the application, data needs to be exchanged reliably and must not be
dependent on the application. TCP ensures host-to-host reliable information exchange
where as UDP-User Datagram Protocol does not have end-to-end reliability checking.
Protocols used are
• Mobile IP - Mobile IP Protocol

• RUDP - Reliable UDP
• TALI - Transport Adapter Layer Interface
• TCP - Transmission Control Protocol
• UDP - User Datagram Protocol
• Van Jacobson - compressed TCP
• XOT - X.25 over TCP
Network Layer (Layer 3)

This is also spoken of as the internet layer and is the primary protocol of IP over the
internet. This provides routing function across multiple networks and is implemented not
only in end systems but also in routers on the network to help in traversal of data. The
protocols they support are
• DHCP - Dynamic Host Configuration Protocol

• DVMRP - Distance Vector Multicast Routing Protocol
• ICMP/ICMPv6 - Internet Control Message Protocol
• IGMP - Internet Group Management Protocol
• IP - Internet Protocol version 4
• IPSec - Internet Protocol Security
• IPv6 - Internet Protocol version 6
• MARS - Multicast Address Resolution Server
• PIM - Protocol Independent Multicast-Sparse Mode (PIM-SM)
• RIP2 - Routing Information Protocol
• RIPng for IPv6 - Routing Information Protocol for IPv6

• RSVP - Resource ReSerVation setup Protocol
• VRRP - Virtual Router Redundancy Protocol
Data Link Layer (Layer 2)

It is also known as the network layer. Its concern is the link between the data
transmission device and the network. Network address of the destination should be added
so that the data can go to the appropriate destination. Standards vary for circuit-
switching, packet-switching (frame, relay) local area networks (Ethernet) and others
• ARP - Address Resolution Protocol

• ARCnet
• CDP - Cisco Discovery Protocol
• DCAP - Data Link Switching Client Access Protocol
• Econet
• Ethernet
• FDDI - Fiber Distributed Data Interface
• Frame Relay
• HDLC - High Level Data Link Control
• LocalTalk
• L2F - Layer 2 Forwarding Protocol
• L2TP - Layer 2 Tunneling Protocol
• PPP - Point-to-Point Protocol
• XPPTP - Point-to-Point Tunneling Protocol
• SLIP - Serial Line Internet Protocol (obsolete)
• StarLan
• Token ring
Physical Layer (Layer 1)

The physical layer defines the physical interface between the data transmission device
(computer) and the transmission medium. Characteristics of the transmission medium,
nature of the signals, the data rate and related specifications are a part of the physical
layer.
TCP/IP is actually a suite of protocols and the major ones are
• Address Resolution Protocol (ARP)

• Domain Name System (DNS)
• File Transfer Protocol (FTP)
• Hypertext Transfer Protocol (HTTP)
• Interactive Mail Access Protocol (IMAP)
• Internet Control Message Protocol (ICMP)
• Internet Protocol (IP)
• Open Shortest Path First (OSPF)
• Post Office Protocol (POP3)
• Routing Information Protocol (RIP)
• Simple Mail Transport Protocol (SMTP)

• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
The IP Packet format is given below

4
8
16
19
32bits
Version
IHL
Type of service
Total length
Identification
Flags
Fragment offset
Time to live
Protocol
Header checksum
Source IP Address
Destination IP Address
Option + Padding
Data
Intranets and Extranets
Private Networks share part of an organization's information or operation with its

employees. The means or medium used can be dedicated lines to transfer data, PSTN for
phone service, ISDN for voice and video conferencing or a visible service which is
usually a Website. Internet and Client-Servers use the same protocols of TCP/IP Protocol
suite. Thus the connection of these private networks via the internet results in an Intranet.
Firewalls, gateways, authentication, encryption and the use of VPN technologies make
security and performance on public services better.
Intranets are commonly owned by communications, HR or CIO area of large

organizations to deliver tools and applications such as sophisticated directories, sales and
CRM tools, project management etc. Intranets cannot be accessed by the general public.
Extranet is an extension of the intranet over the World Wide Web such that limited
access of the intranet is provided to the public. The access can be for customers, partners,
suppliers or others outside the company. The part that access has been granted to
becomes the extranet. This can provide access to research inventories and internal
databases. Some portions may be free, others portions of information may require a
payment. What is needed is privacy of information both to the company and of the
purchaser. Firewalls, server management, authentication, encryption, digital certificates

and the use of VPN ensure confidentiality and security.
VPN - The Inside Story

VPN provides you a secure channel between your local computer and a computer at the
remote location. The network user can access this from any part of the world provided
internet connection and accessibility to the resources is available. For this you need basic
equipments to set up VPN and a VPN account from your internet service provider. In this
article we define VPN and give you the basics on VPN software, VPN hardware and how
to set up a vpn.
The article covers
• VPN Essentials
• VPN Configuration you may need
• VPN Hardware Accessories
• Other VPN Accessories
• HOw to set up VPN Setup and its Working
What is VPN? This question has many answers to it. Most commonly we define VPN as
a private network over a public network. Virtual Private Network (VPN) is a means of
having a secure channel between your local computer and a computer at a remote
location. Private networks rely on leased lines to transfer data. This can be very costly.
Virtual Private Network is like a Wide area Network that relies on the internet to transfer
data. For security it uses features like encryption, encapsulation, authorization and
tunnels. This enables any user to access a Private Network securely from anywhere in the
world as long as an internet connection is available and the private network provides the
user the access to its resources. The only problem is how to install vpn on the client end.
This can be a problem if hardware is the choice or if client software has to be configured
to set up a VPN
VPN Essentials
You may already have the basic equipment needed to set up a VPN. All you have to do is
get a VPN account from your Internet service Provider (ISP) and configure your PC.
Most of the latest Operating systems will not require additional software for your VPN
setup. In case you have windows95/98 you may need to buy client software. The machine
configuration you may need is:
Hardware
• Any Personal Computer with processor clock speed of 300 MHz (Mega Hertz) or
more
• RAM: 128 MB(Mega Byte) or higher, 64 MB is for minimum support and may
limit features and performance
• 1.5 GB (Giga Byte) of available space on hard disk

• A Modem is needed which may be Dial up, cable modem, ISDN or any other
variety. Higher speeds only provide faster transfer of data.
Software
Any VPN client software
VPN client software is incorporated in some operating systems (Windows NT/2000/XP )
Internet Account
You need a VPN account with your ISP. You will have a password and a dedicated
public IP number for encryption and connection purposes.
VPN Accessories
An increasing number of enterprises are opting for VPN and the vendors come out with
hardware which comes along with software , such as added support for hardware based -
encryptors. Some have enhanced the server capabilities to accommodate VPN related
functionalities such as security in firewall based VPN's. Most specialized VPN products
are hardware (packaged with software), standalone software application packages or
firewall based packages.
The choice of equipment is both POP (point of Presence) and CPE (customer premise
equipment) to build your VPN solution. POP equipment is more costly and depends on a
number of factors like desired throughput (rate of sending and receiving data on a
computer or network), number of users, scalability, routing, security and quality of
service. CPE equipment is more varied with products like Internet appliances, specialized
gateways, VPN enhanced routers and even VPN client software. CPE equipment caters to
needs of small business and remote branch offices. Large CPE's behave like POP
equipment so it really depends on the environment in which a VPN is setup.
Hardware Accessories
VPN enable/optimized routers are required since they have an added level of security.
Many companies provide products, a few of them are Linksys BEFSX41, Netgear
FV318, CyberGuard SG300, Cisco PIX firewalls series and CISCO VPN concentrator
series. These VPN routers sometime come bundled with VPN based software. If you are
connected to a high speed, large bandwidth network, the broadband VPN routers can pass
more than one VPN session from the Vpn local network to the outside network. The
disadvantage is that routers are not as flexible as software based systems especially when
the VPN end points are not of the same organization.
For those who do not know much about routers this brief could enlighten you. Router is a
hardware device that forwards packets on the internet. These are simple and easy to use
equipment that acts like a switch at a junction connecting devices on a network. A router
uses protocols, routing table and routing metrics to communicate with other routers and
route packets on the network. These routers are also known as gateways. A computer too
can perform the action of a router.
Software Accessories
VPN software creates a secure connection between two computers. This is like a tunnel
through the existing firewall of these computers. You can buy various low cost routers
and other accessories. If it is a hardware device then does the routing and takes care of
security as the software comes with it. Install the given VPN software and use your VPN.
For large corporations setting up the server for VPN can be hard. Software's available in
the market cater to VPN client, VPN server and VPN appliances (hardware with software
application) Netgears - ProSafe™ VPN Client Software Models VPN01L & VPN05L,
Sonicwall -Global VPN Client, Nortel VPN client are for the client end. Actual VPN
server software is rather rare. Operating systems such as Windows 2000 Server,
Windows Server 2003, Small Business Server 2003, Mac OS X Server 10.2, Windows
2003 Server, Sun solaris server, Linux server etc. come along with VPN software. A few
other software's for VPN in the market are Mergic VPN which uses PPTP Protocol,
Movian by Certicom which supports the IPSec protocol. Server software is not a
compulsion as a VPN client can communicate through routers.
VPN and its working

