ABSTRACT

VPN is virtual private network. It is a private network for voice and data built with carrier
services. There are three definitions for VPN Voice VPN, Carrier-based voice/data VPN, Internet
VPN. VPN offers a cost-effective alternative for data communication between intra-company
offices, inter-company communications and remote access for domestic and international remote
user and business partners.
INTRODUCTION

Traditionally, a VPN has been defined as a private network for voice and deter built with
carrier services. More recently however, VPN has been defined as a private encrypted tunnel
through the Internet for transporting both voice and data between an organizations different site.
The different definitions of a VPN are as follows:

Voice VPN : In this scheme a single carrier handles all the voice call switching. The "virtual" in
VPN implies that the carrier creates a virtual voice switching network within its switching network.

Carrier based voice data VPN: packet- ftame-and cell-switching networks cam-information in
discrete bundles (called packets) that routed through a mesh network of switches to a destination.
Many users share the network. Carriers program virtual circuits into the network that simulate
dedicated connections between a company's sites. A web of these circuits forms a virtual private
network over the carrier's packet-switched network.

Internet VPN: Internet VPN is similar to the carrier based voice-'data VPN excet* that the IP-
based Internet is the underlying network.

In today's world, to the industry VPN means only one thing and that is the Internet VPN.

Companies whose facilities are split between two or more locations can connect the
locations into single logical network through the use of routers and wide area networking (WAN)
technologies. When a circuit-switched network, like the telephone network is used, permanent or
switched circuit services are employed to emulate the physical attachment of the two sites for
router-to -router packet exchange. Despite the fact that the WAN technologies almost always use
shared, "public" communication utilities, the network constructed by such an organization is
usually considered "private"

1
 And unlocking the secret to the savings is easy. Just lose the leased lines-and look at the
public backbone. By setting up secure virtual private networks (VPN's) over the Internet or other
public network, corporate networks can save their company's fistfuls of cash.

Many businesses today use high speed leased lines, Frame Relay Services or dial up digital
services (ISDN) to satisfy their data connectivity needs. With the growth of the Internet, a new cost
effective alternative has been born.

An Intemet-based VPN uses the public Internet to deliver secure data services for intra-
and rater-company communication. VPNs are also a means for companies to take their first step
towards Internet-based electronic commerce services (E-commerce).

VPNs offer a cost effective alternative for data communications between intra companies
offices (both domestic and international), inter company communications (for Electronic
Commerce in the form of file transfer, electronic mail, EDI, web and client server applications), and
remote access for domestic and international remote users sand business partners, Industry
research estimate that operational cost savings of up to sixty 7 percent over equivalent private
networks can be realized.

A Virtual Private Network or VPN, is a business-critical wide-area Networking solution

enabling an organization to securely and reliably communicate with it offices, business partners,
vendors, customers and employees (both local and remote), The flexibility and business critical
nature of VPNs enable and organization to scale its business quickly, easily and cost effectively.
VPN REVOLUTION

Virtually: Webster's dictionary defines as "being such practically or in effect, although

not in actual fact or name". So for something to be a virtual network, it should act like a network,
yet not be one. It's a wonder then that any one could classify only some networks as virtual since all
networks are virtual to some extent Perhaps we can make the separation based on physical wiring.
If there are real wires among all of the nodes, then network is not virtual. Based on this
determination, WANs have been virtual since the Telcos stopped provisioning TI circuit on
conditioned copper and started using channelized T3 circuits instead.

Perhaps a better determinant is whether the network connections are on demand or

dedicated. An on demand network is made of connections that can be controlled by network
administrators, instead of their telecom partners. A network made of connections controlled by a
third party like a Teico, ISP or telecom annalist is a dedicated network. At some point in this type of

2
network, administrators lose control of the physical network, sometimes right past the building
hubs. Thus, for all practical purposes, on demand networks are built above the network layer
because this is the only place accessible to network administrators for their entire network.

