Virtual Private Networks (VPNs) are capable of providing a secure “tunnel” between systems or applications. VPNs are valuable for providing confidentiality and integrity protection of communications for applications that do not understand or implement those protections–the most obvious being legacy applications, and in particular the protection of ids and passwords transmitted across networks to those applications.
Note that, just because an application uses strong authentication ( Public Key or Kerberos ), does not mean the application also provides confidentiality and integrity protection for transmitted information. While strong authentication mechanisms typically (but not always) provide the key material necessary to protect subsequent communications, you can’t assume an application is providing that protection.
In some cases, a VPN may be necessary to protect communications even for those applications which use strong authentication. In other cases, a VPN may simply be a convenience to remove the burden from the application developers. Another case to be made for VPNs is the ability to externally enforce policies on the protection of transmitted data, without the knowledge or cooperation of the target applications or systems.
VPNs generally fall into two categories: network-layer or application-layer. The market does not, as a rule, distinguish between these different types of VPNs. However, that distinction is very important if VPNs are used as part of a secure SSO solution. There are various charaterristics which a high performance VPN solution should have:
With advanced encryption algorithms and authentication methods, It enables secure access to corporate resources for road warriors, telecommuters and branch offices, providing secure Net-to-Net, Host-to-Net and Host-to-Host connectivity.
VPN should prevents eavesdropping and data tampering, protecting information confidentiality. In addition to verifying host and end-point integrity, VPN should protects data integrity, ensuring that no modifications were made to the data while in transit.
VPN should supports universal protocol i.e.native Windows IPSec Client, OR Secure software based Client and other VPN clients that follow the IPSec standard.
VPN should works in transport and tunneling mode, securing IP packets from the originating source to the destination as well as wrapping an existing IP packet inside another defined in the IPSec format. With this flexibility, enterprises can have secure connectivity through different Internet service providers and network types.
It should fully integrate with Firewall, the VPN functions alongside NAT and provides secure end-to-end network connectivity.
Designed to reduce the complexity of standalone solutions and enhance security, IPSec VPN is a part of any strategic threat management solution, offering easy configuration and installation, ease of use and cost-effectiveness.
With centralized policy-based management and remote monitoring, VPN should reduces operational costs while delivering secure connectivity. User and group-based policies can be created, access rights granted and managed easily with packet filter policies on a per-user basis.