There are many aspects to the working of VPN which depends on the software and
hardware and architecture of the connection. Each has its special features with respect to
scalability, security and quality of service.
Some are individual computer to LAN others are 'LAN to LAN' VPN connections.
How VPN works is a common question. Working of a VPN can be compared to that of a
network with leased lines to individual computers so that these systems can gain access to
the organization's facilities and network. Leased lines are expensive and so VPN uses
public lines.
Secure access and privacy is provided by the various security procedures like encryption,
authentication procedures, Firewalls and other protocols.
Purposes that protocols involve:
• Data encryption at the sending end

• Creation of a tunnel where data in the form of packets is encapsulated in the
existing TCP/IP. Packets that that is not encrypted cannot pass through
• Decryption of data after reception at the receiving end
• Additional level of security involving not only passwords but also the senders and
receivers network addresses.
Setup VPN
The types of VPN determines it setup. VPN can be a client initiated 'remote access VPN'
or 'site to site' based VPN that is either intranet or extranet. You may want to know how
to install VPN? There are a variety of methods depending on the hardware, software and
protocols adopted. There are no standards in the industry and therefore for any setup you
would need to find out if the hardware and software of the senders and receivers are
compatible to set up a VPN. Most of the users that have trouble are the clients on a
remote access VPN.
Setup of a remote access VPN

A remote access VPN client consists of a software client installed on the remote
computer and a router.
• The VPN router comes with software. All you need to do is install the given
software and follow the procedure. You need to have a VPN account with the ISP
provider. You also need to know your IP address as well as that of the other
computer with which you want secure communication. A word of caution with
regard to this approach is that the sender may have to use the same
software/hardware you are using.
• Many operating systems have incorporated VPN client software. A wizard will
guide you through the various steps in some operating systems. You need to have
a little knowledge of protocols (PPTP, L2F, IPSec etc.) and port addresses as
these determine your type of connection and level of security.
• At the server side the VPN server configuration depends on whether you want to
have a separate server or use the same server that you use for other tasks in the
organization. In case you use the same server you may not get a good throughput
even though you have a broadband connection since the server is loaded. A server
setup is a more professional task but isn't difficult if you have proper knowledge
of processes.
Setup of Site to Site VPN

Since a site to site connection is between two servers in an intranet or an extranet all you
need to do is configure the answering and calling routers.
• Configure VPN on the Answering Router

• Configure the Demand-dial Interface on the Answering Router
• Configure VPN on the Calling Router
• Configure the Demand-dial Interface on the Calling Router
• Create a Network Rule Defining the Route Relationship between the servers
• Create Access Rules allowing Traffic between servers
• Test and Confirm the Remote Access Policy Configuration on the Answering and
Calling Routers
Encryption and Protocols are a technical subjects and choice of these is related to costs
and security. Whatever you choose remember that security is a daily issue and you need
to constantly monitor it.
WAN Going the VPN way

WAN has enabled the communication between corporate all over the world. It was not
possible for the small offices to have a private leased line. The internet which came as the
alternative cost effective medium was subjected to risks of hacking, spying, viruses etc
The VPN provides cost effective, secured communication channels between global
employees. Read more.
The article covers
• ERP's business needs

• VPN use in banking sector
• Necessities of Business
• Applications Requiring Secure Communications
• VPN services in the market
Globalization has brought about decentralization and outsourcing. . WAN has helped
corporates with a means of effective and timely running of various offices situated all
over the globe Data was secure over these private networks and large corporations started
using computer networks rather than the then courier services. It is untenable for Small
business and SOHO-small-office-home-office to have private leased lines. The
alternative cost effective medium was the internet but this was subject to risks for
spoofing and eavesdropping. Hacking, spying, viruses and worms have been a major loss
to business.
Virtual Private Networks (VPN) the answer to WAN is now attracting many
organizations, small and large alike, to establish cost effective, secure communication
channels between global offices or employees. The savings on communication for many
corporations, who have switched to VPN, is around 30% to 80%. Quality of service
(priority to critical information over general emails or web browsing) being paramount
for VPN is now being offered by some ISP's. By rising to the occasion they are providing
quality VPN services such that businesses migrate from WAN to VPN.
VPN use in financial sector has increased due to business management and a variety of
its concepts requiring information technology and computers.
Enterprise Resource Planning has resulted in many specific software applications that
require interconnectivity to maintain the ever growing enterprise. ERP's business needs
are
• Inventory control, resource planning, customer service departments

• Integrate the various departments of business including CRM.
• Rapid exchange of information between the various departments
• Effective project planning and execution depending on the current information.
Earlier Implementation was WAN with leased lines, frame relays and T1 lines for
connection. IP VPN has a better performance over and ISDN infrastructure providing
VoIP and a flexible architecture of implementation that takes the load of the corporate
server for client to client connections. VPN's Class of service agreement assigns priority
to the information transferred across it network and so business critical information is
transferred first at a faster rate when compared to other information.
VPN use in banking sector is registering a growth due to personalized banking and e-
banking. With authentication, encryption and different data communication methods
banking grew to accept online secure transactions. The growing needs of the banking
sector is
• Internet Access to account information

• Wireless and Mobile money transactions
• Account transaction between companies using internet as a means of
communication
IP VPN has brought about a range of encryption and authentication techniques that the
bank can use. It has also brought voice over the internet, which is a merging of
technologies making it easier to implement and better in performance.
Necessities of Business
Security
Security of a business is important and VPN in the internet infrastructure is providing
security with its protocols that authenticate and encrypt the communications taking place
over the end points in the network.
Convergence
Business enterprises that are CRM based require voice and data networks. Voice, video
and network security are now being bundled together on VPN networks.
Scalability
Every business grows and the infrastructure should be able to meet its growing demands.
With increase in the bandwidth traffic performance of VPN is met. Also the security and
other complexities related to hardware and software's are changed. VPN is adapting to
the growth though rather slowly
Cost Effectiveness
Since the infrastructure is shared and it is not a private leased line cost dramatically
decreases when VPN technologies are used.
Reliability
The network has to provide a reliable redundant and fault tolerance service for it to
become popular
Flexibility
The approach to setting up a network of different topologies according to your needs for
voice and data are now provided with VPN networks
Class of service
The ability to provide the user customized service according to his requirement has
prompted many IP VPN service providers to offer advanced Class of Services appropriate
to specific traffic patterns and business.
Applications Requiring Secure Communications
• B2B-Business-to-business applications with customers, suppliers and partners

• VoIP for enterprises looking for converged services rather than having a separate
PSTN-Public switched telephone network.
• Teleworkers who work from outside the office premises.
• Wireless VPN
• Storage Area Networks setup by large corporations
• EAI - Enterprise Application Integration for web based CRM
Types of Services
IP VPN- (Internet Protocol Virtual Private Network)

Based on IPSec protocol this is the earliest IP VPN. There are many services being
offered by the ISP providers. These include Site-to-site VPN, VPN on dial up networks,
VPN on broadband networks, Voice with VPN and VPN on ISDN services.
These work by creating and maintaining a full mesh of tunnels or virtual circuits, among
all sites, belonging to a particular VPN. Providing such connections over the network is
an onerous task and reliability, flexibility and scalability is affected. The protocols used
may vary
• IPSec
• Layer 2 tunneling protocol (L2TP)
• Layer 2 forwarding (L2F) protocol
• generic routing encapsulation (GRE)
• Frame Relay
• ATM protocols
Other problems that occur with networks are
Latency
This is the time lag between initiating a request for data and the beginning of the actual
data transfer. For a remote access VPN this could be large if the traffic on the network is
large. Then the network latency would delay the packet as it is momentarily stored
analyzed and forwarded to the next router on the internet.
Packet Loss
Poor connectivity between two end points results in loss of packets of data. This might
affect the performance of the VPN. Packet loss may also be due to internal problems of
protocol and encryption/decryption standards.
Jitter
Since the routes are variable on the internet the arrival of bits or packets can be variable
and not according to order (dependent on timing of the clock cycle). Some network
systems are not optimized for jitter. This aspect is crucial for voice and video
conferencing as quality if data is decreased.
MPLS_IP_VPN- (Multi protocol Label switching-Internet Protocol- Virtual

private Network)
Connectionless VPN's as it is popularly known MPLS VPN is created in Layer 3 of the
OSI model. This gives it the value added features of scalability, intranet, extranet, data
hosting, network commerce and multimedia data transfers. Privacy and security is
provided by limiting the distribution of VPN's routes to routers that are members of the
VPN. It can provide classes of service and priorities within VPN's, as well as between
VPN's as well.
SSL VPN- (Secure Socket Layer Virtual Private Network)

This is an open source application and has been growing in popularity. Also known as
clientless VPN the biggest advantage of SSL VPN is that you do not need a VPN client
software. SSL VPN uses the Web browser as the Client application. This makes it more
secure because the access is limited to the application and not to the whole LAN or
subnet. Digital Certificates are used in the authentication process. The di sadvantages
being you cannot use all types of IP. If applications you need to access are not browser
based then you will have to use Java or Acitve-X plugins to create browser access to
those applications.
Future of VPN
The future of VPN depends mainly on performance for real time services. VPN in
financial sector for business like ERP, CRM and VPN in the banking sector need to
provide security for all users. IP VPN and the booming network industry have
contributed to two categories. One is 'Managed VPN's' where a company gives you
Customer Premise Equipment (CPE) gives network connectivity and 24X7 manages the
VPN. In other words these companies operate your IP VPN for you. The second category
is turnkey products which is either a rent or purchase of equipment from providers of
networks. You will have to build your own VPN. They will provide backbone network
connectivity and local access facilities.
With an annual projected growth of 20% forecasted for the next 5 years, VPN may be
next gene ration WAN.
VPN - The way to go!

