Chapter 58 - Virtual Private Networks

Abstract

A VPN is a virtual network, built on top of existing physical networks, that can provide a secure communications mechanism for data and other information transmitted between two endpoints. Secure Sockets Layer (SSL) virtual private networks (VPN) provide secure remote access to an organization's resources. This chapter discusses the fundamental technologies and features of VPNs. It describes SSL and how it fits within the context of layered network security. It presents a phased approach to VPN planning and implementation that can help in achieving successful VPN deployments. It also compares the VPN technology with Internet Protocol Security (IPsec) VPNs and other VPN solutions. This information is particularly valuable for helping organizations to determine how best to deploy VPNs within their specific network environments. Because a VPN can be used over existing networks such as the Internet, it can facilitate the secure transfer of sensitive data across public networks. An SSL VPN consists of one or more VPN devices to which users connect using their web browsers. The traffic between the web browser and the VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol. This type of VPN may be referred to as either an SSL VPN or a TLS VPN. This chapter uses the term SSL VPN. SSL VPNs provide remote users with access to Web applications and client/server applications, and connectivity to internal networks. Despite the popularity of SSL VPNs, they are not intended to replace IPsec VPNs. The two VPN technologies are complementary and address separate network architectures and business needs. VPNs offer versatility and ease of use because they use the SSL protocol, which is included with all standard web browsers, so the client usually does not require configuration by the user. VPNs also offer granular control for a range of users on a variety of computers, accessing resources from many locations.