Home - Knowledge
Center - Healthcare Technologies
- Computer Networks
Virtual Private Network
A virtual private network (VPN) is a private network that uses
a public network, such as the Internet, to provide remote sites or users with
secure access to their organisation’s network by establish ‘virtual’ encrypted
links. Privacy on these networks is ensured through the use of security
procedures and tunnelling protocols.
advertisement
Security procedures include:
- Firewalls: These provide a barrier
between the VPN and the Internet. They help to keep intruders out of the
networks, especially when the VPN sessions are ended.
- Encryption: Data sent between the
computers in the network are encrypted using either symmetric key encryption or
public-key encryption.
With symmetric key encryption, each
computer on the network is assigned a secret key or code which is used to
encrypt the data before it is sent over the network. The keys are then
distributed to all on the computers. When the data is received by the destined
computer, it uses the code of the sender computer to decode the data.
Public key encryption uses a private
key and public key that is assigned to which computer on the network. The
private key is known by only the computer that it is has been assigned to. The
computer uses this private key to encrypt data before it sends it over the
network. The data is decrypted by the receiving using the public key of the
pair, which is made available to all computers on the network.
- IPSec (Internet Protocol Security
Protocol) – IPSec provides its users with strong encryption algorithms and a
comprehensive authentication procedure.
- AAA Server – An AAA (authentication,
authorization and accounting) server is used to provide secure access in a
remote access environment. When individual users request a connection the
network, the AAA server verifies who the user is (authentication), what the
user is allowed to do (authorization) and what the user does on gaining access
to the network (accounting).
Tunnelling protocols are used to
encrypt data, along with the originating and destination network addresses, at
the sending end. The protocols are also used to send the data through a
‘tunnel’ that cannot be entered by any data unless it has been properly
encrypted and then decrypt the sent data at the receiving end.
Tunnelling protocols are essential
in creating a private network over the Internet and they include L2TP (Layer 2
Tunnelling Protocol), PPTP (Port-to-Port Tunnelling Protocol), L2F (Layer 2
Forwarding) and GRE (Generic routing encapsulation).
There are two main types of VPNs
available:
- Remote Access VPN: also known as Virtual
private dial-up network (VPDN). This is used for establishing secure
connections between remotely located employees and a central office.
- Site-to-Site VPN: is used for
establishing connections between multiple fixed sites over a public network
such as the Internet, using dedicated equipment and large scale encryption.
Site-to-site VPNs could be set-up as intranets or extranet. One of the best
known examples of a site-to-site VPN is the
NHSnet maintained by the National Health Service (NHS in the United Kingdom.
|
|
|