It is a widely known fact that the internet does not provide considerable security to its
users. Hacking and spreading viruses is certainly possible in internet. They were not
predicted when the internet was incepted. We define VPN as a reliable substitute to
security problems on the internet. Here communication is possible only between given
corporates.Find out more about the VPN on security concern.
The article covers
• The technology to ensure security on the internet

• Tunnel
• Different Protocols of VPN
VPN technology uses internet as its backbone for communication. The internet was
designed to provide communication even if a part of the network was damaged or
destroyed. This was possible due to routers that would direct traffic on alternative routes
when the direct route was not available. The earliest users were scientists and librarians.
No home or office computers used the internet. Today almost everyone uses the net and
with the increase in the users many nefarious characters started hacking and creating
viruses.
Present concerns of security and performance were not there when the internet started.
The TCP/IP and the internet were not designed for this and are still evolving to issues of
security and performance. VPN technology is now serving as a reliable substitute to
dedicated leased lines or WAN. Standards for network security on IP networks are now
evolving to create virtual private networks. Yet for all these processes are not deployed to
a great extent.
The technology to ensure security on the internet has to address concerns like
• Authentication: Data originating from the source that it claims.

• Access Control: Permitting authorized user's access while restricting unauthorized
users access to the network or its facilities.
• Privacy: Preventing anyone copying, viewing or tampering with data that is not
theirs thus providing the needed confidentiality as well as data integrity.
Private Networks that are not VPN based, use leased lines. These connections were for
communication of information related only to a given corporate. WAN was widespread
even if it were a branch office or few users outside the centralized network. With
globalization, enterprises are expanding beyond vistas ever imagined. The traditional
Private networks are unable to cope with the growth. Public Networks are rising to the
challenge with password based systems and challenge response systems such as CHAP-
Challenge Handshake Authentication Protocol, RADIUS - Remote Authentication Dial-
In User Service, hardware tokens and digital certificates. These systems are used to
authenticate users on a VPN and provide access control to network resources. Privacy of
data is achieved through the various encryption algorithms like RSA, DES/3DES,
BLOWFISH, IDEA, SEAL, and RC4.
VPN Tunnel
Private leased line networks had hard-wired dedicated connections from single corporate
customers. Extending the idea of dedicated connection to the internet, a number of
protocols have sprung up. These create tunnels, allowing users to encapsulate their data
in IP packets, which hide routing and switching information from both the sender and
receiver. Snooping is thus prevented using encryption.
Any communication involves two end points and usually in VPN technology it is
between 'Client-to-LAN' and 'LAN-to-LAN'. In a 'client-to-LAN' case the client has a
special client VPN software that they run to communicate with the gateway, protecting
the receivers LAN. In case of 'LAN-to-LAN' connections security gateways at each end
point is the interface between the tunnel and the LAN. A security gateway is either a
VPN router or a firewall.
WAN hardware equipment consists of modem banks and multiple frame relay circuits
which can use any transport medium for transmission of data. There is a reduction of
equipment needed for a VPN when compared to a WAN. VPN hardware and software
setup and maintenance cost is also reduced and many companies now outsource VPN to
service providers.
VPN protocols
Internet uses the PPP-point-to-point protocol for remote access. VPN technology has
incorporated additional functionality into PPP creating different protocols like PPTP-
Point-to-point tunneling protocol,
L2TP-Layer-2 tunneling protocol and IPSec- IP security protocol. The diversity in VPN
protocols is to cater to different requirements. Some protocols cater to remote access
VPN connections from mobile users or branch offices that use a local ISP. Other
protocols cater to communication between 'LAN-to-LAN'. PPTP, L2TP and L2F-Layer
two forwarding have been developed for dial-up VPN's where as IPSec caters to 'LAN-
to-LAN' solutions
PPTP- Point-to-Point Tunneling Protocol

PPTP is one of VPN's first protocols built on PPP to provide remote access for VPN
solutions. PPTP encapsulates PPP packets using GRE-Generic routing Protocol. This had
been modified to give PPTP the flexibility of handling protocols other than IP like IPX-
Internet Packet Exchange, and NetBEUI- Network basic input/output system extended
user interface. PPTP uses authentication mechanisms within PPP, i.e. PAP-Password
Authentication Protocol. Various other authentication and security mechanism have been
developed by Microsoft and is utilized in its Operating System software.
L2F- Layer Two Forwarding Protocol

This was designed to tunnel data from corporate sites to their respective users. A protocol
primarily implemented in CISCO products, it differs from PPTP in a way that it does not
depend on IP. This could work on alternate media like frame relays or ATM-
Asynchronous transfer Mode. L2F accepts other authentication mechanisms and allows
tunnels to s upport more than one connection. L2F uses PPP for authentication of remote
user. The authentication is done twice, one at the ISP and the second at the gateway to the
connecting LAN. It is also a Layer-2 protocol and handles IPX and NetBEUI as well.
L2TP - Layer Two Tunneling Protocol

The best features of PPTP and L2F were combined to form L2TP. It exists in the second
layer (data link) of the OSI-Open Systems Interconnect model and so its name L2TP.
Approved by IETF L2TP transport is defined for packet media, Frame relay, ATM and
X.25 (Standard for packet switching networks defining layers 1, 2 and 3 of the OSI
model). It has its own tunneling protocol and uses PPP's PAP and other advanced
mechanisms for authentication. Its encryption method is based on that of IPSec.
Internet Protocol Security (IPSec)

IPSec is a complete VPN protocol solution. Existing in the third layer of the OSI model it
uses the IKE-Internet Key Exchange to exchange and manage cryptographic keys used in
a data encryption session. IPSec uses a number of encryption technologies to provide
confidentiality and data integrity. IPSec allows the sender to authenticate/encrypt or
authenticate and encrypt each IP packet. For this it uses two modes either of which can be
chosen dependent of situations of security and traffic.
• Transport mode for authentication and encryption of the transport segment of an

IP packet
• Tunnel mode authenticates and encrypts the whole IP packet.
IPSec's strong security measures are designed mainly for IP packets and cannot handle
multi-protocol non-IP network environments like NetBEUI or IPX.
VPN is a virtual environment and its advantage is that it is not dependent entirely on
physical setup for its organizational needs but on its logical setup. This is its boon and its
bane as well.
VPN - A secure Network

Though VPN is used as alternative to WAN because of the security that it provides.VPN
too has its own loopholes. As you can find lot of alert messages in the internet indicating
the pit falls of them. Though it enables information exchange between server and the
application complete security is not guarantee. Read on
The article covers
• Is VPN a secured network?

• Incidents that undermine security
• Networking security Overview
• Overview of VPN
Network Security, VPN or not, is a major concern. Security in a VPN is pre-eminent to

its usage as an alternative to WAN. Organizations think VPN is a secure network.
Contrary to this belief you find many reports or alerts on the internet that discloses loop
holes in a VPN. VPN is really a tunnel of information and protects information between
your application and the server. Complete end-to-end security is not a guarantee. System
patches, Antivirus software's with firewalls, additional encryption of data between user
application and server application and vigilance on the part of the administrator is
needed.
Incidents that undermine security
For any computer user there are innumerous attacks on his system. These may be a probe
or a scan. Possibilities are account compromise or root compromise when having
multiple users or a server user accounts. It can also be packet sniffing, denial of service,
exploitation of trust (phishing), malicious code, and Internet infrastructure attacks.
• A probe is an attempt to discover information about the system. It usually is

followed by a more serious security event.
• A scan is automated done by some software tools. Scans result in changing the
configuration of the systems. Once this is done a more specific attack can be
made as the machine is open to intruders.
• An account compromise is the unauthorized use of a user account. It can result in
data theft/loss. The account privileges determine the level of damage. A system
level privilege can cause more damage. In UNIX systems a root compromise is
when the intruder gets unlimited access to the system.
• Packet sniffer's are programs the captures information from packets as they travel
on the net. Depending on the information gained they can gain access to your
system and cause damage.
• You are using a service on a network. If your service is important then a denial of
service is to stop you from using your service by disruption in physical
connections, Manipulation of data in transit, or flooding the network so that the
service you use becomes limited.
• In a large network the many individual systems have to run common commands.
These systems therefore check a set of files with the other systems that are
permitted to use those commands. Attackers use this loop hole and forge identities
to appear as a system that can be trusted thus gaining unauthorized access.
• Malicious code is a program that has undesirable results. These are viruses,
Trojan horses and worms. These can lead to data loss, denial of service and other
types of security incidents
• Attacks on key systems that support the internet and its working hinder operation
of the internet.
Networking security Overview
The potential problems that can lead to a security problem in case of a client server setup
of an organizations is
• The Users System

