Network managers
are becoming increasingly interested in the idea of using a public network
such as the Internet in place of private lines to transport internal corporate
data such as intranet documents, groupware communications and E-mail.
Quite simply, this type of virtual private networking (VPN) provides
a relatively inexpensive way to connect telecommuters, mobile workers and
remote sites to a home office LAN.
By using the Internet to transport data, companies can save up to 50%
of the cost of operating a traditional leased private network, according
to a 1996 U.S. computer study commissioned by Sun Microsystems, Inc.
While interest in VPN is growing, actual deployment is low. This is
because VPN technologies are relatively immature, and many network managers
don't understand how these networks should work.
Security is first and foremost among the important design issues for
VPN. Private data that is transmitted over the Internet must be protected
in order to keep it from being interfered with or intercepted.
|
Three types of data security come into play
for VPN: encryption, which is the function of scrambling data so only the
intended receiver can read it; authentication, which is the function of
positively identifying the sender to the receiver; and integrity, which
is the function of ensuring the data has not been changed in transit. Without
all three security functions, a VPN solution is incomplete.
A key to VPN
It is impossible to understand VPN security without discussing encryption
keys and their impact on a VPN's growth potential. To understand encryption,
picture Person A feeding a private message for Person B into a scrambling
machine purchased off a store shelf. Because anyone can buy a similar scrambler,
simply feeding the private message into the scrambler won't provide any
real security. However, if the private message is combined with a predetermined
shared secret code that only the two parties know, then the message can
be scrambled by Person A and only read by Person B.
|