Tuesday, January 15, 2008

1.2 Security Risks of the Internet
The risks associated with the Internet are advertised every day by the trade and mainstream
media. Whether it's someone accessing your credit card numbers, prying into your legal
troubles, or erasing your files, there's a new scare every month about the (supposedly) private
information someone can find out about you on the Internet. (Not to mention the perceived
risk that you might happen upon some information that you find offensive, or that you might
not want your children to see.)
For corporations, the risks are even more real and apparent. Stolen or deleted corporate data
can adversely affect people's livelihoods, and cost the company money. If a small company is
robbed of its project files or customer database, it could put them out of business.
Since the Internet is a public network, you always risk having someone access any system you
connect to it. It used to be that a system intruder would have to dial into your network to crack
a system. This meant that they would have to find a phone number connected to a modem
bank that would give them access, and risk the possibility of the line being traced. But if your
corporate network is connected over the Internet and your security is lax, the system cracker
might be able to access your network using any standard dial-up account from any ISP in the
world. Even unsophisticated users can obtain and use automated "security check" tools to
seek out holes in a company's network.
1.1 What Does a VPN Do?
A virtual private network is a way to simulate a private network over a public network, such
as the Internet. It is called "virtual" because it depends on the use of virtual connections—that
is, temporary connections that have no real physical presence, but consist of packets routed
over various machines on the Internet on an ad hoc basis. Secure virtual connections are
created between two machines, a machine and a network, or two networks.
Using the Internet for remote access saves a lot of money. You'll be able to dial in wherever
your Internet service provider (ISP) has a point-of-presence (POP). If you choose an ISP with
nationwide POPs, there's a good chance your LAN will be a local phone call away. Some
ISPs have expanded internationally as well, or have alliances with ISPs overseas. Even many
of the smaller ISPs have toll-free numbers for their roaming users. At the time of this writing,
unlimited access dial-up PPP accounts, suitable for business use, are around $25 per month
per user. At any rate, well-chosen ISP accounts should be cheaper than setting up a modem
pool for remote users and paying the long-distance bill for roaming users. Even toll-free
access from an ISP is typically cheaper than having your own toll-free number, because ISPs
purchase hours in bulk from the long-distance companies.
In many cases, long-haul connections of networks are done with a leased line, a connection to
a frame relay network, or ISDN. We've already mentioned the costs of leasing a "high cap"
leased line such as a T1. Frame relay lines can also give you high speeds without the mileage
charges. You purchase a connection to a frame cloud, which connects you through switches to
your destination. Unlike a leased line, the amount you pay is based more on the bandwidth
that's committed to your circuit than distance. Frame connections are still somewhat
expensive, however. ISDN, like the plain old telephone system, incurs long-distance charges.
In many locations, the local telephone company charges per minute even for local calls, which
again runs expenses up. For situations where corporate office networks are in separate cities,
having each office get a T1, frame relay, or ISDN line to an ISP's local POP would be much
cheaper than connecting the two offices using these technologies. A VPN could then be
instituted between the routers at the two offices, over the Internet.

VIRTUAL PRIVATE NETWORKS

. Why Build a Virtual Private Network?

Until now there has always been a clear division between public and private networks.
A public network, like the public telephone system and the Internet, is a large collection of
unrelated peers that exchange information more or less freely with each other. The people
with access to the public network may or may not have anything in common, and any given
person on that network may only communicate with a small fraction of his potential users.
A private network is composed of computers owned by a single organization that share
information specifically with each other. They're assured that they are going to be the only
ones using the network, and that information sent between them will (at worst) only be seen
by others in the group. The typical corporate Local Area Network (LAN) or Wide Area
Network (WAN) is an example of a private network. The line between a private and public
network has always been drawn at the gateway router, where a company will erect a firewall
to keep intruders from the public network out of their private network, or to keep their own
internal users from perusing the public network.