This study paper examines Virtual Private Networks, one of the major technological issues in networking and telecommunication (VPN). The paper analyzes the development of virtual private networks, the standards it employs, the kinds of data used, and the main manufacturers of VPN technology. Following the historical study, the paper addresses the advantages VPN technology offers to companies who use it. The system requirements, including transmission techniques, LAN infrastructure, encryption, and other factors, are presented in general. Also provided are the management implications and considerations as well as the security implications of the technology. Finally, to try and provide a deeper understanding of the technology, I will use the organization I work in and analyze how they have implemented the technology and finally give several recommendations that the organization should consider in the future while implementing VPN.
VIRTUAL PRIVATE NETWORK IN NETWORKING AND TELECOMMUNICATION.
A VPN or a Virtual Private Network can be simply described as a discrete network. Being discrete means that they allow for both virtualization and privacy. It can also be defined as a restricted conversion between a set of sites, making use of a backbone that is shared with other network that does not belong to that communication. (Maeda, 2004) .
HISTORICAL ANALYSIS
The historical analysis of VPNs can be done in four major subtopics. These are; evolution, standards used, types of data utilized and finally the major suppliers of the technology.
Evolution
Back in 1996, Gurdeep Singh-Pall while working for Microsoft invented a protocol called Point-to-Point Tunneling Protocol (PPTP), which was a way to enable the implementation of Virtual Private Networks. The main reason why Singh-Pall came up with PPTP was to allow users to access secure internet connections. It meant that users could access internet connections from the comfort of their homes securely. Different types of VPN technology have emerged over the years.
Standards used in VPNs
The International Telecommunication Union – Telecommunication Standardization Sector (ITU-T) and the Internet Engineering Task Force (IETF) were the first organization to see the need for standardization of VPN technologies. (Maeda, 2004). IETF came up with Internet Protocol Security (IPsec) standard suite. This is a standard suite of protocols responsible for providing data authentication, integrity, and confidentiality during data transfer from one communication point to the next. It provides security at the IP packet level. This standard emerged as a result of businesses’ desire to securely send data over the network. (Carmouche, 2007). The other common standard is the Internet Key Exchange (IKE) standard. This standard ensures that the two sides involved in communication produce the same symmetrical core. This key is responsible for the encryption and decryption of regular packets used in the bulk transfer of data. It’s responsible for tunneling in VPNs that enables authentication.
Types of Data Protocols Utilized
There are two types of VPN utilized in data transfer. They are Remote Access VPN and Site-to-Site VPN. This type allows for users to remotely access a private network send data or receive data and other services. On the other hand, site-to-site VPN also called Router-to-Router VPN, creates a virtual bridge between networks found in offices belonging to one organization but are geographically distant.
The two different types of VPNs use different security protocols. Examples of these protocols are Internet Security Protocol (IPsec), Layer 2 Tunneling Protocol (L2TP), Secure Sockets Layer and Transport Layer Security (TLS), OpenVPN and Secure Shell (SSH). IPsec secures an internet connection across an IP network while L2TP is a tunneling protocol that combines with another protocol such IPsec to create a highly secure VPN. PPTP apart from tunneling encapsulates data packets in a VPN. SSL and TLS create a VPN connection where we have browser acting as the client, and instead of the user being restricted to the entire network, they are restricted from accessing certain applications. OpenVPN assists in creating point-to-point and site-to-site connections. Finally, SSH is responsible for creating the VPN tunnel through which data transfer occurs.
The Suppliers of VPN Technology.
Different organization supply different aspects of technology. For example, IETF is responsible for providing the IPsec standard protocol suite as mentioned above. Companies such as Cisco develop hardware products such as routers that enable the creation of VPNs. They also develop accompanying software. Another company involved in both coming up with standards and software to run VPNs is Microsoft. Some of the most common VPN service providers include Private Internet Access, TorGuard, IPVanish VPN and CyberGhost VPN.
THE BENEFITS OF VPN TECHNOLOGIES TO BUSINESSES.
The first benefit business experience as a result of using VPN is enhanced security. The internet is an open or public network. The result of this is an insecure environment that is not trustworthy to transact business operations. A VPN helps overcome this limitation through various means such as encryption, tunneling, access control, user authentication and much more. (Sirisukha, 2003).
The next benefit that VPNs offer businesses is better performance control. The fact that they are private means that they can be managed. Performance control is done through service level agreements which enable them to be deployed with a clear distinction between the traffic classes.
VPNs also offer service flexibility to businesses; this is because unlike, dedicated networks that are physically defined meaning they have fixed capacity and are found at fixed locations, VPNs are more flexible because only software parameters need to be changed to reconfigure a network. (Sirisukha, 2003).
Ease of application and service integration is the next benefit provided by VPNs to businesses. VPNs are standard based, implying that one network set up following VPN standards should be able to connect with another network designed following the same VPN standards.
SYSTEM REQUIREMENTS TO RUN VPNs
Under this section am going to give a brief overview of the system requirements required for Virtual Private Networks to run smoothly. These system requirements are discussed below.
Transmission Methods
Transmission of data over a VPN can take place over two platforms, one is over internet based VPN connections, and the other is over intranet based VPN connections. Internet-based VPN connections where clients access VPNs over the internet. Hence it cuts the cost of long-distance charge and takes advantage of the fact that the internet is available globally. On the other hand, intranet-based VPN connections while transmitting data use of IP connectivity found within an organization’s Local Area Network.
LAN Infrastructure
As stated above, VPNs can be classified into two classes; remote access VPNs and site-to-site VPNs. These two are used to describe the LAN infrastructure of VPNs. Just like in other networks we have a server. The server offers VPN services such as encryption. We also have switches and routers that assist in the interconnection of the various VPNs. Finally, we also have firewalls to prevent unauthorized access and also prevent malware from attacking devices in the VPN.