Virtual Private Networking technologies provide the medium to use the Public Internet
backbone as an appropriate channel for private data communication. With encryption and
encapsulation technologies, a VPN essentially carves out of a private passage way through the
Internet VPNs will allow remote offices, company road warriors, and even business partners or
customers to use the Internet, rather that pricey private lines, to reach company networks.

By replacing expensive private network bandwidth with relatively low cost band width,
your company can slash operating costs and simplify communications. You don't need to have 800
lines, run modem pools or pick up long distance charges; employees and business partners simply
place local or toll free calls to Internet service providers (ISPs) to make the connection. Setting up
VPNs also allows you to reduce in house network management responsibilities. You'll be able to
turn much or remote communications burden over to ISPs.

You can also use VPNs to link remote LANs together or giving traveling staffers, work at
home employees and business partners a simple way to reach past company firewalls and tap into
company resources. Virtual private networks are flexible. They are point to multipoint connections,
rather than point to point links. They can be setup or closed down at the network administrators
will, making them ideal for shout term projects.

There's realization that the public, packet-based network is far more cost effective than a
leased network because you can share the fixed cost among many organization using the circuit
The public network provides greater scalability and leverage at a lower cost

A typical TI leased line between a corporation and a local Internet service provider costs $
400 to $ 5000 per month. But because TI charges amount as distance increases, a TI connection
running across the country can cost thousands of dollars each month.

ADVANTAGES:

Much cheaper for connecting WANs than 800 NO: s of dedicated TI lines.
Provides a encryption and authentication services for a fairly good measure of
privacy.

3
 Maintenance of the WAN - to -WAN correction is left to Internet Service
Providers.
Highly flexible; can be set up and taken down very easily.

The working definition that will be the basis for the all discussions in this white paper is
that a VPN uses a cxmibination of tunneling, encryption, authentication, and access control
technologies and services. VPNs use these technologies to ride traffic over the Internet, a managed
IP net work or a provider's backbone. The traffic reaches this back bones using any combination of
access technologies including TI, frame relay, ISDN, ATM or dial access.

A VPN utilizes a public telecommunications network as a secure channel for

communicating data. A VPN connects remote clients, eg.: laptops used by sales persons out in the
field, to companies LAN.

Historically, remote access servers, (RASs), or dial-up networking servers, have provided
this type of access. In addition, a VPN can perform in the functions of a wide area network (WAN)
by interconnecting two or more LANs through the Internet.

Internet providers (ISPs), equipment vendors, and software developers say they can give
you best of both words the security, performance availability and multi protocol support of the
private network over the inexpensive and pervasive Internet. It's called virtual private network
(VPN), or "extranet" and the technology is currently being considered primarily as means of the
extending the reach of private networks for dialing access. But connections with business partners
and customers are another important application. And to a lesser extent, VPNs may address
location ware traditional private network connections cannot be economically justified. Some
vendors and services providers are talking up the idea of replacing existing private network links
with VPN links.
TYPES OF VPN

DIAL VPNs

Much of the public discussion surrounding VPN thus far has centered around tunneling.
Tunneling however is mealy one component of a complete and robust Dial VPN service
architecture. In addition to tunneling techniques supported within the service, any disruption of a
dial VPN service must contain a service must contain a description of how the service handles
security, as well as network management and administration.

4
Tunneling:

Dial VPNS are built up on the notion of efficiently and securely tunneling data from one
point to another. With tunneling the remote access server warps the user data (payload) inside IP
packets, which are routed through the carrier's network or even across multiple networks in the
case of the Internet, to the tunnel end point where the tunneled packet is unwrapped and
forwarded in its original form. Tunneling is used by corporations shifting there remote access
traffic from switched, long distance and regional carriers to ISPs and the Internet Tunneling uses
point - to -point session protocol to replace switched connections, linking data address over a routed
network. This replaces the linkage of telephone numbers over a switched telephone network.
Tunneling allows authorized mobile workers and perhaps authorized customer, to reach your
enterprise network any time and from any where. In tandem with authentication technique,
tunneling also prevents unauthorized access to your corporate network.
ROUTER - BASED VPNs

Most router vendors have added VPN services to their products. Using VPN -
enabled routers, IT managers can send traffic between branch offices over the Internet or a service
provider's network. Dial - in users can access the corporate network by tunneling in over a
provider's network. There are several advantages to a router - based approach that make it
attractive to IT managers. First, adding VPN services to a router is usually a software upgrade.
Frequently, the IT manager simply has to download some software from the vender's Website or
get a disc from the vendor and install it on an existing router. That is usually the case get with older
routers.