The users system should have a virus protection and its operating system should
have all the updates and patches. Also necessary is the applications security and
their respective patches. (MS-outlook has been vulnerable before). Another major
factor is the amount of time a given system is actively connected to a network.
(Cable modems or Ethernet connections have been more vulnerable to port
scanner intruders where as dial-up users are less prone to virus infections or file
access related risks)
• The Intermediate Network
The ISP has to route data from a site or IP address to you and vice versa in case of
a two way communication. Your information can be intercepted and decrypted
information read by a DNS-(Domain Name System) Server if your packet is
routed through their system
• The Destination Network
The network that you are communicating with may not be secure. If this happens,
you cannot be assured of security to your system and privacy of your data.
• The Server
Server operating system and applications are constantly under threats of new
viruses, intrusions, and worms. Administrators are always checking for security
risks due to compromised usernames and passwords.
Vpn security Overview

The Users System
A VPN client is a secure path of communication between the client and the server.
Applications that need to communicate use the computers resources and do not
supplement it at all.
Antivirus, File sharing and Network Security are dependent on the operating system
software and the application software. Any intrusion or virus that has come past the
existing security system may cause the damage that it was intended to cause.
The intermediate Network

Vpn security is most beneficial in this segment. All communications VPN client to VPN
server is encrypted and encapsulated and the intermediate machines that route the packets
only can read the source and destination IP addresses.
Rate this Article
Excellent
Good
Average
Bad
Terrible
Current Rating
The Destination Network

Encrypted Data that reaches the server is decrypted and sent to the required destination
within the network. The protection of data by the VPN connection ends here and any
further protection of the data is the responsibility of the server and the LAN security
systems.
The Server
The end point-to-end point of communication is not a completely secure if at the
destination end the application does not receive the decrypted data. This happens when
the VPN server is not the same machine as the application server and then data has to be
sent to the application through the LAN which may not be secure. VPN split tunnel
security becomes important if the server handles both intranet and internet traffic.
Setting up a Secure VPN
Security at the endpoints is necessary and cannot be ignored. Antivirus software's with
Firewall and other intrusion detection systems are necessary. VPN's security deals mainly
in the transit of information from one end point to the other. In this scenario the major
technique that ensures safety is the VPN encryption technology and the VPN protocols
that are used. A new technology that is gaining popularity is SSL VPN, which is an
altogether a different type of VPN. It cannot be compared with other IP VPN protocols.
Encryption
Encryption of data and secure authentication is a way of providing security. Kerberos,

S/Key and DESlogin are some methods used in authentication. In encryption The various
methods used are
• RSA- (Ron Shamir Adleman), which is a popular method in public key

encryption and digital signatures.
• DES- (Data Encryption standard) is an official standard and forms the basis for
ATM's-(Automatic Teller Machines) PIN authentication.
• Blowfish is a symmetric block cipher and is gaining popularity as a strong
encryption algorithm.
• IDEA-(International Data Encryption Algorithm) is being implemented in
hardware chipsets making the algorithm even faster than the others.
• SEAL- (Software-optimized Encryption Algorithm) is a Stream-Cipher
(encryption is in continuous streams rather than blocks of data) and so is faster.
• RC4 is useful when a new key is chosen for each message
VPN Protocols
VPN creates a secure “ tunnel ” through the public network and protocols establish this
tunnel. Security could depend on a number of factors like Client-server systems, Level of
security, performance issues and network resources accessed.
PPTP
• PPTP uses the same types of authentication as PPP (PAP, SPAP, CHAP, MS-
CHAP, EAP).
• PPTP establishes the tunnel but does not provide encryption. It is used in
conjunction with the Microsoft Point-to-Point Encryption (MPPE) protocol to
create a secure VPN.
• PPTP client are available for Linux, Macintosh OS 9.x
• Firewall appliance and other enterprise level software including ISA Server,
Cisco PIX, SonicWall and some models of WatchGuard support PPTP
L2TP
• Authentication is the same as in PPP. It provides an extra level of security by

providing computer authentication also and can be used on non-IP networks such
as ATM, frame relay and X.25.
• L2TP requires the use of digital certificates. It uses IPSec's ESP-(Encapsulating
Security Payload) protocol to provide encryption
• The L2TP client is built into Windows 2000, XP and 2003. Service packs give
you the availability of client software for other operating systems.
• Firewall products and enterprise level software like ISA Server, CheckPoint,
Cisco PIX, and WatchGuard support L2TP.
IPSec
• Authentication involves IKE-(Internet Key Exchange) protocol with either digital

certificates or with a preshared key.
• IPSec protocol is more famously known for encryption in conjunction with the
L2TP tunneling protocol.
• IPSec support is included in Windows 2000/XP/2003 operating systems. Cisco,
CheckPoint and other Gateway vendors provide provide client software for IPSec-
based VPNs.
• VPN appliances that implement IPSec include Cisco's VPN Concentrators,
CISCO PIX firewalls, NetScreen, SonicWall, and WatchGuard appliances.
Enterprise level software firewalls like ISA Server, CheckPoint and Symantec
Enterprise Firewall also support IPSec VPNs.
Virtual private networking is often the best and the most cost effective way to provide
remote access to your company network. Know the protocols and their implementation to
make a decision. This affects both performance and security.
IPSec or SSL? The Battle Begins

IPSec refers to the internet protocol security. IPSec protocol provides security between
the VPN IPSec server and the VPN IPSec client at the IP networking layer. It also
provides security to the data that is transmitted over public insecure networks. Learn
more about SSL and advantages and disadvantages of IPsec VPN.
The article covers
• The layers of IP
• IPSec VPN
• Advantages of IPSec VPN
• Disadvantages of IPSec VPN
• All you need to know of SSL
Internet Protocol security is evolving and a discussion of IPSec or SSL should be relative
to the version of IP. IPv4 did not offer many secure features to IPSec VPN software when
compared to IPv6. Internet protocol operates on the TCP/IP model which can be
compared to the OSI model of 7 layers. A major difference it that of the transport layer of
TCP/IP, which does not always guaranteed reliable delivery of packets when compared to
that of OSI. The layers of IP are
5. Application: authentication, compression, and end user services

4. Transport: handles the flow of data between systems and provides access to the
network for applications via the BSD socket library
3. Network: packet routing
2. Link: Kernel OS/device driver interface to the network interface on the computer.
1. Physical Layer (cables and connectors)
All about IPSec VPN
IPSec protocol provides authentication, verification and encryption between the VPN
IPSec server and the VPN IPSec client at the IP networking layer. IPSec was developed
by the internet engineering task force for security at packet level so as to transmit data
over public insecure networks. IPsec VPN provides data authentication, integrity and
confidentially with AH- authentication header, ESP-Encapsulation security payload and
IKE-internet key exchange. IPSec VPN tunnel protects packets from being tampered or
retransmitted along the Ipsec VPN route. This is done through the concept of security
association (SA is a logical connection between two devices transferring data). Key
management protocols are not a part of IPSec. The services that IPSec is designed to
provide at the Network layer is Access control, Connectionless integrity, Origin
authentication, Replay protection, and Privacy/confidentiality. The quality of these
services depends upon the 'Security administrator'. Several different security technologies
to implement confidentiality, integrity, and authenticity are combined into IPSec.
• Public key cryptography to guarantee the identity of the two parties and avoid
intermediate attacks
• Encryption algorithms, such as DES,3DES for encrypting the data

• Packet authentication is provided by HMAC a Keyed hash algorithms in
conjunction with traditional hash algorithms such as MD5 or SHA.
• Digital certificates signed by a certificate authority to act as digital ID cards.
IPSec provides different types of protection and operates in different modes(transport

mode and tunnel mode). In the transport mode of IPSec operation, authentication is direct
between a client and a server workstation. This process is secure if the server/workstation
shares a 'protected secret key' authentication process. When AH is used in transport mode
the whole packet is authenticated, but confidentiality is not provided. In tunnel mode,
authentication is done via the corporate firewall. Based on the method used AH or ESP
the whole packet is either authenticated, encrypted or both.
Advantages of IPSec VPN
• Universally applicable as it can protect a mixture of applications protocols

running over a complex combination of media. . It can provide security and
communicate with different types of networks from around the world.
• Scalable as IPSec can be applied in networks of all sizes.
• Its security is in the Network Layer. IPSec's goal is to develop something with the
OS at Layer3 which means no changes are required to applications to provide
security for diverse range of protocols. Also it is not affected by lower level data
carrying protocols and higher level applications.
• IPSec is not limited to specific applications but is application independent.
Whatever be the application the data will traverse the network, routed by IP
making it IPSec compatible.
Disadvantages of IPSec VPN
• Encryption of small packets generates a large overhead. This diminishes network

performance.
• IPSec is complex. It has a great many features and options. Choosing and setting
an option is a bit difficult. Complexity also increases the probability of weakness
or loop holes being discovered.
• Firewalls are preconfigured rules and IPSec encrypts these rules in the packet
which defeats the purpose of a firewall. A solution for this could be firewall along
with an IPSec gateway.
• The security of IPSec is easily affected by weakness or vulnerability's in the
specific methods for key exchange, in hashing or encryption algorithms. The DES
encryption algorithm is now susceptible to brute-force attacks using readily
available software and hardware. Brute force attacks are methods to decrypt data
by simply trying every possible key value.
• An IPSec gateway system needs to be secure if this is compromised then No
system can be trusted if the underlying machine has been subverted.
• IPSec can't provide the same end-end security as it is not working between users
or applications but between machines.
IPSec must be combined with security measures like well configured firewalls, intrusion
detection systems, and many others. The future demands scalability and flexibility.
Compatibility with NAT from this protocol is an issue. Its weakness lies in using other
encryption methods. Inbuilt intrusion detection and prevention should be made possible.
Setting up a VPN: Do it yourself