Encryption
In normal public networks, data is encrypted at the sender’s end and the decrypted when it reaches the intended receiver. It is necessary to use data encryption in a communication link between a client and the service provider. However, this is not the case in VPNs because data encryption is performed between a VPN client and a VPN server meaning no encryption is required in the communication link. (Crawford, 2017).
Cloud-based vs. Premise-based VPNs
Cloud-based VPNs use cloud computing infrastructure to deliver the various VPN services. Since cloud services are accessible globally, it means that VPNs that utilize cloud computing infrastructure are available globally too. Cloud VPN can also be referred to as hosted VPN. It provides the same level of global security. Use of cloud VPN means no VPN infrastructure is needed at the user’s end. On the other hand, we have premise based VPNs, which is where VPN infrastructure is set up in the organization. Premise-based VPNs are not very scalable compared to cloud VPNs.
Network Implications of a VPN
The major network implication caused by VPNs is scalability. When deploying VPN services, this is the most common thing considered, because it affects other VPN requirements such as security. For example, in a site-to-site connection, strong security can be foregone to increase scalability as long as the interaction between the client and service provider routing dynamics is managed. If a VPN requires strong security, the premise-based model should be used where the IPsec protocol suite is applied. (De Clercq, Paridaens, 2002).
MANAGEMENT IMPLICATIONS AND CONSIDERATIONS
Effective management of an organization’s VPN leads to a reduction of expenses. The major challenges that organizations face when it comes to VPNs are time, cost and the expertise required to come up with VPNs that are secure. Hence this means that at times the challenges that accompany managing a VPN sometimes outweigh the advantages of implementing it in an organization. Sometimes VPNs include multivendor environments, which leads to management challenges when integrating the multivendor components and ensuring accuracy and consistency.
Centralized, policy-based management systems contribute to reducing the time taken to design and deploy VPNs. They also reduce chances of errors occurring, hence, in turn, leads to an increase in the scale of operations.
SECURITY IMPLICATIONS OF THIS TECHNOLOGY
Security in VPNs can be looked at regarding security itself, security monitoring tests and finally policy management. VPNs can be described as shared IP networks, which means to some extent they can be untrustworthy. Regarding security, a VPN should be able to establish user identity, authenticate that user and ensure data integrity and confidentiality is maintained. A VPN should also be able to restrict and manage access to its network resources. When it comes to security monitoring, a VPN should be able to detect and react if an intrusion occurs. Before a VPN is deployed, tests should be carried out to ensure it is secure and also for its vulnerabilities to be identified. Finally, well-developed policies should be developed to ensure centralized control of security services.
ANALYSIS OF THE ORGANISATION I WORK IN
I work at a bank. Data found in a bank is usually confidential, this means that ensure the data remained confidential the bank deployed a virtual private network. At first, the VPN was used to only for services rendered to the bank’ s customers and was premise-based. Since the bank has branches across the country, it means that site-to-site VPN is applied. Also, the bank offers visa cards. These are meant to be used globally meaning remote access is also applied.
Over time as the bank grew so did the need for more functionalities to be added to the VPN. Therefore, since a cloud-based VPN is more scalable, the bank went ahead and adopted the software. Currently, almost all bank activities are done on the VPN. These include coming up with schedules, developing payrolls, creating bank statements providing bank loans, ATMs and all other services offered by a bank. The bank also has a website that can be used to perform various bank transactions. This website is also connected to the bank VPN. To ensure security, the bank’s VPN has implemented some of the protocols mentioned above such as IPsec and L2TP. All in all, currently when it comes to implementation of VPN technology, the bank is doing well, because it has managed to keep up with technology as it has evolved over the years. Is there room for improvement? Yes, definitely especially when it comes the VPN infrastructure. Currently, the bank outsources storage space from a cloud service provider for some of its activities. In my opinion, since the information found in a bank is highly sensitive, they should acquire their storage server to reduce the existing vulnerabilities.
RECOMMENDATIONS FOR FUTURE IMPLEMENTATION BY THE ORGANIZATION
The first recommendation is the one mentioned above. The bank should acquire its storage server. The other recommendation is that the online banking platform should implement ExpressVPN. ExpressVPN provides 256-bit AES encryption and at the same time use SSL protocols to secure their network. Apart from SSL, it also supports OpenVPN, L2TP, IPsec, and SSTP. No logs are kept which means privacy and anonymity are maintained. My final recommendation is that when it comes to ATMs, the bank should integrate the Cisco Integrated Service Routers Generation 2 (ISR G2). These routers provide high levels of security and a high availability element all within one router, this provides maximum performance and reduces cost.
References
Carmouche, J. H. (2007). IPsec Virtual Private Network Fundamentals. Indianapolis. Cisco Press.
Cisco. Cisco Solutions for Financial and Branch Banking- Design and Deployment Guide. Cisco Systems, Inc.
Crawford, D. (2017). VPN Encryption: The Complete Guide. BestVPN.
De Clercq, J. Paridaens, O. (2002). Scalability Implications of Virtual Private Networks. Communications Magazine, IEEE.
Liyange, M. Okwuibe, J. Yianttila, M. (2015) Secret Virtual Private LAN Services: An Overview with Performance Evaluation.
Maeda, Y. (2004). Standards for Virtual Private Networks. IEE Communication Magazine.
Sirisukha, S. (2003). The Advantages of a Virtual Private Network for Computer Security. Proceedings of the 16th Annual NACCQ.
Strahler, O. (2002). Network-Based VPNs. GIAC Security Essentials (GSEC).
