What
is a Virtual Private Network?
Commonly known as a VPN and defined differently by different entities, it is a group of two or more computer systems, typically connected to a private network (a network built and maintained by an organization solely for its own use) with limited public-network access, that communicates "securely" over a public network, such as the Internet. VPNs may exist between an individual machine and a private network (client-to-server) or a remote LAN and a private network (server-to-server). Security features differ from product to product, but most security experts agree that VPNs include encryption, strong authentication of remote users or hosts, and mechanisms for hiding or masking information about the private network topology from potential attackers on the public network.
Another way to look it would be if two people (remote sites) were speaking in an unknown language in a public place (in this case, the Internet). There are plenty of people that can hear you speaking (hackers), but they do not know what you are saying. By speaking the "language" both people would "encrypt" and "decrypt" the data into relevant information and understand the other person. Similarly, VPNs provide the unknown "language" that is decipherable between two parties, but no one else knows what is being said.
What are the three elements of the VPN?
• Remote user identity authentication
• Secure private transmission of data (avoiding unauthorized listeners)
• Verification of unadulterated data transmission
What are the trends driving VPNs?
A convergence of business, social, and technology trends are driving the dispersion of today's enterprise into a distributed workplace:
— Rapid proliferation of powerful, affordable PCs and other small office technologies.
— Emergence of the Internet as the global data communications network for linking geographically dispersed locations.
— Demand by employees for flexible work arrangements in response to growing commute times and family needs.
— Drive for improved productivity and reduced costs by companies.
— Need for recruiting and retaining talent located outside the confines of the local geographical area.
— Explosive availability of affordable, broadband Internet connections (DSL, cable and wireless).
What are the advantages of using VPNs?
Cost Savings – By leveraging third party networks, with VPN, organizations no longer have to use expensive leased or frame relay lines and are able to connect remote users to their corporate networks via a local Internet service provider (ISP) instead of via expensive 800-number or long distance calls to resource-consuming modem banks
Security – VPNs provide the highest level of security using advanced encryption and authentication protocols that protect data from unauthorized access.
Scalability – VPNs allow corporations to utilize remote access infrastructure within ISPs. Therefore, corporations are able to add a virtually unlimited amount of capacity without adding significant infrastructure.
Compatibility with Broadband Technology – VPNs allow mobile workers, telecommuters and day extenders to take advantage of high-speed, broadband connectivity, such as DSL and Cable, when gaining access to their corporate networks, providing workers significant flexibility and efficiency.
What types of VPNs are there, and what are their relative advantages and disadvantages?
VPNs fall into three broad categories: hardware-based systems, firewall-based systems and standalone VPN application packages.
• Hardware based VPN systems usually use encrypting routers
• Firewall based VPN systems take advantage of the firewall's security mechanisms, including restricting access to the internal network
• Software-based VPN systems are ideal in situations where both end points of the VPN are not controlled by the same organization
Hardware-based VPN Systems
Most hardware based VPN systems are encrypting routers. They are secure and easy to use, since they provide the nearest thing to "plug and play" encryption equipment available. They may not be as flexible as software-based systems, but provide the highest network throughput of all VPN systems. These are generally the most expensive VPN solution. Cisco and Checkpoint, among others, offer this type of hardware based VPN system.
Firewall-based VPN Systems
Firewall based VPNs, such as those offered by NETGEAR's FVS318, FV318 and FR318 (with VPN upgrade) take advantage of the firewall's security mechanisms, including restricting access to the internal network. They also perform network address translation, satisfy requirements for strong authentication, and serve up real-time alarms and extensive logging. Most commercial firewall vendors, including NETGEAR, "harden" the host operating system kernel by stripping out dangerous or unnecessary services, providing additional security for the VPN server. OS protection is a major plus, since very few VPN application vendors supply guidance on OS security. These boxes also incorporate a router, eliminating the requirement of “front-ending” a stand-alone router with a “firewall appliance”.