Setting up a VPN is not a difficult task. You may already have the hardware and software
required. However it greatly depends upon what systems are involved in the end-to-end
connection, servers or clients. VPN Setup depends upon the amount of work carried out
in an organization. Interested in setting up a VPN? Keep reading.
The article covers
• VPN Setup
• VPN Software Setup
• Requirements for VPN setup
• Configuration of VPN setup
Remote users have been able to connect servers using a variety of applications like
outlook web access connection through the Exchange server. Wireless users connecting
over the internet are more susceptible to security problems. VPN in a wireless
environment provides the necessary security for wireless data transfer as the information
sent is encrypted. VPN technologies have brought about a secure logical connection
between two end points in a network. Setup for VPN may not require you to buy any
extra hardware device or software. You may already have the technology that makes it
possible to setup a VPN service. Sometimes you may just have to purchase a few
accessories like VPN routers.
Hardware VPN vendors vouch that their products are safer and the software VPN
vendors are not far behind. Whatever are the claims VPN is growing steadily and many
attempts at increasing it security and performance is making it a lucrative solution to
adapt. VPN solutions can either be hardware oriented or software oriented. The
difference is very basic. It depends upon where the protocols are executed in the
hardware device or on the computer system (where the operating system software of
VPN client-server software is used). SSL VPN is a relative new clientless VPN
technology that is come up as a challenge to IPSec VPN technology.
VPN Software Setup
VPN setup depends upon a number of factors like what systems are involved in the end-
to-end connection, servers or clients. Big corporations have a number of servers to
improve on performance in various tasks that are carried out. Implementation of VPN for
them will depend on the amount of work and the administrator's solution offered to them.
For client buy a software that the server is compatible with and setup VPN service. Some
operating systems already give you the ability for VPN and all you need to know is how
to setup VPN. Microsoft is a market leader and has monopoly over the market. It has
incorporated VPN requirements into its operating systems or has provided service packs
that could help you optimize your PC for VPN.
Requirements for VPN setup
In every setup you look at the requirements first and see whether it is possible to
implement it with the available resources. If not ask yourself, what are the additional
resources? For a windows based client-server system; the requirements would be a server
(running server software, example Windows 2003) and a client (running client software,
example Windows XP). For large corporations that have a secure network you would
require additional servers.
• A server is required to supports the infrastructure of your network. It will act as a

domain controller, DNS server, Certificate authority and DHCP-(Dynamic Host
Configuration Protocol) server. Most networks already have this and the next step
is setting up a certificate authority which is described in this article.
• A server that separately acts as your VPN server can prevent attacks or disruption
of services within the network. It is best to place a firewall in front of the VPN
server such that only VPN traffic is allowed into this server. The specific
hardware that this server needs is two network interface cards; one to connect to
the internet and the second to connect to the private corporate network.
• A server is needed to authenticate all the remote users attempting to access the
private corporate network. RADIUS- Remote Authentication Dial In User Service
is one mechanism, IAS-Internet Authentication Service is another mechanism that
comes with the Server operating system. In other cases you could purchase
additional software for authentication purpose. This is in case it does not come
with the operating system you purchased. Authentication is done by VPN
hardware products as well. These usually come bundled with software that does
the work.
Implement DHCP Services

If your network already has domain controller and DNS servers then you can configure
the domain for DHCP services. This is achieved from the control panel. Choose 'add
Windows components'.
• Networking services provide a list

• this list choose DHCP
• DHCP is installed go to the administrative tools
• ee for authorization within the DHCP console (right click on the server)
• Select the new scope (range of IP addresses) option to run the new scope wizard
(right click on the server's listing within the console).
• need to enter the IP address range you are using
• IP address of the router (Default Gateway)
• IP Address of the DHCP server needs to be entered
• Activate your scope option and you are finished with implementation of the
DHCP service
Rate this Article

Excellent
Good
Average
Bad
Terrible
Current Rating
Enterprise Certificate Authority

This is the most confidential part of the setup. Knowledge of this can give a person
access to the whole network and if the certificate authority server crashes then it can be
devastating. Achieve this operation with the following steps.
• Go to the certificate services of the windows component from the control panel
• A warning message telling you that you will not be able to rename the machine or
change its group membership after the certificates are installed will appear
• Click yes in the next window
• Choose 'Enterprise Root CA' as the certificate authority you want to install
• While entering the common name for certificate authority you must select a
validity period (1 or 2 years depending on your corporate security policy)
• The default period for a certificate to be valid is 5years
• Windows will generate the cryptographic keys and will ask you to give a location
for the certificate database
• Dependent on the performance and fault tolerance you can choose a different
location or just go ahead with the default location
• 'Restart the IIS services' to install the necessary components.
Internet Authentication Service- Installation and Configuration

Users who enter the corporate network through VPN connection need to be authenticated.
The internet authentication server is a member server in one of the domains. The
installation of this service is achieved by adding windows components. You can access
this from the control panel.
• For configuration of IAS you need to select this option from the administrative
tools
• Registering the IAS server in the active Directory is the first step
• For this right click on the Internet Authentication service(local) container
• Select 'register server I active directory'
• Complete the registration and right click on RADIUS client's container to enter
new RADIUS clients by giving the IP address or the DNS name of the client
machine
• Click next and you will be asked for a shared secret (the encryption key used by
RADIUS Server and the client
• Set the client vendor option to RADIUS standard to finish the configuration
process.
Remote Access Policy

To set up a remote access policy
• The remote access policies container is to be right clicked to get the new remote
access policy option
• Select 'Typical policy for a common scenario' option
• Enter 'VPN access' as the policy name and continue
• Select the VPN option and continue to apply policy to users or groups
• The next option will be the Authentication Methods screen on which select MS
CHAPV2
• The next screen will give you options of encryption, confirm the strongest
encryption option and finish configuring the remote access policy.
VPN server configuration
This it to configure the VPN server with the RADIUS server, DHCP server and the
Remote client
• Open the server's networks connection folder. Go to administrative tools, select

routing and remote access. Right click the VPN server console tree and launch
“Routing and Remote Access' by enabling it to open the server wizard. After
selection of Remote Access (Dial-up or VPN) mark the checkbox for VPN. This
shows you the connections to the internet via VPN. Enable the 'Security'
checkbox. Select 'automatically' and proceed to setup the server to work with a
RADIUS server by entering the IP Address of the RADIUS server and the shared
secret between the VPN server and the RADIUS server.
• Associate the VPN server with the DHCP server by navigating through the
console tree to the option 'IP routing - DHCP Relay Agent'. Right click on the
DHCP Relay Agent and select properties. Now enter the IP Address of the DHCP
server and click 'Add'.
• This is done by creating a special security group for any user who is accessing the
network over VPN connections. This is done when configuring VPN connections
VPN Client Configuration
If you have a Windows XP based client then configure it by opening Network and
Internet connections option from the control panel.
• Select create a connection to the Network at your work place' and next select the
VPN connection option.
• Give the name of company of any name to describe your connection.
• Next you will be asked for an external IP address. This IP address is the address
of the connection that is connected to the VPN server.
• Enter this and your VPN connection is ready.
• Test the connection once it is ready by connecting to the server.
• When you dial-up set the type of VPN to PPTP VPN.
• There are variations in the VPN client connection due to various encryption and
authentication technique. Only some have been outlined above.
VPN Hardware Setup
VPN routers are sold by many companies. Their set up is dependent on the product of the
respective company. In any case the required software and instructions of the setup are
provided along with the purchase. Many of these companies also offer service to setup
and configure your VPN connection.
VPN setup is a process that needs to be discussed with the Network administrator. Many
a time you are guided by the network administrator in the setup at your remote access
client network. VPN may be setup but always be on the safe side. Get a good antivirus
and install a good firewall to protect your computer from unwanted attacks.
Remote Access VPN

The remote pc is a way of accessing and taking over the operations of host Pc .If the
remote user has taken over the host pc, no one else can use it. Remote access service is
also something similar to Remote PC. It enables remote users to access LAN. Remote
access server can also be a part of VPN providing access to the users. Learn more about
VPN server and remote access.
The article covers
• Remote Access Service

