Everything that goes over a secure VPN is encrypted to such a level that even if someone captured a copy of the traffic, they could not read the traffic even if they used hundreds of millions of dollars worth of computers. The main reason that companies use secure VPNs is so that they can transmit sensitive information over the Internet without needing to worry about who might see it. Sometimes an entire hybrid VPN is secured with the secure VPN, but more commonly, only a part of a hybrid VPN is secure. The secure parts of a hybrid VPN might be controlled by the customer (such as by using secure VPN equipment on their sites) or by the same provider that provides the trusted part of the hybrid VPN. In addition, trusted VPN segments can be controlled from a single place, and often come with guaranteed quality-of-service (QoS) from the provider.Ī secure VPN can be run as part of a trusted VPN, creating a third type of VPN that is very new on the market: hybrid VPNs. These new trusted VPNs still do not offer security, but they give customers a way to easily create network segments for wide area networks (WANs). More recently, service providers have begun to offer a new type of trusted VPNs, this time using the Internet instead of the raw telephone system as the substrate for communications. Networks that are constructed using encryption are called secure VPNs. This encrypted traffic acts like it is in a tunnel between the two networks: even if an attacker can see the traffic, they cannot read it, and they cannot change the traffic without the changes being seen by the receiving party and therefore rejected. Seeing that trusted VPNs offered no real security, vendors started to create protocols that would allow traffic to be encrypted at the edge of one network or at the originating computer, moved over the Internet like any other data, and then decrypted when it reached the corporate network or a receiving computer. Thus, these are called trusted VPNs.Īs the Internet became more popular as a corporate communications medium, security became much more of a pressing issue for both customers and providers. The VPN customer trusted the VPN provider to maintain the integrity of the circuits and to use the best available business practices to avoid snooping of the network traffic. A leased circuit ran through one or more communications switches, any of which could be compromised by someone wanting to observe the network traffic.
This allowed customers to have their own IP addressing and their own security policies. The privacy afforded by these legacy VPNs was only that the communications provider assured the customer that no one else would use the same circuit. The communications vendor would sometimes also help manage the customer’s network, but the basic idea was that a customer could use these leased circuits in the same way that they used physical cables in their local network. Each leased circuit acted like a single wire in a network that was controlled by customer. It is important to note that secure VPNs and trusted VPNs are not technically related, and can co-exist in a single service package.īefore the Internet became nearly-universal, a virtual private network consisted of one or more circuits leased from a communications provider. This document describes three important VPN technologies: trusted VPNs, secure VPNs, and hybrid VPNs. Companies today are looking at using a private virtual network for both extranets and wide-area intranets. A virtual private network makes it possible to have the same protected sharing of public resources for data. Phone companies have provided private shared resources for voice messages for over a decade. The main purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the shared public infrastructure. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company.
A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.
0 kommentar(er)