Software-based VPN Systems
Software-based VPNs are ideal in situations where both end points of the VPN are not controlled by the same organization (typical for client support or business partnerships), or when different firewalls are implemented within the same organization. In situations where performance requirements are modest (such as users connecting over dial-up links), software based VPNs may be the best choice. But software-based VPNs are generally harder to manage than encrypting routers. They require familiarity with the host operating system, the application itself, and appropriate security mechanisms. And some software VPN packages require changes to routing tables and network addressing schemes.
Typical VPN Applications
Site-to-Site VPNs extend the classic WAN by providing large-scale encryption between multiple fixed sites such as remote offices and central offices, over a public network, such as the Internet. NETGEAR's FVS318 can support up to eight sites.
Remote Access VPNs permit secure, encrypted connections between mobile or remote users and their corporate networks via a third-party network, such as a service provider.
VPN Clients. With NETGEAR's FV318 and a client software package, mobile users can securely "tunnel" back to the main office, while the office maintains VPN tunnels to other remote sites (up to five total tunnels!). The FR318 and a 1 Security Association (SA) upgrade can offer a mobile worker the ability to safely connect back to the office.
VPN Client solutions
VPN Client solutions allow businesses the flexibility of either a hardware or software client, both offering high scalability and ease of deployment.
Before using VPNs, communications were complicated and expensive.
With NETGEAR's FVS318 and a client software package, mobile users can securely "tunnel" back to the main office, while the office maintains VPN tunnels to other remote sites (up to eight total tunnels!).
Accommodating growth
NETGEAR can also expand as your business expands, allowing for up to eight VPN tunnels at one time.
NETGEAR VPN solutions
Commonly known as a VPN and defined differently by different entities, it is a group of two or more computer systems, typically connected to a private network (a network built and maintained by an organization solely for its own use) with limited public-network access, that communicates "securely" over a public network, such as the Internet. VPNs may exist between an individual machine and a private network (client-to-server) or a remote LAN and a private network (server-to-server). Security features differ from product to product, but most security experts agree that VPNs include encryption, strong authentication of remote users or hosts, and mechanisms for hiding or masking information about the private network topology from potential attackers on the public network.
Another way to look it would be if two people (remote sites) were speaking in an unknown language in a public place (in this case, the Internet). There are plenty of people that can hear you speaking (hackers), but they do not know what you are saying. By speaking the "language" both people would "encrypt" and "decrypt" the data into relevant information and understand the other person. Similarly, VPNs provide the unknown "language" that is decipherable between two parties, but no one else knows what is being said.
What are the three elements of the VPN?
• Remote user identity authentication
• Secure private transmission of data (avoiding unauthorized listeners)
• Verification of unadulterated data transmission
What are the trends driving VPNs?
A convergence of business, social, and technology trends are driving the dispersion of today's enterprise into a distributed workplace:
— Rapid proliferation of powerful, affordable PCs and other small office technologies.
— Emergence of the Internet as the global data communications network for linking geographically dispersed locations.
— Demand by employees for flexible work arrangements in response to growing commute times and family needs.
— Drive for improved productivity and reduced costs by companies.
— Need for recruiting and retaining talent located outside the confines of the local geographical area.
— Explosive availability of affordable, broadband Internet connections (DSL, cable and wireless).
What are the advantages of using VPNs?
Cost Savings – By leveraging third party networks, with VPN, organizations no longer have to use expensive leased or frame relay lines and are able to connect remote users to their corporate networks via a local Internet service provider (ISP) instead of via expensive 800-number or long distance calls to resource-consuming modem banks
Security – VPNs provide the highest level of security using advanced encryption and authentication protocols that protect data from unauthorized access.
Scalability – VPNs allow corporations to utilize remote access infrastructure within ISPs. Therefore, corporations are able to add a virtually unlimited amount of capacity without adding significant infrastructure.
Compatibility with Broadband Technology – VPNs allow mobile workers, telecommuters and day extenders to take advantage of high-speed, broadband connectivity, such as DSL and Cable, when gaining access to their corporate networks, providing workers significant flexibility and efficiency.
What types of VPNs are there, and what are their relative advantages and disadvantages?
