Intranets and Virtual Private Networks (VPNS)
Intranets and Virtual Private Networks (VPNS)
Intranets and Virtual Private Networks (VPNS)
Networks (VPNs)
Definition
Private networking involves securely transmitting corporate data across multiple
sites throughout an entire enterprise. Creating a truly private corporate network
generally requires an intranet. A virtual private network (VPN) is one means of
accomplishing such an implementation using the public Internet.
Overview
This tutorial explores the benefits of a private corporate network and reviews a
traditional wide-area network (WAN) architecture implementation. It then
compares the WAN model to present-day private-networking strategies,
specifically examining two types of modern private-network implementations:
encryption-based VPNs and private networks based on frame-relay permanent
virtual circuits (PVCs). It also reviews important security issues associated with
the different technologies used to implement a private network.
Topics
1. Introduction
2. Benefits of ISPBased Private Networks
3. Traditional WAN Network Architecture
4. Encryption-Based VPNs
5. Private Networking Using Frame-Relay PVCs
Self-Test
Correct Answers
Glossary
1. Introduction
Today's corporations are challenged by the need to support a wide variety of
communications across a highly distributed number of sites and offices. At the
same time that the number of sites and offices increases, corporations are
pressured to reduce the cost of their overall communications expenses. In
addition to the increased number of office locations, employees expect to access
corporate resources from a more diverse set of locations, including customer
sites, home offices, and travel destinations. As more emphasis is placed on
electronic communication, business partners also expect to access corporatepartner data as well. All of these trends drive the need to establish a corporate
private-network infrastructure.
With regard to communications expenses, however, corporations are finding that
traditional architecture does not provide the flexibility and solutions required.
Using dedicated leased-line circuits to interconnect main offices and branch
offices often requires significant planning time, and once in place the circuits
cannot support remote or customer sites. The increase in telecommuting and
remote computing is, in turn, increasing resources spent on remote-access
modems, servers, and long-distance telephone charges.
Private networks that utilize the Internet backbone can significantly reduce the
costs of establishing and maintaining a WAN for private-networking purposes.
Internet service provider (ISP)based private networks offer a global footprint
with ubiquitous local network access. Using an ISPbased private network,
corporations can connect their offices to the ISP's local points of presence (PoPs)
rather than purchase costly leased-line circuits to interconnect their office
locations. The corporation takes advantage of the ISP's established backbone,
which is usually more geographically diverse than its WAN architecture. The ISP
can also offer local dial-up access at a diverse number of locations, which helps
reduce long-distance remote-access costs.
Copyright
The International Engineering Consortium
2/14
fractional tier-1 (T1) increments rather than in an entire T1 circuit from a telco or
local exchange carrier (LEC).
Outsourcing network management to an ISP can also indirectly reduce operating
costs and resources. In-house technical resources are no longer needed to install,
configure, and manage network equipment. A corporation will not need to
support dial-up plain old telephone service (POTS) lines or integrated services
digital network (ISDN) and leased-line circuits. The information technology (IT)
department can concentrate resources on data and server equipment rather than
on low-level network equipment.
Several different ways to implement an ISPbased private network can be used.
One common implementation transmits corporate traffic over the public Internet
but uses encryption to protect the data from unauthorized access. Frame-relay
technology also enables the creation of logically isolated circuits or PVCs that
provide a private network in which data does not need to be encrypted because it
travels only along these logically private circuits.
Copyright
The International Engineering Consortium
3/14
4. Encryption-Based VPNs
Encryption-based VPNs create a VPN using the public Internet infrastructure. A
corporation establishes public Internet connections from each of its office
locations to an ISP's PoP. The corporation can establish the connections with a
single ISP or multiple ISPs.
Encryption-based VPNs are susceptible to any weaknesses that the public
Internet may experience. Typically, these weaknesses are related to data security
and network performance. The original design and implementation of the
Internet did not address the security and performance requirements of private
networks.
Encryption-based VPNs are often the easiest type of ISPbased private network
to create. Several different encryption vendors supply a large range of solutions.
Figure 2 shows a typical encryption-based VPN implementation. Each branch
office or partner company connects to any ISP; users simply must have access to
the public Internet. An encryption device (typically a router or firewall) is placed
at each location. The encryption devices receive encrypted data from the other
locations and perform the appropriate decryption.
Copyright
The International Engineering Consortium
4/14
Copyright
The International Engineering Consortium
5/14
Copyright
The International Engineering Consortium
6/14
Self-Test
1. Private networking refers to which of the following?
a. different types of network firewalls
b. networking where network protocols are not used
c. securely transmitting corporate data
d. accessing Web servers using the HTTP protocol
2. A VPN is which of the following?
a. an implementation of a private network
b. a network built using frame-relay technology
c. a high-speed network protocol
d. a standard way to encrypt files for secure transmission
3. Corporate networks are now challenged because of which of the following?
a. computer equipment requires a greater amount of storage space
b. centrally located computers are consuming greater amounts of electrical
power
c. multiple protocols are taxing existing network resources
d. the need to support a wide variety of communications across a large
geographic area
4. Traditional WAN architecture ___________________.
a. is growing because it ideally meets corporate network needs
b. is a low-cost solution to a wide variety of needs
c. is less flexible and more costly to implement
d. improves data transmission over long distances
5. Remote access modems require which of the following?
a. increased equipment and management resources
Web ProForum Tutorials
http://www.iec.org
Copyright
The International Engineering Consortium
7/14
Copyright
The International Engineering Consortium
8/14
Copyright
The International Engineering Consortium
9/14
Correct Answers
1. Private networking refers to which of the following?
a. different types of network firewalls
b. networking where network protocols are not used
c. securely transmitting corporate data
d. accessing Web servers using the HTTP protocol
See Definition.
2. A VPN is which of the following?
a. an implementation of a private network
b. a network built using frame-relay technology
c. a high-speed network protocol
d. a standard way to encrypt files for secure transmission
See Definition.
3. Corporate networks are now challenged because of which of the following?
a. computer equipment requires a greater amount of storage space
b. centrally located computers are consuming greater amounts of electrical
power
c. multiple protocols are taxing existing network resources
d. the need to support a wide variety of communications across
a large geographic area
See Topic 1.
4. Traditional WAN architecture ___________________.
a. is growing because it ideally meets corporate network needs
b. is a low-cost solution to a wide variety of needs
c. is less flexible and more costly to implement
Web ProForum Tutorials
http://www.iec.org
Copyright
The International Engineering Consortium
10/14
Copyright
The International Engineering Consortium
11/14
Copyright
The International Engineering Consortium
12/14
Glossary
ISP
Internet service provider
ISDN
integrated services digital network
IT
information technology
LEC
local exchange carrier
POP
point of presence
POTS
plain old telephone service
PVC
permanent virtual circuit
VPN
virtual private network
Copyright
The International Engineering Consortium
13/14
WAN
wide-area network
Copyright
The International Engineering Consortium
14/14