As I mentioned in Part One of this blog, a VPN tunnel allows for the safe transfer of data across the Internet, and adds layers of security to your company network. It does this through the use of encryption and other security mechanisms (including hardware settings/passwords and approved IP addresses). These layers of security help to ensure that only authorized users can access the company network and that your data cannot be intercepted. I am not promoting a specific protocol hardware to use, but rather providing a rough outline of what is out there. I encourage you to find what suits best for your organization and environmental requirements.
What you want to do is make your corporate network bullet proof from the outside and poke a tiny secure hole into your network using a VPN for users to connect to your systems.
VPN Network Protocols
At the heart of each VPN tunnel lies a communications protocol, known as a VPN Network Protocol. These protocols, equivalent to programming languages, are specific to communication devices; they form the rules that allow encapsulated “packets” of information to be exchanged across the Internet between private networks. There are three main network protocols for use with VPN tunnels, although there are a few other special flavors that can be looked at. They are generally incompatible – that is to say, both ends of the VPN connection must be using the same protocol. The most commonly used protocols are:
- PPTP – The Point-to-Point Tunneling Protocol is a technology for creating VPNs, developed jointly by Microsoft, U.S. Robotics and several remote access vendor companies, known collectively as the PPTP Forum.
- L2TP – Layer Two (2) Tunneling Protocol is an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks (VPNs).*
- IPSec – developed by the IETF to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement VPNs. IPsec supports two encryption modes: Transport and Tunnel.
Authentication and Encryption
Along with tunneling, authentication and encryption are the main components of a VPN. Authentication is a familiar three-phase process: identification, authentication and authorization. I, for example, identify myself to the destination network with my username: Al. Next I prove that I really am Al with a password/pre-shared key/certificate or smart card. This proves my authenticity – the destination network accepts me as a valid user. Now that I’m authenticated, I receive access to the services that I’m allowed to use. This is called authorization. Keep in mind that some ways of authenticating are more secure than others.
Encryption is a key element of VPN, but the sophistication with which your VPN encrypts data is a matter of choice, and sometimes necessity. The issues revolve around security and speed. If your company’s head office is in a “last mile” location, and the data it receives is forced to creep through last century’s “twisted pair” copper wires, only ever designed for an analogue phone, you might choose minimal encryption, especially if your data is not particularly sensitive. If, on the other hand, your data arrives at the speed of light through modern optical cable, and, furthermore, it’s mission critical and highly sought after, you might be wise to choose an advanced encryption standard, such as AES 256.
Imagine your company with its new VPN. There’s a central server with VPN hardware or software that supports all your remote locations, and a license for each user that covers basic SYSPRO ERP modules, SYSPRO e.net Solutions™, and possibly other modules such as SYSPRO CRM. Now everyone in your far-flung organization, including the branch in Timbuktu, are on the same page. Customer issues, production problems, market conditions, etc., become apparent in real time. Analysis and decisions can be made more quickly than ever before.
And the end result is? Agility and security are simultaneously improved. Congratulations – you’ve helped turn your company into a lean, mean, profit-making machine, through the use of a VPN.
*Bullets sourced from http://www.webopedia.com/TERM/V/VPN.html