1. Private Network:
This is a separate type of LAN system that uses IP addresses to share data between connected nodes. In this form, applications and data gateways (used to manage connection protocols) are designed to increase security. Private Network is very suitable for offices, companies that have all computers, network equipment in the same place, and if Private Network is deployed in many different locations, then the administration department will have to buy additional transmission lines. - Dedicate, to ensure smooth data transmission during operation:
2. Hybrid Network:
This model is a little different from Private Network, designed exclusively for the headquarters, corporate headquarters and the ability to access, process data on a large scale. Hybrid Network system combines all the specifications of Private and Public networks to communicate with the external environment, but still ensures the security of the enterprise. Functionally, Hybrid Network will navigate all the links and share data through the Private Network, while the rest of the system, along with sending data, importing or processing information will Go through the link of the Public Network. Like the Private Network, deploying this system model requires users to have a fixed line - Dedicate to ensure the process of communication, monitoring and management of internal information is stable. specified:
3. Why businesses use VPN:
In terms of technical nature, Private Network can completely ensure the safety of data sent and received, as well as the speed of transmission. This simple network model only requires a single fixed line to send and receive the tested information, but after deploying the Private Network, we must apply the Public Network to communicate with external environment. And this is also the cause that leads to the development of Hybrid Network, with many advantages being combined from Private and Public Network. However, Hybrid Network will use two fixed lines for separate Public and Private connections. For example, if an organization has 4 different branches, it will need a secure connection to connect, besides access via WAN. And to solve this problem, many businesses have chosen and used the Virtual Private Network.
4. Virtual Private Network – VPN:
As mentioned above, the network system is Private and Hybrid model with high cost and separate connection to make the connection to the nodes. VPN technology has helped users to cut a lot of initial costs as well as incurred compared to Public and Private Network systems, while allowing businesses and organizations to use WAN communication to connect to the system. public and private respectively. The reason why is called virtual system - Virtual because this model does not require physical equipment to secure data transmission. VPN technology uses various information encryption modes to prevent unauthorized access from hackers, programs containing malicious code or common methods of system attacks, specifically using VPN techniques. tunneling techniques to ensure the security level of data, easily compatible with many other technical systems:
Mechanism of operation of VPN:
In fact, the way VPN works is quite simple, not much different from normal server - client models. The server will be primarily responsible for storing and sharing data after encryption, monitoring and providing a gateway system to communicate and verify client accounts during connection, while the VPN client, as well as Like the client of the LAN system, will send a request - request to the server to receive information about shared data, initiate connections to other clients in the same VPN system and handle data security process. via the application provided.
This is the most basic difference of a VPN compared to a regular LAN. You can imagine this is a type of tunnel in the Internet cloud through which, requests to send and receive activity data.
The concept of Tunnel has helped us better understand the operating model of a VPN network. When a user initiates a connection or sends data via a VPN, the Tunneling protocol used by the VPN network (such as PPTP, L2TP, IPSec ...) will "package" all this information into one package. others, then encrypt them and send them through the tunnel. At the end of the receiving address, the tunneling protocol's corresponding operation protocols decode these packages, then filter the original content, check the origin of the packet as well as information and data. be categorized otherwise.
Tunneling Compulsory and Voluntary:
The Tunneling classification based on origin starts the connection. And there, there are two main types, which are Compulsory and Voluntary Tunneling.
- Compulsory Tunneling is usually initialized by Network Access Server without requiring information from the user. In addition, VPN clients are not allowed to access information on the VPN server, since they are not primarily responsible for controlling newly created connections. Compulsory Tunneling will operate immediately between the server and the VPN client, taking over the main function of validating the client account with the VPN server.
- Voluntary Tunneling is different, initialized, monitored and managed by the user. Unlike Compulsory Tunneling - usually managed by service providers, this model requires users to directly initiate a connection with the ISP unit by running the VPN client application. We can use different VPN client software to create highly secure tunnels for each VPN server individually. When the VPN client program intends to establish a connection, it will proceed to identify the VPN server or be specified by the user. Voluntary Tunneling does not require too much, except installing additional tunneling protocols on users' systems.
