Understanding Virtual Private Networks

In today's work environment, several classes of users are not always in the same physical location as your main computer network, including the following (to list just a few):

• People on business trips

• Remote workers

• Remote partners

• Contractors

• Remote corporate sites

Figure 11-1 shows an overview of various types of VPN users and remote access devices.

The one thing all of these people have in common (generally) is that even though they are remote, if they have access to your corporate network resources, they can be much more productive. VPN is a networking technology that enables these classes of users to do just that. When logged on to a VPN, the remote user has access to all Internet network services such as DNS, web, mail, FTP, and network applications as if they were physically on your network. They might even have an IP address in the same subnet as those users who physically are on the inside of your network.

Not only does VPN provide full access to network resources, it also provides a full set of security features that are required for remote users, including the following:

• Data encryption mitigates against traffic being stolen off of the public network.

• Tunnel and client authentication ensures that the person logging in to your network is who she claims to be.

• Data authentication ensures that the data received on both ends came from the authenticate tunnel user and hasn't been tampered with.

• "Are you there" (AYT) functionality on the client end ensures that the client PC is protected with personal firewalls or host intrusion prevention before it can log in to you network.

• Low cost, because the client can log in to a local ISP, eliminating long-distance or toll-number phone charges.