Chapter 9. IPsec Virtual Private Networks (VPNs)
Change is life giving; it helps us grow into someone greater than we already are.
—Success Stories
By the end of this chapter, you should know and be able to explain the following:
• The difference between the different types of VPNs
• The benefits and goals of VPN technology and how it should be deployed
• Where the encryption modes are and the functions they play in securing VPNs
• The protocols used during the operation of an IPsec VPN
Answering these key questions will enable you to understand the overall characteristics and importance of network security through the use of several different types of VPNs. By the time you finish this book, you will have a solid appreciation for network security, its issues, how it works, and why it is important.
Workers today are more mobile than ever and are accessing information through laptops and other mobile devices such as smartphones. For telecommuters, Gartner Dataquest predicted that in 2010, 29 percent of workers were telecommuters, up from 27.5 percent in 2009. The number of mobile workers who work from home or other locations continues to rise as well. Mobility enables workers to maintain their productivity, no matter when, where, or how they work.
As connectivity grows and personal mobility increases, the need for networks to adapt and provide services also continues to increase. Users do not understand the security concerns for the remote services that they demand for productively, regardless of location. Users traveling to other countries, in airports, customer sites, and so on demand the ability to connect to corporate resources to fulfill their jobs. With the increased levels of connectivity from T1s and wireless in airports, to Wi-Fi hot spots, and customers with high-speed connections, those people who are responsible for maintaining networks are faced with some difficult decisions. How should they provide the required IT services to users, regardless of their location, in a secure and reasonable manner?
Technology has evolved, and the leading solution for these demands is Internet Protocol Security Protocol (IPsec) encrypted virtual private networks (VPN). Occasionally, a technology’s name accurately reflects its function, and this is the case with VPNs.
This chapter discusses the use of VPNs, how they function, the encryption provided by IPsec, and how these technologies can ensure your network’s security is maintained while increasing available services to your customers. Everyone has customers to whom they provide some degree of service, regardless of the field. However, for VPNs, customers can be defined as anyone with the business need to securely connect to the corporate network to access resources. Customers can be mobile users (sales, system engineers, and so on), power users going online all the time, executives conducting your company’s affairs while out of the office, or business partners picking up or dropping off important information. Resources are defined here as any device not directly accessible from the Internet; these resources might include email servers, file servers, Citrix servers, or network devices.
The information accessed by mobile workers is not simply limited to business information. Workers from the Millennial—Generation Y group (those born after 1980) typically use the same mobile device to access both personal and professional information. Of the estimated 14 million telecommuters, 69 percent of them report that they use whatever device, software, or site they want, regardless of corporate policies. To continue to foster innovation, enable productivity, and meet the needs of the mobile workforce, companies must adapt to the changing trends in mobility.
Note
The National Institute of Standards and Technology (NIST) created AES, which is a new Federal Information Processing Standard (FIPS) publication that describes an encryption method. AES is a privacy transform for IPsec and Internet Key Exchange (IKE) and has been developed to replace the Data Encryption Standard (DES). AES is designed to be more secure than both DES and 3DES, so don’t use anything DES.
Arguably the hottest topic in data security today, VPNs are full of promise for businesses seeking to lower cost, increase flexibility and scalability, and ensure the security of their communications.
But what exactly does a VPN do, and how can it affect your business drivers—lowering cost, mitigating risk, and increasing revenue? The popularity of VPN technology is directly related to its potential to bring about significant return on investment (ROI). For businesses paying the often staggering costs of private connections via MPLS or Frame Relay, the cost savings associated with deploying VPNs to replace these costly connections is significant. To understand the value of a VPN to your business, you might want to consider the benefits that VPNs most often bring:
• Site-to-site VPNs can take the place of expensive WAN telco circuits by replacing private line services with site-to-site VPNs that use the Internet instead to connect remote sites.
• Remote access VPNs enable employees who work from home or are out of the office to remain securely connected to organization resources.
If your organization is making significant recurring investments in either WAN telco circuits, a VPN can provide an alternative approach with a big payoff in cost savings and flexibility.
Before entering into a technical overview of the components and possibilities involved in deploying a VPN, you must firmly understand the core operations of VPNs. Analogies work well because they introduce people with vastly different levels of knowledge and experience to a complex subject.