New routers often come with VPN services built in to the units software set or even in to
the routers operating system. Pricing approaches for the VPN services vary greatly among router
vendors. Some through it in for free with the operating system; others charee a fee to make use of
the VPN features. Typically, the VPN software add -on for routers includes fire wall, encryption
and tunneling capabilities. Some venders link the user authentication to existing authentication
servers such as the Remote Authentication Dial - In User Service.

Another advantage of the router - based approach is that there is no need to change the
existing network. This can save operational cost, in a couple of ways and thus reduce the total cost
of ownership for a VPN.

In some VPN implementations, a dedicated box is needed. This adds to the management
task of the IT staff. Installing VPN software on an existing router means no additional Internet
working devices are added to the network. Frequently, dedicated VPN devices are not from the

5
same venders that supply routers, switches and hubs. The router based approach where software
added means the existing management system can still be used with the VPN. So mere is no need to
train IT staffs on new equipment or management system.

While these are all valuable reasons for using a router - based VPN, there are other
considerations before selecting this approach.

First, firewall, encryption and tunneling are all done in software, which could cause a
problem under heavy traffic loads. A dedicated VPN device or dedicated firewalls would likely
delivered higher performance. Of course, it will depend on your specific loads. In many cases,
adding software to a router might do the trick.

Software - based VPN services on a router are CPU - intensive - especially when using a
high level of encryption such as Triple - DES at high data - transfer rates. If that is what will be
doing, hardware add -on dedicated to handling encryption tasks Might be necessary.

The disadvantage to using one of these devices is that it adds to the cost of deploying the
VPN, especially if you were looking at a simple software upgrade to start.

Some vendors do not offer add-on encryption hardware devices. In cases where many
users or sites are being connection at high - access speeds while using IP Sec tunneling and
industrial strength encryption, the VPN tasks may simply use a large portion of the router's
processing power.

This can be a major problem. In the extreme, the VPN tasks would consumer so much of
the routers processing cycle that there would be a noticeable performance drop. Most IT managers
determine in the type of router they need to purchase by specify a certain packet per second
performance. If running VPN software on the router cuts the significantly, network response times
could suffer as packet quit in queues waiting to be directed to appropriate ports.
This would require the router hardware to be upgraded- So what started out as a
relatively economical way to add VPN service to your network-adding software to an existing
router-would require the out lay of cash for new equipment
Many IT managers interested in router-based VPNs start with there existing router to
prove the concept And as they try pilot project they get a feel for the performance under their
user's loads. This will help determine if the existing router is sufficient In some cases it will be. In
the others, the IT manager may need to increase the performance of the router.
SOFTWARE - BASED VPNs

6
 Another way to deploy a VPN install is to a straight software-based VPN. Operating
system suppliers and several third party vendors offer VPNs applications that perform the
encryption, tunneling and authentication services required to link users over a VPN.

Although this is a similar approach to using a router - based VPN, one advantage to a
software based VPN is that it allows an IT manager to use existing equipment. This software is
installed on an existing server. This means the network configuration remains intact and the same
management skills and tools can be used to administer the VPN. Thus there is usually no additional
training or management software required to keep the VPN connections up and running.

Another advantage to a straight software-based VPN is that the programs frequently tap
existing network operating system authentication services. This can greatly simplify VPN
administration by, for e.g., linking VPN access right to already defined user - access privileges.

There are, of course, a few points to consider before using a straight software-based VPN
approach. As in the case of a router base VPN, performance may be an issue. Performing VPN
encryption and tunneling tasks takes processing power. One problem in evaluating such a VPN
approach is that there are no standard matrix of determining exactly what the processing load
would be on a server.

