Chapter 7. Virtual Private Networks

In today's interconnected world, the need to move information from site to site is becoming common. Whether this move is from one end of town to the other or across the globe, the basic challenge is the same: How can we securely transport our data? For many years, this transportation was accomplished with expensive proprietary links that were leased from communication vendors so that companies had a "private" segment for such communications. The longer the distance, the more these connections cost, making wide area networks (WANs) a luxury that many firms could not afford. At the same time, many firms could not afford to go without them. As broadband Internet connections became staples for many firms, the concept of using the existing structure of the Internet as WAN cabling became an intriguing one. Costs could be greatly reduced using these already available public access points. The concern again was how to keep the data secure. Because we are sharing an international "party line" with anyone else who connects to the Internet, how can we be sure that our data is protected from eavesdroppers? The solution is Virtual Private Networking.

In this chapter, we discuss the basic concepts of how a Virtual Private Network (VPN) works and is configured, the basic encryption technologies that a VPN uses, details of Internet Protocol Security (IPSec) (a standard for VPN networking), as well as other popularly implemented protocols for virtual networking. We also show sample configurations that demonstrate practical applications for the theory we cover. This chapter also provides a foundation for understanding Chapter 16, "VPN Integration," which discusses how VPN technologies can be incorporated into the security perimeter.