VPN technology allows businesses to use their existing Internet connections to connect to other offices (site-to-site VPNs) or allow telecommuting or mobile users to connect into the office network from their PCs (remote-access VPN).
VPNs provide a variety of benefits over private-line connections:
- Cost savings over private-line connections
- Remote-access connections for telecommuting or mobile users
At the same time, VPNs have some major drawbacks:
- Higher overhead
- Varying service levels
- Additional security considerations
VPN connections come in two major genres: site-to-site and remote-access VPNs.
Site-to-site VPNs are the direct replacement for private-line WAN connections. They allow offices to maintain permanent or semipermanent connections between each other through the Internet.
Remote-access VPNs typically are used to allow telecommuting or mobile workers to connectto the corporate network from home or hotel-like locations. These remote-access VPNs comein a couple of styles: client-based (requires the installation of a VPN client) and clientless (also known as SSL or WebVPN; users connect through a secure web page).
The key protocol that drives VPN connections is IPsec. This is actually a suite of protocols that provide standards for encryption, authentication, and data integrity.
Three primary encryption standards are used with IPsec:
- Data Encryption Standard (DES) algorithm was originally developed by IBM to support a 56-bit key.
- Triple DES (3DES) algorithm uses three different DES keys to encrypt data, thus tripling the strength of DES.
- Advanced Encryption Standard (AES) currently offers 128-, 192-, and 256-bit encryption.
Currently, two data-integrity standards are used with IPsec:
- Message Digest 5 (MD5) uses a 128-bit hashing algorithm.
- Secure Hash Algorithm 1 (SHA-1)uses a 160-bit hashing algorithm.