The factors that determine the load include the number of simultaneous VPN sessions that
need to be supported, the level of encryption of each session, the typing of tunneling used that the
rate at which data in being passed over the VPN.

7
Seminar Report Virtual Private Network

Obviously, connecting hundreds of branch offices with TI lines to a central sight would require
much more processing power in the central site than supporting a few dozen telecommuters dialing
in to their service providers over analog phone lines.

The consequences of too heavy a load can vary greatly. An IT manager may have to limit the
number of simultaneous sessions that are supported, thus living some users unable to connect.

If the VPN software is nmning on a server that supports other applications, the
performance of these other applications may suffer as the VPN services take more and more CPU
cycles.

In either case, an IT manager may find that a higher performance server would be
required. So similar to what could happened with router-based VPNs, what may seem like an
inexpensive way to establish a VPN might required the purchase of a new, high-end server.

IT managers who opt for the software-based VPN approach typically start :using an
existing server to get some experience with the technology. Usually a pilot program is established
and it is during the pilot that the IT manager examines the VPN performance under varies
conditions. Such experience will help determine if the existing server is capable of supporting a
more expensive deployment.

8
Seminar Report Virtual Private Network

FIREWALL-BASED VPNs

Many corporation center their Internet securities activities on firewalls, which are used to
keep hackers out Some companies even check for computer viruses and malicious codes at this
point in their networks.

For some IT managers, adding the security services of a VPN only makes sense at their
firewall. As a result many fire vendors now support VPN services within their fire walls. Most often
the VPN services are supported in software.

This makes its easy for and it manager to get started using a VPN. The IT
manager simply has to install some new add-on package for the particular firewall. In some cases,
the manager can pay an additional fee to have the VPN services supported in the firewall's
operating software turned on. Again, the advantage is that the existing network remains the same,
so there is no additional equipment to manage. Training is kept to minimum because a VPN
services are often managed by the same user interfaces that is used to manage the firewall.

On the other hand, VPN function such as encryption and tunneling are handled by
software. Again performance may be an issue as in the router- and server based VPN approaches.
Essentially these tasks may take more processing power than the firewall has to offer.

If performance becomes an issue, the IT manager may find that a higher performance
firewall is required. Once more, what irntially looked in the low cost

9
Seminar Report Virtual Private Network

software upgrade to support the cooperate VPN can tern in to a new equipment purchase.

Similar to the two approaches, IT managers will have to determined for themselves
whether performance will be an issue for their particular situation. It may be that the existing can
usually number of simultaneous session at ever of encryption is required by the IT manager, and at
the data rates offered at the particular site.

WHICH IS BEST

For an IT manager, choice of which device to add VPN services to will probably be
determined by a couple of basic factors.

The choice of platform might come down to performance. Once an IT manager tries
implementing a VPN on one platform, it may be determined that the devise simply cannot handle
the loads anticipated for a full VPN development. The IT manager then have to decide if it is more
economical to stick with the specific platform type and by a higher-end version, or if it might be
better to select a different platform all together.

Unfortunately there is little help in determining before hand what the performance
actually be. Some IT manager say the choice of a platform will come down to their corporate
network networking philosophy. If a company does not use firewalls, its not likely they will be one
just for VPN services. Similarly, if a company has a bridged networking environment big services
in most offices, buying a router just for its VPN capability would probably the out of the question.

Conversely, if a company has a huge investment in WAN routes or firewalls and a vendor
offers a software upgrade that will add a VPN services, that mightily the deciding factor when
selecting a platform.

Managers might also necessary also Desiree to leave their current networking geat
unchanged and add on this service by installing a dedicated device that handles

VPNs. And as if those where in enough options for deploying VPNs. Some IT managers and
companies may find they have no choice at all when it comes to a VPN platform.

It might be that a service provider simply offers a managed VPN service that includes all
of the hardware and VPN software.
F SECURE ARCHTECTURE

10
Seminar Report Virtual Private Network

Fsecure encrypts TCP/TP packets on the fly for transport over the Internet or an intranet. It
works with an any installed base of routers an firewalls. It also furnishers the most powerful
encryption available, including triple DES (Data Encryption standard) and Blow - fish...Further,
Fsecure compresses data, authenticates other encryption servers, and performs distribute key
management.

