Principles of construction Virtual Private Network
Recently in Business of telecommunications big interest is observed to Virtual Private Networks / VPN/. It is caused by necessity of reduction in charges on the maintenance of corporate networks. However, association of networks through Internet, there is a question on safety of data transmission. Therefore there was a necessity of creation of mechanisms providing confidentiality and integrity of the transmitted information. The networks constructed on the basis of such mechanisms have received name VPN.
In this article we shall tell about VPN service and given technology exist. What variants of realization VPN exist.
The main feature of the given technology use of network Internet a highway for transfer of the corporate IP-traffic. Networks VPN are intended for the decision of problems, of connection, of the end user and connection of several local networks. Structure VPN includes channels of a global network. Channels are protected reports and routers.
For association of the removed local networks are used the virtual allocated channels. For creation of similar connections the mechanism of tunneling is used. The initiator of the tunnel changes packages of a local network in new IP-packages. These packages contain the address of this initiator of the tunnel and address of the tunnel in the heading. On the opposite end of the tunnel the client makes process of extraction of an initial package.
Standard mechanisms are necessary for creation VPN on the basis of the equipment and the software from some manufacturers. For example, report Internet Protocol Security (IPSec.) IPSec describes all standard methods VPN. This report defines methods of identification, methods of enciphering and mechanisms of an exchange and management of keys of enciphering between these points. Lack of the report: dependence from IP.
Other reports of construction VPN are reports PPTP (Point-to-Point Tunneling Protocol). The report have developed company Ascend Communications and 3Com, L2F (Layer-2 Forwarding) and company Cisco Systems and L2TP (Layer-2 Tunneling Protocol). PPTP does not define a method of enciphering. Therefore, we shall consider report IPSec.
There is report IKE (Internet Key Exchange), allowing to provide transfer of the information without additional intervention. This report solves problems of safe management and an exchange of cryptographic keys between the removed clients. On the basis of IKE report build vpn for free clients of a network.
There are various variants of construction VPN. Experience shows, that for construction VPN it is the best way to use the specialized equipment. Also it is possible to pay attention to the program decision.
1) VPN on the basis of fireproof walls.
Fireproof walls carry out enciphering the data. To the software of a fireproof wall the module of enciphering is added. Fireproof walls use, that the similar decision can be applied to small networks, with small volume of the transmitted information.
2) VPN on the basis of routers.
It is another way constructions VPN application of routers is. The information from a local network , passes through a router, which makes enciphering.
For example, of the equipment for construction VPN on routers is the equipment of company Cisco Systems.
It is necessary for increase of productivity of a router is used the additional module of enciphering ESA (Encryption Service Adapter).
3) VPN on the basis of the software.
It is possible to construct VPN using the program decision. The specialized software carries out a role of a proxy-server. The computer with the software can be located behind a fireproof wall.
For example, of such decision it is possible software AltaVista Tunnel of 97 company’s Digital acts. Positive qualities AltaVista Tunnel 97 are simplicity of installation and convenience of management. Minuses of the given system it is possible to count non-standard architecture (own algorithm of an exchange keys) and low productivity.
4) VPN on base of network OS.
On base of network OS we shall consider decisions by the example of system Windows NT of company Microsoft. For creation VPN Microsoft uses report PPTP. It is integrated into system Windows NT. The positive moments are ease of integration with Windows and low cost.
5) VPN on the basis of hardware.
The variant of construction VPN on special devices can be used in the networks demanding high efficiency. For example, the product cIPro-VPN serves company Radguard.