• Procedure for a Remote Connection
• VPN Server and Remote Access
Remote PC is away of using a computer remotely. The remote PC dials the host PC and
takes over the operation of the host PC. No one else can use the host PC as long as the
remote user is using the host PC. There are various software's that enable and establish
connections like, Computer Associates-Control IT, NetOp, Symantec's (ex-Quartedeck)-
ProComm Plus, Symantec's-PC Anywhere and LapLink.
RAS- Remote Access Service is similar to remote PC. It allows remote users to
dial/connect to a LAN and utilize the LAN like any other local user. All of the major
operating systems offer some form of RAS service. Remote access is possible using a
dedicated line between a computer and the central Network. Dial up connections can be
very slow. ISDN is more secure and offers faster data transfer. ISDN and DSL-(Digital
subscriber lines) offer possibilities for a remote access. Remote access server is a
communication server to help remote access users connect to the network. It is dedicated
hardware RAS boxes with multiple lines for concurrent access of various remote users to
the LAN. Firewalls and routers are used to ensure security and forward the remote users
request to specific computers in the network. Wide Area Networks having dedicated lines
also allow secure remote connectivity for users. A remote access server can also be a part
of a virtual private network that provides remote access to users like a LAN does. The
difference being the data carrier is not leased lines but a public carrier like internet.
Remote Access VPN's can be simple using fundamental software and hardware or
complex requiring special hardware and software.
Remote Access Service
The basic needs to establish remote connection in a client server configuration is
• A host computer (server) at the central office which has an operating systems that
can establish and a run a remote Access service ( Windows NT or Server models,
Novell NetWare or Linux)
• Client computers that are configured to dial into the RAS server computer.
Modem is necessary.
• A connection and line for each incoming connection at the server is needed. It is
here that router and other hardware components are used.
• The server must be properly configured to accept the connections and provide
implementation of RAS.
Procedure for a Remote Connection
• The phone number of the Server connection must be known to remote users.
• The clients dial the RAS server which is preconfigured to receive request from the
particular client.
• Pass word authentication takes place and the RAS Server answers the call and
grants the clients access pertaining to the privilege they enjoy.
Remote Access VPN Server

Configuring a VPN remote access Server over a dial up network or over VPN
connections can be done in different ways.
• You can have multiple incoming lines with a hardware VPN router to manage the
incoming and outgoing traffic
• If volumes of traffic is not large than you can use a single broad band connection
and configure a VPN with NAT- Network address translation. This permits PC's
on the LAN to share the single connection to the internet and also provides more
security as only known remote users know the IP address of computers within the
network.
Rate this Article

Excellent
Good
Average
Bad
Terrible
Current Rating
The server needs to have a network interface card or network adaptor to help connect the
computers within the LAN and connect these individual users to the internet. Network
protocols must be installed and routing and remote access information is needed when
setting up the connections. Firewalls can be setup during setting up connections and other
firewalls can be turned off. Server roles for the VPN connections need to be set up.
Knowledge of DHCP-Dynamic Host configuration Protocol and RADIUS is needed to
configure your server. You can configure remote access VPN Server to be a part of the
active directory domain of the network with DNS and DHCP servers. Another setup is
for a VPN server with NAT. Depending on the hardware and architectural choices you
make you need to configure the VPN server to authenticate, encrypt and route data from
remote users to individual PC on the LAN. Setting up routing for the remote access
involves the following steps
• Setting up the VPN connection through the network interface card. Enabling the
security and firewalls.
• IP Address needed for the remote computers are generated and assigned.
• Name and Address Translation Services are configured. This process is automatic
and also configures the forward name resolution to the DNS Server on the
internet.
• Address Assignment Range displays the range of addresses that is defined for
assignment of any computer on the network that accesses the internet and is
defined by the network adaptor.
• Carefully review all the remote access policies to make sure that the users are
given the needed access and not more.
There are some additional task you may need to address like configuring static packet
filters, ports and services, log details for routing protocols, addition or removal of VPN
ports (PPTP or L2TP). For the server add certificate rules for encryption like Certification
authority or Public Key infrastructure. Remote user's security can also be improved by
enabling better authentication methods and higher levels of encryption.
Issues that Require Remote Access
The need to pass crucial information in enterprise network for successful implementation
of the ERP network made remote access necessary. Network layer connectivity solutions
The nature of remote access is continuously evolving and is a critical asset in strategic
objectives of ERP and CRM. Internet access alternatives are broadening to locations like
home, public kiosks, hotels and mobiles and include devices like laptops, smart phones,
PDA's etc. The major hassle in promoting and advancing remote access between diverse
end points was security and administrative efforts. VPN's seems to be the rapidly
evolving answer to WAN's and remote users. Enterprise application software's are also
evolving to cater to more complex, business critical, performance demands. Security
threats on the network is not limited but becoming more sophisticated and dangerous.
Many devices stand between the Internet and corporate VPNs to enhance security
features. Also available are many types of machines trying to access VPNs.
VPN vendors are adding many security features to the existing appliance making remote
access a more viable option for future enterprise solutions. IPSec is being installed on
handheld devices. Wireless remote access VPN is presently a solution for Wi-Fi security.
Mobile technologies with broadband capacity are changing the market scenario. EV-
DO,EDGE and WiMAX are being adopted by businesses. Mobility of users will increase
the issues of security of the mobile and the network (LAN or VPN ). Future enhancement
in these wireless technologies would be SSL access to corporate VPN.
Remote Access has been around for a long time. Its use was limited due to security
issues. With VPN and associated improvements in security remote access in enterprise
business and other business is set for a major boost.
Site to site VPN

The site to site VPN solutions provide security at the same time being affordable. It
provides broadband connection via internet. It also meets WAN requirements apart from
adding cheer to many businesses. There are various options available in this site to site
VPN .Are you interested in knowing more about site to site VPN? Read more.
The article covers
• Site to site VPN solutions

• Various options in VPN

• Products for Site to Site VPN
More and more enterprises are following a distributed business model. Branch offices
extend an enterprise's reach into key markets. Communication between the central office
and branch office is vital to applications that support the business. Security between
branch office, point of sales or remote locations and the central office is important. In the
past leased lines was a secure but a costly option. Virtual private networks create VPN
tunnels on the internet for the secure transportation of data. VPN technologies is a
cheaper alternative to dedicated leased lines WAN. Many technologies are invading the
market and making a choice is difficult. There options among VPN technology are varied
and differ based upon VPN hardware and VPN software.
Traditional site to site connections were between to intranets or two Local area networks.
These connections were leased, dedicated lines. These required constant management and
its deployment was difficult. Affordable site to site VPN solutions have brought about
secure broadband connections via the internet. The ubiquitous internet and VPN has
brought cheer to ERP, CRM and many other businesses. As alternatives to the WAN
infrastructure site to site VPN's does not change the private WAN requirements. It meets
WAN requirements like support of multiple protocols, high reliability and scalability at a
lesser cost.
Site to site VPN solutions
Security of a general purpose computer cannot be guaranteed now days. New viruses and
worms and malware spread via the internet. Many of those who use the internet are
unaware of the threats to which their system is exposed. Large corporations cannot put up
with these as they cause a huge loss to business. The options VPN's offer toward this
threat is based on software and hardware.
Software based VPN Firewall/Gateways

These systems have their inherent problems. They require a computer that has a faster
speed of processing. The processing of data for security and VPN applications is very
intensive and places demands on the computer which in turn slows down the network.
For any business it is therefore optimum to have another server only for VPN transaction.
The operating system is to be free from loopholes that crooks could manipulate to access
data. It is therefore necessary that you constantly update and download security patches
so that your network is not compromised. The server and its associated software's,
complexity and the management of the network are problematic issues for a business.
Hardware based Firewalls/VPN solution

These solutions exemplify security and also off-load the firewall and VPN processing
from the server/computer. The security appliance protects the network at the internet
gateway which is the VPN router and provides seamless local or remote management of
security and remote access services. These security appliances are application specific
integrated circuits which have powerful onboard processors handling the demands or
firewall and VPN processing.
Unified Threat Management Systems

These devices are Firewall/hardware based solutions that intergrate a host of other
functions like securing internet tunnels, filtering emails for spam and viruses, avoiding
mails that involve in phishing, blocks spyware, detects and prevents attacks against
specific applications that are vulnerable and filters URL's as well. The company that sells
these devices also sells gateway software to be run on a range of standard server
hardware. Add on cards can be fitted into the existing machine so increase speed and also
provide the additional security.
Intranet based Site to site VPN

Any business that has more than one remote location can used dedicated equipment that
provides encryption and authentication to establish a VPN between both the sites. The
branch office LAN can be connected to the central office LAN via the internet using a
VPN solution. This connection of the tow LAN's is called an intranet based site to stier
VPN.
Extranet based site to site VPN.

