VPN in the spotlight of IT- Security
Basic description of the domain
In today’s world in what is known as the information age, where everyone is sending data through a computer based network like the World Wide Web and hacker attacks are trained as a sport, the ability to protect sensible data is necessary.
The World Wide Web is an open, unsecured Network. That means unencrypted data can be read along by nearly every one.
VPN means Virtual Private Network and is used to make your data transfer more secure. A virtual private network is a computer- based network to transport private data through a public network like the Internet. (cp. Wikipedia1 2006) VPN uses the tunnelling technology which provides end to end, end to side and side to side connections.
In general use you have a secured tunnel but also an unsecured tunnel is a virtual private network. (cp. Wikipedia1 2006)
At first we like to give you a short historical overview we have to start with the company BBN Technologies. The name BBN stands for the names of the three founders: Bolt, Beranek and Newman. This company built up the first secure connection to exchange data using an unsecured network. This was in 1973 when BBN developed the Private Line Interface (PLI) to encrypt messages over the ARPANET. This was a demonstration of the first secure traffic sent over a packet switch network. (cp. BBN 2006)
The first effort to develop a standard for secure networking was the IP Security Protocol (IPsec). The first version of this protocol was developed in 1995. At the same time the Secure Socket Layer was developed by Netscape to build up a secure connection between server and client. The Secure Socket Layer is based on Layer 5/6 of the OSI- reference model which you can find below.
(cp. Wikipedia2 2006)
Secure VPNs use cryptographic tunneling protocols to provide the necessary confidentiality (preventing snooping), sender authentication (preventing identity spoofing), and message integrity (preventing message alteration) to achieve the privacy intended. If properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks.
There are different types of virtual private networks based on different protocols.
The Layer 2 VPNs, which use the point to point tunnelling protocol (PPTP) are point to point methods and establish connectivity between the two sides over a virtual connection. One advantage of layer 2 VPNs is the independence of the layer 3 traffic payload. So a layer 2 VPN can carry many different types of layer 3 traffic such as IP, IPX, AppleTalk, IP Multicast and so on.(Glaser website3 2006)
Layer 3 VPNs which are based on the IP security Protocol (IPsec) also provide a connection between the sides. The delivery header is at layer 3 of the OSI- Reference model. Till nowadays IPsec provides only the encryption of IP packets, and does not provide multicasts. (Glaser website3 2006)
Layer 5/6 VPNs (SSL VPN) use the application- Layer 5/6. SSL was developed to authenticate the server and exchange sensible data over an encrypted channel, for example in the use of home- banking.
Today SSL / TSL are used to build up a VPN- tunnel.
Here you have to differentiate between two application areas:
– Web based application à the end of the tunnel is the Web server
– Java / ActiveX based application à applet emulates the VPN Client
(Glaser website2 2006)
VPNs are in use by many companies to reduce costs by communicating over a public network. The following graphic shows some applications in practise.
VPN is used to build up a connection between a remote computer and a company intranet. Also Business Partners and other Intranets can get access over a VPN to the corporate intranet. This graphic shows that you can connect single computers with entire networks.
In the next animated GIF- File you can see in general how a single computer is building up a connection to a single computer in the company’s intranet.
Click on the graphic to follow the link and see the animated gif.
(Glaser website1 2006)