| A virtual private network delivers upon business needs for data confidentiality, data integrity, data authenticity, and non-repudiation. In doing so, A VPN hardens network infrastructure against untrusted, malicious activity. As the competitive landscape of business changes over time, VPN technologies will evolve to provide organizations the flexibility and productivity needed to maintain a competitive advantage. There are many shapes and sizes of VPN implementations. This chapter discussed many popular and emerging VPN technologies within the scope of the OSI model. At this point, you should be familiar with the various types of VPN technologies, where they sit in the OSI stack, and the benefits that each brings to the table: Layer 2 VPDN technologies: L2F, L2TP, and PPTP Layer 3 VPN technologies: MPLS, L2TPv3, and IPsec Layer 4 VPN technologies: SSL and TLS
Enterprises are now deploying VPNs in almost every area of the network in order to fully harden their data communications infrastructure against malicious activity. The following are three popular areas in which an enterprise may choose to implement a VPN: Corporate WANs A company's internal links can be compromised by inside attackers seeking to steal or manipulate data as it traverses the corporate intranet. Additionally, as the business landscape becomes even more competitive, organizations must increasingly rely on communications across untrusted, shared infrastructures to communicate. This particular type of growth becomes one of the main drivers behind the implementation of site-to-site VPNs in corporate enterprise networks. Corporate extranets Now more than ever, organizations are leveraging the use of the Internet to collaborate with one another. Whether the scenario describes a global investment bank relying on timely and accurate news feeds from Reuters and Bloomberg for critical large-scale financial decisions, or a large regional hospital processing thousands of claims with a global health-insurance provider, the need for confidential, secure communications becomes critically important. As such, corporate extranets are another demand driver for site-to-site VPN implementations. Remote access VPN implementations This chapter discussed examples of how providing a workforce with more flexibility throughout the day drives productivity, ultimately positively impacting an organization's bottom line. A Remote Access VPN can be used to enable such flexibility. Sales and marketing staff, frequently on the move, comprise one contingent of those that will heavily use an RAVPN implementation, which almost always traverses some form of untrusted, shared infrastructuresuch as a service provider network. RAVPN technologies have evolved from Layer 2 VPDN solutions to more robust and flexible Layer 3 IPsec and Layer 4 SSL and TLS solutions in order to deliver confidential, authentic exchange of data in these scenarios.
You have seen that VPN technologies are a critical component to Cisco's end-to-end security strategythe Cisco Security Wheel. Throughout the course of this book, you will explore the VPN platforms available to effectively implement specific types of VPN architectures. The book further explores specific design scenarios and case studies to effectively illustrate common design issues and how a network architect can remediate those issues. |
