Analogy: VPNs Securely Connect IsLANds
Your network (LAN) is an island of sanity, order, and user services in an unpredictable ocean known as the Internet. You know thousands of other islands exist within this ocean; when you want to travel from island to island, you would hop on a ferry and travel to the next island that just also happens to be that website or the latest smartphone you had your eye on.
Now, you are on this ferry (using TCP/IP) traveling over the ocean (Internet) to reach something on an island (LAN) that is going to provide you with some sort of service (website). This makes perfect sense, right? Now, how many other people do you see on that ferry—perhaps a few, or perhaps many thousands? The potential problem is that you have no security or privacy traveling from island to island; other people can see everything you see. Now, if you were reading the latest news on www.foxnews.com, who cares if you do not have privacy? However, if you were going to your company’s island to check on something, this lack of privacy can have serious ramifications. Do you want anyone looking over your shoulder as you put in your credit card number to make a purchase or to upload the latest sales figures to the corporate server?
Because you are traveling on the worldwide ocean that is the Internet, you have no control over the wires, fiber, routers, or switches that make up the Internet. Nor do you get any guarantees of any sort. In other words, you might reach some website or other server, but there are no guarantees. Remember, connecting to the Internet is a privilege and not a right! Having no control of the Internet means that you are susceptible to security issues, and this becomes especially true if you want to connect two private networks using a public resource such as the Internet, and you want to do this because it is a great cost saver.
Note
Once, when conducting a network assessment of a customer’s network, I observed that the company had no firewalls at any of its four sites, which were all connected directly to the Internet. This is a serious concern, but what struck me as a real issue is that this customer had configured Microsoft servers at each of the locations to trust one another over the public Internet! All a hacker would have had to do was hijack that trust, and the network would be totally compromised; it had occurred several times but the company refused to make a change. I had to shake my head in disbelief—do not let this happen to you! Use VPNs to protect your network!
As the person in charge of connecting your island to another, you are directed to connect your island with a new one your organization is getting ready to open. Your island decides to build a bridge to this other island so that there is an easier; more secure, and direct way for people to travel between the two. It is expensive to build and maintain this bridge, even though the island you connect with is close. But the need for a reliable, secure path is so great that you do it anyway.
This situation is a lot like having a private WAN. The bridges (private lines) are separate from the ocean (Internet), yet they can connect the islands (LANs). Many companies have chosen this route because the need for security and reliability drives the connection from their remote offices to their main office.
Your island would like to connect to a second island that is much farther away, but you decide that the cost to build a bridge is simply too high to justify. You quickly learned that, if the offices are far apart, the cost could be prohibitively high, just like trying to build a bridge that spans a great distance. However, the need is still there.
Note
Many businesses have a tendency to allow IT to drive the evolution of their business, and although this is appropriate for some, most businesses must reverse this thinking. The needs of the business should drive the evolution of a company’s IT infrastructure. To me, this is a fundamental truth because businesses are not in business to build a big IT department or network! Nerds, take note: The days of blindly spending money are over, and reality has unfortunately returned in the form of the proven business model.
Are you wondering when VPNs are going to fit into this analogy? You have established that you need increased security, and the first option was to build a bridge; however, that is too expensive. You could give a submarine to everyone who needs the ability to privately and securely travel between islands. A submarine is a perfect analogy for a VPN because, like a submarine, VPNs have the following amazing properties:
• They can be very fast.
• They are easy to take with you.
• They can hide you from others.
It might not be easy to take a submarine with you; however, I am sure you understand this analogy. There are several different ways to implement VPNs, and the following sections examine the three types of VPNs. Another good analogy would be the concept of the Stargate portals from Hollywood. You must get the symbols right on both sides (the SA for VPN), and you must have a stargate on the other side that is “on” for the hyperspace tunnel to form (the VPN tunnel)....I bet you thought that nothing intelligent comes out of Hollywood; I know I did!