|
What is a VPN?
A vpn is defined as an infrastructure
that enables a company or organisation to deliver ip communications
from source to destination across public and private networks,
secure in the knowledge that only
those who are entitled to have access to the information do
so and that it arrives at the destination in the time frame
required.
This can encompass
both data and voice communications enabling companies to benefit
from their investment in technology. In the context of ipFireGuard
this is primarily for data communications between branch or
remote office locations enabling a WAN (wide area network)
over a public routed network, the internet.
Concept
of ipFireGuard VPN
Traditionally inter office/branch networks were for the larger
enterprise and involved expensive leased lines from a specialist
suppliers like BT or other tele-communications company.
The concept
of a VPN is very simple. It is a protected communication
channel over an unprotected public thoroughfare. It is analogous
to an armored vehicle traveling over public roads. At the
top-level, a VPN consists of a small number of components,
illustrated below:
In this diagram, there are two private
intranets connected via the VPN. The VPN is created by the
two VPN Gateways over the public Internet.
A VPN works by
encapsulating data for one network inside of an ordinary IP
packet and transporting that packet to another network. When
the packet arrives at the destination network, it is unwrapped
and delivered to the appropriate host on the destination network.
By encapsulating the data using cryptographic techniques,
the data is protected from tampering and snooping while it
is transported over the public network.
Unfortunately,
this same protection against tampering makes it difficult
to set up a VPN when the security perimeter is protected by
an address translation firewall such as ipFireGuard.
The solution is to implement the VPN on the firewall and allow
it to straddle both sides so that it can capture packets from
the green network and pass them, encapsulated, over the Internet
without being tampered with by the address translation part
of the firewall.
The VPN implementation
used by ipFireGuard
is an IPSec standard VPN and is suitable for the small to
medium company/enterprise wishing to connect a number of branch
offices or locations.
Encryption
It is a very simple manually keyed system. This works well
in small scale installations requiring an amount of discipline
to manually change keys on a regular basis to ensure security
of passed data is maintained.
Data is encrypted at originating vpn
and transported to its corresponding remote vpn connection
where it is de-crypted and delivered to the user.
As it is currently
implemented, the ipFireGuard
VPN environment is not suited for large-scale or road warrior
use. It requires some changes in order to handle medium or
large-scale VPN configurations as well as road warrior support.
However, these
do not stop the ipFireGuard
environment from being useful for small-scale VPN deployments
between regional offices over cable, xdsl or
indeed leased lines.
Benefits
- Secure communication between 1 or
more remote sites
- Improved business efficiency
- Higher ROI (return on investment)
by using existing technology
- Lower fixed cost of inter-office
communications
- Improved bottom line
|
