Page 164 - DCAP516_COMPUTER_SECURITY
P. 164
Computer Security
Notes
Did u know? TCP /IP supports up to 64,000 virtual ports so many hosts can easily share the
single external IP address. This is sometimes called Proxy Address Translation or Port
Address Translation.
13.2.6 Virtual Private Networking (VPN)
VPN is the short form for Virtual Private Network. A Virtual Private Network (VPN) is a
network that uses a public telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their organization’s network.
A virtual private network can be contrasted with an expensive system of owned or leased lines
that can only be used by one organization. The goal of a VPN is to provide the organization with
the same capabilities, but at a much lower cost.
A VPN works by using the shared public infrastructure while maintaining privacy through
security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP).
In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving
end, send the data through a “tunnel” that cannot be “entered” by data that is not properly
encrypted.
An additional level of security involves encrypting not only the data, but also the originating
and receiving network addresses. It is a communications network tunneled through another
network, and dedicated for a specific network.
One common application is secure communications through the public Internet, but a VPN need
not have explicit security features, such as authentication or content encryption. VPNs, for
example, can be used to separate the traffic of different user communities over an underlying
network with strong security features.
A VPN may have best-effort performance, or may have a defined Service Level Agreement
(SLA) between the VPN customer and the VPN service provider. Generally, a VPN has a topology
more complex than point-to-point. The distinguishing characteristic of VPNs are not security or
performance, but that they overlay other network(s) to provide a certain functionality that is
meaningful to a user community.
Figure 13.2: Diagram of a VPN Connection
It is a network that is constructed by using public wires to connect nodes. For example, there are
a number of systems that enable you to create networks using the Internet as the medium for
transporting data. These systems use encryption and other security mechanisms to ensure that
only authorized users can access the network and that the data cannot be intercepted.
VPNs provide a more active form of security by either encrypting or encapsulating data for
transmission through an unsecured network. These two types of security – encryption and
encapsulation – form the foundation of virtual private networking.
158 LOVELY PROFESSIONAL UNIVERSITY
