While a VPN can be configured on generic computer equipment such as standard servers, most businesses opt for dedicated equipment optimized for the VPN and general network security. A small company might have all of its VPN equipment on site or, as mentioned earlier, might outsource its VPN services to an enterprise service provider.
A larger company with branch offices might choose to co-locate some of its VPN equipment, meaning that it will set up that equipment in a co-location facility or colo. A colo is a large data center that rents space to businesses that need to set up servers and other network equipment on a very fast, highly reliable internet connection.
As mentioned earlier, there is no standard that all VPNs follow in terms of their setup. When planning or extending a VPN, though, you should consider the following equipment:. VPN components can run alongside other software on a shared server, but this is not typical, and it could put the security and reliability of the VPN at risk. The following are dedicated VPN devices a business can add to its network.
You can purchase these devices from companies that produce network equipment:. So far, we've looked at the types of VPNs and the equipment they can use. Next, let's take a closer look at the encryption and protocols that VPN components use. Encryption is the process of encoding data so that only a computer with the right decoder will be able to read and use it. You could use encryption to protect files on your computer or e-mails you send to friends or colleagues.
An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt it. The most common forms of encryption are symmetric-key encryption or public-key encryption:. In a VPN, the computers at each end of the tunnel encrypt the data entering the tunnel and decrypt it at the other end. However, a VPN needs more than just a pair of keys to apply encryption.
That's where protocols come in. GRE provides the framework for how to package the passenger protocol for transport over the internet protocol IP. This framework includes information on what type of packet you're encapsulating and the connection between sender and receiver.
IPSec is a widely used protocol for securing traffic on IP networks, including the internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server.
IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:. Networked devices can use IPSec in one of two encryption modes. In transport mode , devices encrypt the data traveling between them.
In tunnel mode , the devices build a virtual tunnel between two networks. Throughout this article, we've looked at the types of VPNs and the components and protocols that they use. Over time, people have developed new and better technologies to use in networks, which improves the features of existing VPNs. VPN-specific technologies, though, such as tunneling protocols, haven't changed much in that time, perhaps because current VPNs do such a good job at to keep businesses connected around the world.
Tunnel on to the next page for lots more information about virtual private networks. Sign up for our Newsletter! Mobile Newsletter banner close. Mobile Newsletter chat close. Mobile Newsletter chat dots. Mobile Newsletter chat avatar. Mobile Newsletter chat subscribe. Computer Hardware. A VPN connection to a business's main office can help its employees be productive when they're on the go.
In our analogy, each person traveling by submarine is like a remote user accessing the company's private network. It's fast. It's easy to take with you wherever you go. It's able to completely hide you from any other boats or submarines.
It's dependable. It costs little to add additional submarines to your fleet once you've purchased the first one. What Makes a VPN? A good VPN can carry data in a secure, private tunnel across the chaos of the public internet.
Extended connections across multiple geographic locations without using a leased line Improved security for exchanging data Flexibility for remote offices and employees to use the business intranet over an existing internet connection as if they're directly connected to the network Savings in time and expense for employees to commute if they work from virtual workplaces Improved productivity for remote employees.
Security — The VPN should protect data while it's traveling on the public network. If intruders attempt to capture the data, they should be unable to read or use it.
Reliability — Employees and remote offices should be able to connect to the VPN with no trouble at any time unless hours are restricted , and the VPN should provide the same quality of connection for each user even when it is handling its maximum number of simultaneous connections.
VPN security is only as strong as the methods used to authenticate users and devices at the remote end of the VPN connection. Simple authentication methods are subject to password "cracking" attacks, eavesdropping, or even social engineering attacks.
Two-factor authentication is a minimum requirement for providing secure remote access to a corporate network. Remote access is a major threat vector to network security. A remote computer that does not meet corporate security requirements may potentially forward an infection, like a worm or virus, from its local network environment to the internal network.
Up-to-date antivirus software on the remote computer is essential to mitigate this risk. Split tunneling occurs when a device on the remote end of a VPN tunnel simultaneously exchanges network traffic with both the public and private networks without first placing all the network traffic inside the VPN tunnel. This can allow attackers on the shared network to compromise the remote computer and gain network access to the private network.
Here is a quick overview of the three main types of topologies:. An IPsec policy defines the characteristics of the site-to-site VPN, such as the security protocols and algorithms used to secure traffic in an IPsec tunnel. After an organization creates a VPN topology, it can configure the IPsec policies it applies to that topology, depending on the assigned IPsec technology. Our resources are here to help you understand the security landscape and choose technologies to help safeguard your business.
These tools and articles will help you make important communications decisions to help your business scale and stay connected. Sprechen Sie Deutsch? Besuchen Sie unsere deutschsprachige Webseite. Products Solutions Support Partners Company. Email and Data Security. Free Email Threat Scan. Web Application Firewall. Free Web App Vulnerability Scan. Free Cloud Assessment Scan.
Partner Portal Become a Partner. Channel Partners. Partner Login. About Us. A VPN connection usually works like this. Data is transmitted from your client machine to a point in your VPN network. The VPN point encrypts your data and sends it through the internet. Another point in your VPN network decrypts your data and sends it to the appropriate internet resource, such as a web server, an email server, or your company's intranet.
Then the internet resource sends data back to a point in your VPN network, where it gets encrypted. That encrypted data is sent through the internet to another point in your VPN network, which decrypts the data and sends it back to your client machine. Easy peasy! Connect your locations and users more securely. For offices, business partners, cloud providers, remote and mobile workers. Different VPNs can use different encryption standards and technologies. Here's a quick list of some of the technologies that a VPN may use:.
So now that you understand the basics of what VPN is and how it works, you may be considering using one yourself. In lieu of endorsing any particular company's services, I'll give you some tips on how to choose a good VPN service. The physical location of the VPN service should be considered.
0コメント