FSecure VPN is normally placed behind both the corporate firewall and the router (other
configuration are also possible). The package includes UNIX and the encryption engine that easy
to install in Pentium PC. After some initial key exchange sand authentication between FSecure
servers at other sites, the net manager simply removes the keyboard and the machine becomes a
security server. Routers must then be configured to forward all TCP/IP packets destined for
encryption to the FSecure server while all packets traveling to unsecured sites and routed
normally. Net managers must also configure one port on their firewall to let encrypted traffic
reach the FSecure server without filtering it.

When it receives packets, FSecure VPN compress and encrypts both the TCP header and
the payload. It then encapsulates it in a second packet for tunneling to an FSecure unit at
another site. The software at the distention site decrypts the packets and to the retrieves the
original header before forwarding it on to the LAN. By compressing and encrypting
simultaneously FSecure makes the session even harder to crack and also helps save on
valuable Internet band with.

FSecure VPN uses a protocol called Secure Shell (SSH) that has a emerged as a de facto
standard for secure Internet communications. The protocol has been used, tested and proved
reliable by such security - conscious organization as NASA (Washington, D.C.), as well as
several U.S. banks. The standard being developed by IP Security Group (IPSec) of the IETF
(Internet Engineer's Task Force) will also be implemented as they become approved.
SECURITY

Several firewall providers include virtual private network as a security feature, a firewall,
which can be software for a host system or a router, or combination of software and hardware
devices, checks, limits and logs network access. For additional security, firewall can encrypt
data at a side before shipping it out over the Internet. The receiving site, which must have a
matching encryption scheme, can decrypt the data.

Pilot network Inc is unveiling a virtual; private network service this week that improve
security by continually accessing information it collects from potential attack on the network.

11
Seminar Report Virtual Private Network

Every time someone tries to break in to a network that uses the service, the incident is
added to a database, which can analyze the information. The more client and the more
attempted break - ins on the network, the better the Pilot service is says Pilot CEO and
founder Marketta Silvera.

CryptoCom VPNS is said to provide some of the strongest encryption algorithms

available-dual-key, triple DES, 128-bit IDEA, and 56 bit DES integrated with two factor user
authentication, packet authentication, automatic short-term key expiration and renewal, and
renewal network compartmentalization.

CryptoCom helps insure that users are properly authenticated and packet integrity is
maintained. CryptoCom VPN is designed to be easy to use and administer by providing
transparent operation to all end users the CryptoCom VPN Gateway hardware and
CryptoCom VPN Client software are compatible with existing firewalls routers, network
architectures and protocol and do not require network device reconfiguration.

Centralized administration provide network managers with tool for configuration as well
as ability to disable and account if an end user device has been compromised. CryptoCom's
two-factor user authentication process eliminates the need for authentication product such as
key = generating cards and public certificate authorities, which most VPN require to be
secure.

According to the companies, CryptoCom VPN does not degrade network

performance. As a dedicated VPN hardware server, the CryptoCom VPN Gateway assure
high traffic flows while eliminating the need to burden the processing power and throughput
of existing firewalls or routers. The client software supports Windows NT, and 95 with major
protocols, including IP, IPX, Net BIOS, NetBEUi, or even SNA over major type of network
connection (dial -up frame relay, ISDN, X.25 Ethernet, and token ring). The gateway
hardware supports most LAN and WAN. Interface.

ENCRYPTION:

Ensuring the privacy of message encryption can be offered in two different

forms, private keys and Public keys. Private or symmetric key encryption is based on a key (or
algorithm) being shared between two parties. The same key both encrypts and decrypts
messages. Kerbores and Data encryption standard (DES) are traditional private-key
technologies. A private key mechanism is proven relatively simple method of encryption. The
main problem is in sharing the keys: How can key that is used to security be transmitted over

12
Seminar Report Virtual Private Network

an unsecured network? the difficulties involved with generating, storing and generating,
storing keys (called key management) can limit private key systems, especially over the
Internet.