5. Different types and techniques of VPN:
- PPTP (Point-to-Point Tunneling Protocol) VPN is the simplest VPN technology, using the Internet connection provided by ISP to create a secure tunnel between client and server or client and client. PPTP is an application based on VPN system, you probably know that Windows has built-in PPTP function inside, and all that is needed to connect to the VPN system is just a VPN support software. client. Although PPTP does not have a number of security mechanisms to ensure the flow of information and data (Point to Point Protocol takes care of this with PPTP), Windows has basically conducted validation and encryption with PPTP to Encrypt the previous package. The advantage of this model is that it does not require additional external hardware to deploy, and the client system can use the provided software to connect to the VPN server. However, the downside of this type of system is that based on the Point to Point protocol to increase the security of data packets, so before these packages start "passing" the tunnel, they can still hacked from outside sources.
- SSH (Secure Shell) Tunneling uses secure shell protocols to create separate tunnels to transfer data from one point to another. The biggest advantage of using SSH-based tunneling is that it is easy to bypass the Internet's firewall system. Typically, organizations (with the need to force employees to use a fixed proxy server to access their own websites and documents) use the SSH protocol to direct all traffic from the dedicate server. There is a little difference compared to SSL based VPN, where the HTTPS protocol comes into effect on applications, management systems, web browsers ... to secure the data transmission process between devices. external to the established VPN network, only two HTTPS protocols are required to initiate the connection between the two endpoints.
Developed by IETF, IPSec is primarily responsible for securing the IP connection between system endpoints and VPN tunnels. IPSec "traversed" packets will be encrypted by AES, DES or 3DES. Besides, it also provides additional functions of compressing data and confirming accounts for each different network layer. The IPsec VPN technique uses tunnel mode instead of transport. Before sending data, the system will "pack" the IP package into a new IP package, then assign an additional IP header layer, along with ESP - Encapsulated Security Payload header to improve security. In addition to ESP, this model also uses AH - Authentication Header as a support protocol to apply security layer to the original information and data.
Microsoft has collaborated with Cisco and developed an alternative protocol for PPTP, which is L2TP - Layer to Tunneling Protocol to integrate more data. However, you should note that L2TP, like PPTP does not provide additional information encryption mechanism but relies on PPP - Point to Point Protocol to encrypt different data layers. L2TP tunneling will assign L2TP data header to the original payload layer, then move to the last point in the UDP diagram. In addition to the Point to Point protocol, account security and authentication can be performed through the application of IPSec in the network layer.
6. Set up and use VPN:
In fact, there are many ways to create and set up VPN networks for customers, clients and branches of the company in different parts of the world, so they can easily share. Personal information, providing gateway to communicate with external networks.
Connecting to a remote VPN network (Office VPN):
Like previous versions of Windows, Windows 7 already has a basic way to connect to a VPN server. If the user intends to want to connect to the office, the PPTP / L2TP VPN network, you can use the VPN client program to initiate the connection.
Before proceeding, please ensure that you have configured and set up the equipment in accordance with the instructions of the system administrator. Next, open the Network & Sharing Center, select the link Set up a new connection or network, the Connection Wizard window displays, we choose Connect to a workplace and Next:
Next, select the connection type to use:
Here we choose Use my Internet connection (VPN)
At the following screen, you need to enter the corresponding information provided by the Admin, namely the IP address, domain, or via smart card device:
After clicking Next is the final step of the setup process, you need to enter the Username and Password provided by the Admin:
Then, click Connect to begin the process of connecting to the VPN. Once completed, you can check the details of the IP address from the Network and Sharing Center or type the ipconfig command in the Command Prompt.
With some of the above specifications, we can see that the Virtual Private Network is one of the best solutions to secure personal or corporate or organization data when it is transferred to many other locations. each other, easily meet the needs of security and security in the model allowed. Compared to other similarly paid paid systems, VPN technology deserves to be one of the most difficult to defeat in creating and managing data processing centers.
Read more: 11 best VPN software today