One or more companies with intranet based VPN's has a close cooperation with another
company in providing specialized service to customers or suppliers can build a virtual
private network that allows all of the companies to work in a shared environment over the
internet. This type of a VPN is an extranet based solution to business enhancement.
Continue to: Products for Site to Site VPN
Site to site VPN Products
The VPN solutions by companies are varied and cater to different aspects of the market.
Some solutions are software based others are hardware based; still others provide a
mixture of both software and hardware.
Rate this Article

Excellent
Good
Average
Bad
Terrible
Current Rating
VPN solutions are provided dependent on the platform and operating system of the
machine.
• Microsoft has brought out the ISA-Internet security and Acceleration server
software to cater to the growing needs of enterprises using the internet as a
medium of communication. The step by step set up and configuration of the ISA
server and the remote access to the ISA server is available on the Microsoft
website. Many other VPN consultants have online articles on the connection and
configuration process.
• Companies that offer specific products like hardware provide the necessary
support on their websites so that you can configure the software you have for
optimum security and performance.
• CISCO offers Cisco PIX 500 series security appliances (PIX 515E, PIX 525, and
PIX 535) and the Cisco ASA 5500 series security appliances (ASA 5510, ASA
5520, and ASA 5540) for VPN
• Firewall/VPN Appliances offered by Sonic wall use ICSA deep packet inspection
firewall and IPSec for encryption The many devices offered are PRO 5060, PRO
4100, PRO 4060, PRO 3060, PRO 2040, PRO 1260, TZ 170 SP Wireless, TZ 170
Wireless, TZ 170 SP, TZ 170, TZ 150 Wireless and TZ 150.
• AEP Systems delivers hardware security and acceleration solutions which include
SSL VPNs,high-security VPN encryptors and SSL acceleration hardware.These
are SureWare NEt, SureWare Keyper, and SureWare A-Gate. Netilla Networks,
Inc. is a leader in secure application access solutions along with AEP systems it
offers solutions for VPN. Its Security Platform-NSP suite is for SSL VPN
solutions, Netilla Secure Gateway Appliance (SGA) is for midsize business that
need SSL VPN solutions.
• SonicWALL site to site VPN along with Internet security appliances offer
traditional site-to-site connections to securely communicate with their multiple
locations.
Site to site VPN solutions can adopt any protocol for its security and authentication.
PPTP,L2TP,IPSec, SSL all differ in areas of implementation. The choice of VPN
network connection for intranet or extranet based site to site VPN's should not
compromise the security of the sister network.
Secure VoIP with SSL VPN

A lot has been said about the new SSL VoIP VPN Tunneling technology. Before, only
IPSec or Internet Protocol Security can be used to facilitate the secure connections
required by VPN and the line quality needed by VoIP. But with the development of the
Secure Socket Layer, VoIP VPN problems are solved.
It conveniently eliminates the problem of port blocking that is commonly encountered
with Point-to-Point Tunneling Protocol and Layer 2 Tunneling Protocol especially when
web proxies, NAT routers, and firewalls are used between the server and its clients. A
good example of this is the common Linksys VoIP VPN problems that are addressed by
SSL VPN.
What is VoIP?
VoIP stands for Voice over Internet Protocol. It is a relatively new technology that allows
a person to make phone calls using a high speed Internet connection. While some VoIP
services require people to call somebody availing of the same service, there are also other
VoIP service providers that allows an individual to call another person through his land-
based phone or mobile number locally, long distance, or internationally. There are VoIP
services that require the use of special phones while others will work with any regular
phone provided it is connected with service provided VoIP adapter.
What is VPN?
VPN is virtual private network. It allows for a private, secure, and steady connection
between a corporate network and its clients through the Internet. Because of this
technology, accessing your company network is made possible wherever you may be - at
home, traveling, or in an entirely different country. With VPN, corporate intranets are
expanded and all distant offices and branches can possibly connect to one main network.
What is SSL VPN?
SSL, or Secure Socket Layer, is the protocol used by E-commerce Internet sites. Because
it mainly handles secured transactions like credit card purchases and online banking, SSL
had proven itself in terms of data protection and integrity. And now, the SSL concept
integrated into a VPN connection is now being applied on VoIP. And it proves to be a
good alternative to the traditional IPSec solutions.
How Does SSL VPN Help VoIP?
SSL VPN improves call quality.

A recent independent study was conducted and results shows that adding an SSL VPN
connection to a VoIP phone call using a stable broadband network can actually make
voice transmission a lot better. SSL VPN gives VoIP a good structure. A broadband
connection can be as fast as 1GB. A VoIP connection, on the other hand, needs merely
64kpbs speed. Because of the big difference, the Transmission Control Protocol or TCP
was able to fix all impairments in the connection without sacrificing voice quality. SSL
VoIP VPN tunneling has enhanced the quality of voice calls compared to using its
traditional counterpart. Using a VoIP router VPN supporting SSL certainly makes
telephone conversations better.
SSL VPN protects VoIP calls.

Without the use of a SSL VPN network, VoIP calls travel unencrypted. And this could
pose to be a problem when there are sensitive data to be transferred over the phone line
through the Internet. While some conversations can go unencrypted, SSL VPN solves the
problem associated with corporate networks requiring secure lines for their online
meetings and
Advantages Of SSL VPN For VoIP

1. >Improved overall performance.
The use of VPN for VoIP improves the overall performance of a VoIP
connection. As said earlier, it improves voice quality and makes the connection
secure. Additionally, SSL VPN provides a 10-millisecond latency to the
connection, which makes the whole setup ideal for real-time applications.
2. Lower Maintenance Costs.

IpSec is much harder to maintain than the new SSL VPN tunnel. Plus, it is
generally easier to maintain because clients need not worry about port blocking
whenever they need to reinstall their software, change modems and routers or
even their computer systems. Cisco VPN VoIP troubleshooting is fairly easy to
follow, especially for technical experts.
3. Easy setup.
Since SSL VPN uses the same protocol as the Internet does, there's really no need
to install or even understand highly technical programs and principles. And now,
big software companies such as Microsoft are working to integrate a Secure
Socket Tunneling Protocol into the soon to the newer operating system versions.
4. Anywhere access.
With VoIP VPN wireless security, anybody now has the ability to make secure
VoIP phone calls and net meetings anywhere that has an Internet connection.
VPN makes VoIP very portable and very valuable.
Disadvantages of Using SSL VPN
1. Client / Server applications are not supported.

Because SSL VPN works mainly over the Internet, the only applications
supported are Web-based applications. Problems are going to arise if corporate
servers rely on legacy applications such as Oracle or SAP, which consequently
don't have the ability work in an Internet environment. And this is especially felt
if the company is using hosted VPN VoIP connections.
2. Slower connection time.
One of the complaints of SSL VPN clients is that they find it longer to connect
through VoIP compared to using IPSec. This is partly due to the security clearing
the server performs when a client requests access. But then again, once the
connection is authenticated, the connection picks up, gets faster and become
stable.
SSL VoIP VPN tunneling is definitely worth trying. If you are company experiencing
VoIP VPN problems, maybe it is high time to switch to this newer technology. It pays to
be ahead with the times!
VPN Ports: Your Entry and Exit

The network port refers to the number assigned to each message. The standard network
portals like TCP, IP, UDP usually attaches port number to the data it sends. The type of
service provided is based on this port number. This assignment is usually based on logic.
Learn more about hardware and software VPN ports. Simply read on.
The article covers
• Software ports
• IP Addresses
• VPN ports and Hardware Ports
Software ports
The network port is usually number and standard network protocols like TCP, IP, UDP
attaches a port number to the data it sends. A port number is to be assigned to each
message according to the TCP layer requirements. This port (logical reference) number
determines the type of service provided. This software network port (address in the form
of a number) is assigned to a service for communicating between a program and another
program/communication system. This naming system is logical and pertains to the
services that carry on long term conversation. A list that specifies the port used by the
server process is known as its contact port. A service contact port is defined to provide
specific service to unknown callers. These software network ports also connect internal
programs on the same computer. Numbers from 0 to 1023 are used to identify a network
service on the internet (Internet Protocol). Each IP packet contains a TCP or UDP header
which directs applications to the appropriate application in the server. Reserved port
numbers and unassigned numbers can be used by application programs.
The Internet Assigned Numbers Authority (IANA) registers ports 1024 to 49151 for the
convenience of internet continuity. Port numbers from 49151 to 65535 are called
dynamic ports and are private. You could look up IANA for more details on assigned port
numbers. The most well-known port is 80, which identifies HTTP traffic for a Web
server. The Well Known Ports are assigned by the IANA and on most systems can only
be used by system (or root) processes or by programs executed by privileged users. Port
numbers are straight unsigned integer values which range up to a value of 65535. Below
is a list of well known ports and their services.
Port Service
20,21 FTP (File transfer)
22 SSH (Remote login secure)
25 SMTP (Internet mail)
53 DNS (Host naming)
80 HTTP (Web)
88 Kerberos (computer authentication protocol)
110 POP3 (Client access)
119 NNTP (Usenet newsgroups)
123 NTP (Network time)
137-139 NetBIOS (DOS/Windows naming)

