Glossary of VPN Terms

Certificate authority (CA) A third-party organization such as Entrust or VeriSign that provides validation of identity and authority. The CA issues digital certificates (or digital IDs) to create digital signatures and public/private key pairs.

Data Encryption Standard (DES) A 56-bit private-key algorithm that uses the block cipher method. Block cipher sends encrypted data to break the text into 64-bit blocks before transmitting it.

Digital certificate A user's public key digitally signed by the certificate authority. The software sends the certificate with an encrypted message to verify the sender's identity. The recipient uses the CA's public key, which is widely publicized, to decrypt the sender's public key attached to the message. Then the sender's key is used to decrypt the message.

MD5 authentication Verification of message integrity using Message Digest, Version 5, a hash function used to create digital signatures.

Private key The private half of the two-part key cryptography technique on which digital certificates are based. The user keeps the decrypting key secret.

Public key The public half of the two-part key cryptography system. This is what you give the recipient of your data to decrypt your message.

Public key infrastructure (PKI) A federal policy defining the use of public key encryption. It describes the format of certificates and the functions of CAs in both the public and private sectors.

RC4 and RC5 encryption Algorithms developed by RSA Data Security. RC4 and RC5 use a stream cipher method to encrypt a steady flow of data.

Secure Hash Algorithm-1 (SHA-1) authentication. A hash function developed by NIST (National Institute of Standards and Technology). Though SHA-1 is slower than MD5, it is considered more secure.

Triple DES A procedure where the DES algorithm is used to encrypt the data three times.

IP Security Protocol (IPSec) An IETF-developed security standard that details data tunneling, authentication, and encryption over an Internet connection.

Tunneling The process of encapsulating one data packet inside another. In a VPN, IPX, AppleTalk, and IP packets are encapsulated inside packets that are sent to portals able to reconstitute them.

SOURCE

VIRTUAL PRIVATE NETWORKS (VPNs)

Today's businesses are more global, more mobile, and need to be more connected than ever before. But network budgets are not keeping pace with demands for new mission-critical services and applications. Without cost-effective solutions to meet these demands, a business is at a real disadvantage.

VPNs are the ideal means of providing functionality that is critical in today's business environment. They let a company reap the economic and convenience benefits of using the public communications infrastructure, along with the security advantages of private, point-to- point connections. Further, they support the existing infrastructure of PCs outfitted with analog and ISDN modems. And, they may be deployed on the Internet, through a Network Service Provider's IP backbone, or through a combination of the two. VPNs solve the problems of increased demand for network bandwidth, access, and services while reducing costs.

Network managers can utilize a VPN instead of a leased line to provide branch office connectivity. That step alone has the potential to tremendously simplify the design of wide-area networks by minimizing the difficulties of installing, configuring, and managing the remote links.

What Are VPNs?

VPNs are pathways (tunnels) established by specially designed hardware and software technologies directed through shared IP-based networks such as that provided by an ISP. We typically think of VPNs as being WAN solutions, but they can just as easily work in a LAN. VPNs behave as if they were point-to-point direct dialup or leased line connections, even though they function in switched or routed, connectionless networks. Many organizations have concerns about transporting sensitive information across a shared IP network because that traffic could be intercepted or even modified by hackers or Internet thieves. Thus, in many cases a VPN carries encrypted traffic. Most people associate VPNs with tunnels through the Internet that carry encrypted traffic. As such, they deliver the security, performance, management and control of dedicated links such as remote access phone calls or leased lines—complete enterprise connectivity—but at the lowest possible cost.  See a glossary of VPN terms.

VPNs Reduce Costs

• Mobile User Communications Costs: VPNs save on dialup costs for mobile users by eliminating long distance tariffs or 1-800 costs in favor of local calls to an ISP or NSP.

• Leased Line Costs: VPNs can offer the performance, management, and control of dedicated leased lines at 40 to 60 percent of related costs per connection. Savings are especially dramatic for International locations. In situations where it makes sense to piggyback voice traffic, the savings are further amplified. Where there are quality-of-service concerns about putting traffic over a standard ISP network or the Internet, there are now many ISPs who offer premium service transport which still can provide significant savings over leased lines.

• Capital Equipment Costs: VPNs allow enterprises to reduce or eliminate large and growing modem pools by supporting dial access outsourcing. Moreover, they permit a single WAN interface to serve multiple purposes, from branch internetworking, to extranet termination for partners, to local provisioning of high-bandwidth lines to dial access providers. As a result, fewer WAN interfaces are required, and exposure to equipment obsolescence is reduced. In addition, because VPNs are independent of origination protocols, they enable remote access users to continue using business-critical legacy equipment, protecting the investment in existing hardware and software systems.

• Support Costs: Just by reducing modem pools, support costs can be significantly lessened, especially when support for remote users is shifted from over-burdened enterprise support groups to the dedicated help desks of NSPs. But that's only the beginning of lowered support costs. Because they are fully manageable and capable of policy-based control from central networking sites, VPNs can dramatically lessen support costs associated with installing and configuring remote network interfaces.

• VPNs Enable Secure Partner: VPNs allow secure Extranets to be set up almost instantaneously to support quickly emerging business opportunities and relationships without the months of lengthy coordination that were formerly required to configure and install telco circuits. Any partner that has an existing Internet connection is primed to participate immediately.