In 1976, two computer scientists, Whitfield Diffie and Martin Hellman, developed
a theory of public-key encryption which offered a solution to the problem of how to transfer
the private key. Latter, RSA Data Security, Inc. created an algorithm to make public-key
Cryptography commercially viable. As illustrated a public-key solution such as Entrust TM
from Entrust Technologies, there are two keys - a private key and Public key which is made
publicly available. In addition, a one-time symmetric key is generated for each transaction. To
send a message, the sender, Alicia, first encrypts it by using the one-time symmetric key. This
key is then encrypted, using the Public key of the recipient, Alex. Keep in mind that anything
encrypted with a Public key can only be decrypted with the recipient's private key. This means
that the symmetric key (and therefore the message that it has encrypted) is now secure for
transmission over the Internet or an intranet. When the message arrives, Alex decrypts one
time symmetric key using his own private key. Then, using the symmetric key, he decrypts the
message.

The main advantage offered by public-key technology is increased security. Although

slower than some private - key systems, public - key encryption generally is more suitable for
intranets for three reasons: 1) it is more scalable to very large systems with tens of millions of
users, 2) it has more flexible means authentication, and 3) it can support digital signatures.
Public - key technology also enables non-repudiation enforcement to verify the transmission or
receipt of a given transaction.

A VPN is a network tunnel created for encrypted data transmission between two
or more authenticated parries. This ensures the data privacy, integrity, authenticity. At its
foundation, a secure VPN solution is complete only if the design architecture integrates.

Confidentially authentication automated key management Firewalling tunneling

routing remote access remote management and EP Sec Standards.

CONFIDENTIALITY:

Encryption is used to provide confidentiality and data integrity within a networked

environment Confidentiality ensures that no one can view the data while it is being
transmitted, and data integrity ensures that no one can modify the data undetected.

13
Seminar Report Virtual Private Network

Encryption plays an integral roll in a secure VPN solution, and as such, a solution should
include multi encryption algorithms, This will allow the manager to apply the appropriate
algorithm depending up on the length of key required (ie : the level of security required).

Over the past several years, a number of studies have been initiated to determine the
minimum key length that is required to secure critical information. Resent studies performed
by independent scientist conclude that minimum key lengths should be no less than 90-bits.
When choosing a secure VPN solution, ensure that it uses a proven encryption method, and
that the algorithm supports key lengths longer than the recommended minimum bit length.
Processing power is rapidly increasing and the longevity of a secure VPN solution can be
shortened if its encryption algorithms are week or the key lengths are too short

PUBLIC KEY AND SECRET KEY CRYPTOSYSTEMS;

There are two major types of Cryptosystems in use today: Public key and Secret
key and Cryptosystems. Secret key Cryptosystems, such as DES or Triple Pass DES, use the
same key to encrypt and decrypt data and tend to be fast and efficient However, because they
use is same key to encrypt and decrypt data, they suffer from a key distribution problem; how
to get the Secret key to the other side without any one else intercepting the key?. Public key
Cryptosystems, such as RSA, use two keys, one to encrypt data and a different key to decrepit
data. As such, the problems surrounding key distribution are solved since the encryption
(Public key) can be freely distributed knowing that the receiver of the message is the only
person who will be able to decrypt message as long as the description keys (private key) is kept
secret. However, public key Cryptosystems tend to be solver than Secret key Cryptosystems of
comparable strength. Therefore, a good VBN solution will use Public key technology for key
distribution and Secret key technology to allow fast and efficient encrypted transfers.

14
Seminar Report Virtual Private Network

AUTHENTICATION:

The ability to authenticate encryption device and users is a vital aspect of a secure
VPN solution, password protection is easily broken and inherently insecure. X. 509 Digital
Certificates are the defecate standard for authentication, because they provide stronger
authentication over password based solution. In addition, since X. 509 Certification is
independent of a central database, then-schema is more reliable and provides enhanced
performance. By verifying the digital signature of the Certification authority, any user or
network device can easily authenticate the other end of a communication channel before
initiating communication with that specific use or device. A secure VPN solution that fully
integrates X, 509 Certificates is beneficial because it follows industry standards and will
provide an enhanced security over password - only solution.