143 IMAP (Client access)
161,162 SNMP (Network management)
163,164 CMIP (Network management)
443 HTTPS (Web secure)
514 Syslog (Event logging)
563 NNTPS (Usenet newsgroups secure)
IMAP4 over SSL, Internet Message Access
993/tcp
Protocol
995/tcp POP3 over SSL, Post Office Protocol
989,990 FTPS (File transfer secure)
1723 Virtual private network (VPN)
IP Addresses
TCP/IP stands for Transmission Control Protocol and IP for Internet Protocol. These
protocols are responsible for transporting and managing the data across the network. The
IPv4 requires a 4 byte address to be assigned to each network interface card that exists on
all the computers in the network where as the Ipv6 assigns a 6 byte address. IP Addresses
works almost like a house address without which determining where data packets go
would be impossible. This assignment of address can be done automatically by network
software's such as the DHCP which is the dynamic host configuration protocol or by
manually entering static addresses into the computer. The part of the IP address that
defines the network is the network ID, and the latter part of the IP address defining the
host address is the host ID.
Using this port and addressing scheme, the networking system can pass data, addressing
information, and type of service information through the hardware, from one computer to
another.
VPN Ports
As every program on the computer is given a port number so too services that connect to
the internet are given port numbers. These port numbers for the various VPN services are
dependent on the software and the protocols that are being used.
Rate this Article

Excellent
Good
Average
Bad
Terrible
Current Rating
• PPTP encapsulates packets using GRE- Generic routing protocol which uses IP
port 47, The IANA list 1723 as the port for VPN. A common mistake in
configuring firewalls for use with PPTP is to open port 1723 and close IP port 47.
This allows connections to be established but denies the actual data from passing
through the tunnel to the machine. Some software utilities verify if both the ports
are open for GRE in PPTP to be used.
• L2TP protocol is assigned 115 as its port number.
• IPSec VPN ports assignments for uses of Encapsulation Security payload
(protocol 50) and Authentication Header (protocol 51). Port 88 for Kerberos
authentication in TCP/UDP and port 500 for Internet Security Association and
Key Management Protocol in TCP/UDP.
• SSL VPN for secure HTTP application uses port 443.
• MPLS-in IP uses port 137
• For the systems that use VPN hardware normally port 500,4500,10000 &smp
10001 are used. One for outgoing traffic and the other for incoming traffic.
Hardware ports
Hardware ports are an entirely different concept compared to software based network
ports. In computer hardware terminology a port is a hardware connection through which
the computer communicates with external devices. These are an electrically wired outlet
into which and external devices are plugged. These ports come in different shapes and
sizes. They connectors we use are called male and female connectors and have standards
for its properties and functions. A keyboard is connected to a keyboard port; a printer is
connected to the printer port and so on. Plug and play devices are connected to the
Universal Serial Bus- USB port. Ports are basically divided into two groups' serial ports
and parallel ports. A serial port sends and receives only one bit of data at a time where as
parallel ports sends and receives multiple bits over a group of wires.
All processors use assembly instructions to access the ports on the mother board or any
add on boards. The methods for mapping these ports are either hardware I/O or memory-
mapped I/O. The hardware I/O is a concept where separate numbers are given to the ports
and the devices they connect to. Intel processors generally send one byte of
instruction/data to the port which is used to gain access to the resources of the processor.
In memory-mapped I/O there is not separate numbering for the ports but they are
accessed by the processor as if it were another part of the memory of the computer. The
number of devices that can be attached to a computer can be increased by various add on
cards. These cards use the various bus interfaces available on the motherboard to increase
the number of devices attached to a computer. One such card is the Peripheral
Component Interconnect-PCI card. A technology to combine hardware ports into a single
group to enhance bandwidth and fault tolerance is known as hardware port trunking. This
is similar to software port trunking that combines two agents which may be websites or
channels.
In the many hardware devices in the VPN market if we hear of number of ports being
many these are referring to the number of simultaneous hardware connections that can be
made. This enhances the speed and performance of the system especially those of huge
enterprises that want video conferencing and voice over the VPN.
VPN ports for network setting is a bit complex when you have no knowledge of the
protocols, the encryption and authentication techniques they use. Some software's allow
you to configure them properly sometimes you may not be able to configure them
properly, for example Microsoft VPN port. When VPN hardware is used for a client the
process is easy like that for a Cisco VPN port. For a LAN and huge networks the
administrator then has to set privileges and configure the firewall as well. This process is
necessary for proper security.
VPN Router: A wise choice for Enterprises

Router is a computer that has minimum of at least two network interface cards that
supports the internet protocol. It decides on how to forward IP packets and connects the
network to the internet and various networks. Software for router functions can be added
to a server. Read more about VPN router.
The article covers
• Router
• Various routing protocols
• VPN Router
Router
A network communicates or sends information in the form of packets. Router is usually a

device/computer with at least two network interface cards support the Internet protocol. It
looks at the IP packets and decides how to forward it. Routers operate at the network
layer of the OSI reference model and connect networks or connect the network to the
internet. A router receives packets from an interface card and reads the address on the IP
packet and forwards it to an appropriate output network interface. Before sending the
packet the link protocol header is replaced by the router. The packets are forwarded
depending on the packets IP destination address and routing information. A routing table
specifies network IP addresses that are known with appropriate network interface to be
used for a packet to reach the destination. In case of LAN's routers; they decide whether
the packet is for a local computer or for the internet depending on the Address (IP
Address or subnet address)
• Within a LAN network routers separate local area networks into sub networks and
balance traffic between workgroups as well filter traffic for security purposes.
Many times they are used at the edge of the network to connect to remote offices
or to connect to an ISP.
• For Enterprise networks these serve as a connector of all internal networks via the
Ethernet. These also connect to the outside network via T3, ATM, Cable modem
or other links. There fore they act as a major switching point for all packets within
the network as well as outside.
Even if the network architecture (token ring or Ethernet) differs routers can connect them.
However routers cannot transform information from one data format to another (TCP/IP
to IPX/SPX). If the routing table does not indicate proper address of a packet then the
packet is discarded. If a routers is configured manually and the information in the router
table is fixed then it is called a static router. If the routing tables are automatically
decided (routers exchange routing tables) depending on algorithms then it is a dynamic
router. Distance Vector algorithm is based on hop count of satellites, and periodically
broadcast routing tables to other routers. Link state algorithm is another algorithm with
broadcast routing tables at only at the start up. Multi protocol routers support more than
one protocol. The various routing protocols are
• IS-IS, -Intermediate system to intermediate system

• IPX - Internet Packet Exchange
• NLSP - Netware Link Services protocol
• RIP - Routing information protocol
Software for VPN router functions or normal router functions can be added to a server or
a specialized computer is optimized for communication. Routers in older Novell
terminology were called 'network layer bridges'; they are also called gateways.

Basics of Networking: Computer Network Design

Uploaded by

Copyright:

Available Formats

You might also like

Basics of Networking: Computer Network Design

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Basics of Networking: Computer Network Design

Uploaded by

Copyright:

Available Formats

ComputerNetworkingNotes.

Linking of two or more computing devices to share resources is networking. Both

Computer Network Design

Network basics in Computer networks deal with different designs.

Computer Hardware Required to Setup a Network

List of basic network hardware

• Network interface Card (NIC), is an add-on-card, to enable a desktop computer or

Introduction to Internet Protocols

Rate this Article

Application Layer (Layer 5)

• BGP-Border Gateway Protocol Version4

• POP3 - Post Office Protocol version 3

Transport Layer (Layer 4)

• Mobile IP - Mobile IP Protocol

Network Layer (Layer 3)

• DHCP - Dynamic Host Configuration Protocol

• RIPng for IPv6 - Routing Information Protocol for IPv6

Data Link Layer (Layer 2)

• ARP - Address Resolution Protocol

Physical Layer (Layer 1)

TCP/IP is actually a suite of protocols and the major ones are

• Address Resolution Protocol (ARP)

• Simple Mail Transport Protocol (SMTP)

The IP Packet format is given below

Intranets and Extranets

Private Networks share part of an organization's information or operation with its

Intranets are commonly owned by communications, HR or CIO area of large

purchaser. Firewalls, server management, authentication, encryption, digital certificates

VPN - The Inside Story

• 1.5 GB (Giga Byte) of available space on hard disk

VPN and its working

• Data encryption at the sending end

Setup of a remote access VPN

Setup of Site to Site VPN

• Configure VPN on the Answering Router

WAN Going the VPN way

• ERP's business needs

• Inventory control, resource planning, customer service departments

• Internet Access to account information

Applications Requiring Secure Communications

• B2B-Business-to-business applications with customers, suppliers and partners

IP VPN- (Internet Protocol Virtual Private Network)

Other problems that occur with networks are

MPLS_IP_VPN- (Multi protocol Label switching-Internet Protocol- Virtual

SSL VPN- (Secure Socket Layer Virtual Private Network)

VPN - The way to go!

The article covers

• The technology to ensure security on the internet

• Authentication: Data originating from the source that it claims.

PPTP- Point-to-Point Tunneling Protocol

L2F- Layer Two Forwarding Protocol

L2TP - Layer Two Tunneling Protocol

Internet Protocol Security (IPSec)

• Transport mode for authentication and encryption of the transport segment of an

VPN - A secure Network

• Is VPN a secured network?

Network Security, VPN or not, is a major concern. Security in a VPN is pre-eminent to

Incidents that undermine security