Computerworld - A virtual private network (VPN) is a network connection that has the appearance and many of the advantages of a dedicated link but is in fact implemented over a shared network. Using a technique called tunneling, data packets are transmitted across a public routed network such as the Internet. Generally, the private network data and protocol information are carried inside a wrapper so that along the way, they look like data to the routers, which remain unaware that the transmission is part of a private network. Only when the transmission reaches its destination is it unwrapped and sent to its intended recipient. This private "tunnel" simulates a point-to-point connection, and it allows network traffic from many sources to travel via separate tunnels across the same infrastructure.
Tunneling can be initiated by a variety of network devices and software, such as an end user's laptop equipped with an analog PC modem card and VPN-enabled dial-up software. (Basic tunneling and security capabilities have been bundled into Windows since the release of Windows 95.)
Tunnels can also be started by a VPN-enabled extranet router on an enterprise branch or home office LAN, or by a VPN-enabled access concentrator at a network service provider's point of presence. A tunnel is ended by a tunnel terminator or switch on an enterprise network, or by a VPN gateway on a network service provider's network extranet router.
In addition, there are usually one or more security servers. Along with their conventional functions as firewalls and address translators, VPNs can provide for data encryption, authentication and authorization. Tunneling devices perform these functions by communicating with security servers. Such servers also usually provide information on bandwidth, tunnel end points and, in some cases, network policy information and service levels.
VPNs for Remote Office Security
Remote offices use a site-to-site VPN as an alternative to leased lines and frame relay. Internet access, including Digital Subscriber Line and cable modem broadband connections, is significantly less expensive than private lines. IPsec-enabled routers allow small branch offices to form a secured wide-area network with the corporate office. The corporate VPN gateway must be capable of remotely managing these branches.
See additional Computerworld QuickStudies
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
