Professional Documents
Culture Documents
VPN, 2
VPN, 2
VPN, 2
Fundamentally, a VPN is a set of tools which allow networks at different locations to be securely connected, using a public network as the transport layer.
VPNs are most commonly used today for telecommuting and linking branch offices via secure WANs.
Separate private networking solutions are expensive and cannot be updated quickly to adapt to changes in business requirements. The Internet is inexpensive but does not by itself ensure privacy. Connect two sites. Allow remote access by individual users.
VPNs must be authenticated No one outside the VPN can alter the VPN All parties to the VPN must agree on the security properties
-Usually used with serial connections. - Provides IP connection between two points. -Establishes IP address at both ends of connection
`
The solution must identify the users identity and only allow access to authorized users. The user account can be a local account on the VPN server or, in most cases, a domain account granted appropriate dial-in permissions. The default policy for remote access is Allowed access if dial-in permission is enabled.
limiting unauthorized users from accessing the network. Authentication validates that the data was sent from the sender. Confidentiality preventing the data to be read or copied as the data is being transported. Data Integrity ensuring that the data has not been altered
` `
Data sent and received over the Internet must be encrypted for privacy. PPTP and L2TP use PPP-based data encryption methods Optionally you can use Microsoft Point-to-Point Encryption (MPPE), based on the RSA RCA algorithm Microsoft Implementation of the L2TP protocol uses IPSec encryption to protect the data stream form the client to the tunnel server.
A VPN must protect against passive and active attacks. A passive attacker has no ability to interrupt or modify the data channel between two parties. Encryption is effective at defeating passive attacks.
An active attacker has the ability to insert himself into the communication channel and add, modify, or delete data packets between both parties to the channel.
For this reason, such attacks are commonly referred to as Man-in-the-middle attacks.
- Eliminating the need for expensive longdistance leased lines. -Reducing the long-distance telephone charges for remote access. -Flexibility of growth -Efficiency with broadband technology
VPNs require an in-depth understanding of public network security issues and proper deployment of precautions Availability and performance depends on factors largely outside of their control Immature standards VPNs need to accommodate protocols other than IP and existing internal network technology
Healthcare: enables the transferring of confidential patient information within the medical facilities & health care provider Manufacturing: allow suppliers to view inventory & allow clients to purchase online safely Retail: able to securely transfer sales data or customer info between stores & the headquarters Banking/Financial: enables account information to be transferred safely within departments & branches General Business communication between remote employees can be securely exchanged