VPNs fall into three broad categories: hardware-based systems, firewall-based systems and standalone VPN application packages.
• Hardware based VPN systems usually use encrypting routers
• Firewall based VPN systems take advantage of the firewall's security mechanisms, including restricting access to the internal network
• Software-based VPN systems are ideal in situations where both end points of the VPN are not controlled by the same organization
Hardware-based VPN Systems
Most hardware based VPN systems are encrypting routers. They are secure and easy to use, since they provide the nearest thing to "plug and play" encryption equipment available. They may not be as flexible as software-based systems, but provide the highest network throughput of all VPN systems. These are generally the most expensive VPN solution. Cisco and Checkpoint, among others, offer this type of hardware based VPN system.
Firewall-based VPN Systems
Firewall based VPNs, such as those offered by NETGEAR's FVS318, FV318 and FR318 (with VPN upgrade) take advantage of the firewall's security mechanisms, including restricting access to the internal network. They also perform network address translation, satisfy requirements for strong authentication, and serve up real-time alarms and extensive logging. Most commercial firewall vendors, including NETGEAR, "harden" the host operating system kernel by stripping out dangerous or unnecessary services, providing additional security for the VPN server. OS protection is a major plus, since very few VPN application vendors supply guidance on OS security. These boxes also incorporate a router, eliminating the requirement of “front-ending” a stand-alone router with a “firewall appliance”.
Software-based VPN Systems
Software-based VPNs are ideal in situations where both end points of the VPN are not controlled by the same organization (typical for client support or business partnerships), or when different firewalls are implemented within the same organization. In situations where performance requirements are modest (such as users connecting over dial-up links), software based VPNs may be the best choice. But software-based VPNs are generally harder to manage than encrypting routers. They require familiarity with the host operating system, the application itself, and appropriate security mechanisms. And some software VPN packages require changes to routing tables and network addressing schemes.
Typical VPN Applications
Site-to-Site VPNs extend the classic WAN by providing large-scale encryption between multiple fixed sites such as remote offices and central offices, over a public network, such as the Internet. NETGEAR's FVS318 can support up to eight sites.
Remote Access VPNs permit secure, encrypted connections between mobile or remote users and their corporate networks via a third-party network, such as a service provider.
VPN Clients. With NETGEAR's FV318 and a client software package, mobile users can securely "tunnel" back to the main office, while the office maintains VPN tunnels to other remote sites (up to five total tunnels!). The FR318 and a 1 Security Association (SA) upgrade can offer a mobile worker the ability to safely connect back to the office.
VPN Client solutions
VPN Client solutions allow businesses the flexibility of either a hardware or software client, both offering high scalability and ease of deployment.
Before using VPNs, communications were complicated and expensive.
With NETGEAR's FVS318 and a client software package, mobile users can securely "tunnel" back to the main office, while the office maintains VPN tunnels to other remote sites (up to eight total tunnels!).
Accommodating growth
NETGEAR can also expand as your business expands, allowing for up to eight VPN tunnels at one time.
NETGEAR VPN solutions
NETGEAR offers a wide variety of products that support VPN using the
IPSec security protocol. Some devices, like the FVS318 can initiate up
to 8 VPN tunnels. All other NETGEAR broadband routers and firewalls support
IPSec and PPTP pass-through protocols, which can be used as part of NETGEAR-only
or other VPN networks that support these protocols.
Cost savings using VPN systems
You want to lower your cost of doing business? Check out the savings in two examples, one where there are 3 remote access employees and two remote sites, the other where there are 5 remote access employees.
Setting up a VPN using NETGEAR
Setting up a NETGEAR VPN is easy! Just determine the type of VPN you want to set up (box-to-box VPN, or client-to-box VPN).
For box-to-box, follow the quick install guide to connect the routers to the internet, then set the security configurations on each router.
For client-to-box, follow the quick install guide for the router to connect to the Internet, and install the client software on the remote PCs. Follow the client instructions to connect to the router.
Figure 1 NETGEAR VPN Set-Up Screens
Figure 2 Typical Client Set-up Screen