AUTOMATED KEY MANAGEMENT:

Automated Key Management is an important component of a secure VPN. Automated

Key Management defines Crypto periods for session keys as well as digital certificate. Many
VPN solutions require administrators to manually enter keys on each device situated on the
WAN. This solution is an extremely shortsighted approach and will become unmanageable as
the business grows and the number of network devises increase imaging trying to manually
changed key on 100 or 1000 devices everyday! It is also relatively insecure because humans
tend to generate more predictable keys than what is produced through automation. It is vital
for a secure VPN solution to include server - based key generation management, the random
number generated that does not reveal keys and a secure operating platform that cannot be
modified. The ability to Cryptoperiods is also important to ensure that keys are automatically
recycled at set time intervals. This

15
Seminar Report Virtual Private Network

will greatly inhibit any adversary's ability to break keys, and gain access to proprietary
information.

FIRE WALLING:

Fire walls are designed to product Internal network from outside attack and to provide
access control to the Internet for all users within your internal architecture. It is critical for a
VPN solution to include a firewall that is fully integrated and interoperable with the other
components of the solution.

The main security features of a VPN are:

DES and Triple PASS DES algorithm.

Network layer encryption
Tunneling support
Firewall functionality and interoperability with installed firewall
technology

Multi-protocol support
Automated Key Management's set Cryptoperiods - adds security against
key breaking X. 509 Certificate superior security over passwords.

Secure desktop - to -desktop communication.

ADVANTAGES

Where is a VPN useful?

Vans offer a cost effective alternative for data communications between intra company
offices (both domestic and international), inter company communications (for electronic commerce
in the form of the file transfer, electronic mail, EDI, web and client server applications) and remote
access for domestic and international remote users and business partners. Industry research
estimate that operational cost savings of up to 60% over equivalent private networks can be
realized.

Ease of use:

> Completely transparent to the end user.

> Automatic key management

16
Seminar Report Virtual Private Network

> Centralized logging Firewalling, bridging and routing functionality.

> Full interoperability with existing network infrastructure and applications
remote access.
> Full compatibility with Microsoft Dial-Up networking ensures Desktop
Applications compatibility.
> No day-to-day management required.

Significant Cost Savings:

Studies have shown that migrating from private to virtual private networks can generate
cost savings of between 20 to 45%, even for relatively small networks.
Strategic Power:

Even more important than the substantial cost savings are the strategic avenues that
VPNS open for an organization, a flexible, ubiquitous communications infrastructure enables
company to pursue powerful new strategic initiatives and relationships, improve communication
with offices and customers, lock in vendors and partners while creating to competition, and
develop and deploy new products with improved time- to time- market.

Reinvent the Business:

A flexible, ubiquitous commimications infrastructure provides the companies the

opportunity to literally reinvent themselves and their relationship with customers and partners.
VPNs provides the freedom and flexibility to scale a business -quickly, easily and cost-effectively.

General Capabilities:

Provide "industrial-strength" security

Accommodates dynamically changing communities of users.
Able to exchange information in various forms (web pages, files,....etc)
Accommodates different users with different browsers, applications, Operating
system, etc.
Allows users to join groups or administrator to assign identities in a controlled
but simple fashions.
Maintains integrity over time, regardless of administrative turn over, changes in
technology or the increasing complexity of the corporate information system.
CONCLUSION

17
Seminar Report Virtual Private Network

VPNs: The best of both worlds

True VPNS combines the best aspects of both private and public networks: the flexibility,
scalability and cost structure of a public network with the security and performance characteristic
of a private network. It is this powerful combinations that makes VPNs reliable infrastructure for
even the most critical corporate data.

18
Seminar Report Virtual Private Network

BIBLIOGRAPHY

1. http://ww.vpn.com
2. http://www.pcwebopedia.com
3. http://www.altavista.com
4. http://www.egurukul.com

19