Chapter Preview
TopIntroduction
Within technologies for the safe use of interconnected computer systems, Virtual Private Networks (VPNs) represent a segment with a remarkable development both from the commercial (both in the private sector and the public administration) and the technological side, where we see significant investments by vendors and system integrators. All these involve rapid and interesting innovations in the proliferation of advanced services by specialized operators and, in general, in the growth of this sector.
A VPN (Connolly, 2002; Golen, 2002; Tyson, 2008) enables you to separate different types of traffic and implement secure private connections across public networks through labeling techniques, tunneling and traffic encryption (Browne, 2001; Cisco Systems, 1999). VPNs are an effective and safe way to extend services, applications and enterprise networks, beyond the physical boundaries of individual organizations by transparently supporting the innovative services of today’s network infrastructures. Development supported by the investments from the main protagonists of networking (satisfying functionality, manageability, scalability, and security) has led to a gradual improvement in the functionality of encryption techniques, authentication sessions, tunneling and traffic engineering. To these basic functionalities, we can add other features such as the support for Voice and Video applications over IPSec VPNs (Cisco Systems, 2002), or the possibility of configuring multi-point VPNs by dynamically adding and/or removing nodes.
Today it is possible to administer, from a single management point, the deployment and configuration of tens of thousands of VPNs, centrally administer the security policies for each user, and remotely set the configurations of the various hardware and software devices, making it also extremely simple and transparent to network users (Awad et al., 2013). All these are elements that describe the two main strands on which the further development of VPN technologies is also based: support for advanced converged networks (data, voice, video, storage on a single IP network infrastructure), and simplifying the implementation of such systems.
Key Terms in this Chapter
Quality-of-Service (QoS): A set of performance criteria that a system is designed to guarantee and support as a minimum.
Protocol: An agreed understanding for the sub-operations that make up a transaction, usually found in the specification of inter-computer communications.
Algorithm: A rule or procedure used to solve a mathematical problem, most often described as a sequence of steps.
Packets: Collections of digital data elements that are part of a complete message or signal; packets contain their destination addresses to enable reassembly of the message or signal.
Bandwidth: A measure of the frequency component of a signal or the capacity of a communication channel to carry signals.
Digital Signature: An identifier used to authenticate the sender of an electronic message or the signer of an electronic document.
Public Key Infrastructure (PKI): The supporting programs and protocols that act together to enable public key encryption/decryption.
Open Systems Interconnections (OSI): A communications standard developed by the International Organization for Standardization (ISO) to facilitate compatible network systems.
Virtual private network (VPN): A commercial approach to network management where privately owned voice and data networks are set up on public network infrastructure.
Authentication: The act of ensuring that an object or entity is what it is intended to be.
Checksum: A number that is derived from adding together parts of an electronic message before it is dispatched; it can be used at the receiver to check against message corruption.
Encryption: Also known as encoding; a mathematical process that disguises the content of messages transmitted.
Intranet: An interconnected network of computers that operates like the Internet, but is restricted in size to a company or organization.
Digital Certificates: Certificates used in authentication that contain encrypted digital identification information.
Metropolitan Area Network (MAN): A high-speed interconnected network of computers spanning entire cities.
Client/Server Technology: Computer systems that are structured using clients (usually human driven computers) to access information stored (often remotely) on other computers known as servers.
Tunneling: A way of handling different communication protocols, by taking packets of a foreign protocol and changing them so that they appear to be a locally known type.
Infrastructure: The foundation or permanent installation necessary for a structure or system to operate.
Router: A network device that directs packets to the next network device or to the final destination.
Internet Protocol (IP): A method of organizing information transfer between computers; the IP was specifically designed to offer low-level support to Transmission Control Protocol (TCP).
Secure Sockets Layer (SSL): A technology that supports encryption, authentication, and other facilities and is built into standard UNIX communication protocols (sockets over TCP/IP).