Computer Security - Hacking And Hackers Information Security Resource Portal security hacking hackers hacker news downloads crackers virus virii viruses hacked webpages DOS denial of service hacking files hack files hack links hacking links encryption spoofing news texts password crackers port monitors key logger phreaking boxes wardialers patches exploits computer security network security privacy encryption computer crime firewallsinformation warfare intrusion detection hackers elec



Our News Resources have been upgraded
to bring you the latest news from around the World.

Check out the latest news by clicking HERE
The Security Portal for Information System Security Professionals

The most comprehensive computer and network security resource on the Internet for Information System Security Professionals - Says Yahoo Editors


Return to Main Menu

Return to Main Menu

Our Research Facility

Audit - Detect Network Intrusions
Anonymity & Privacy
ATM - Asynchronous Transfer
Biometrics
Business Continuity Planning
Cellular Communications
Computer Crime & Investigations
Computer Hardware Tutorial
Corporate Violence in Workplace
Crypto & Encryption - Part I
Crypto & Encryption - Part II
Crypto & Encryption - Part III
Disaster Recovery Planning
Downloads - - Public Domain
Downloads - Packet Storm
Downloads - Hacker Domain
Employment and Job Opportunities
Ethics Law and Security Policy
Firewalls
Frame Relay Tutorials
FreeBSD - Berkeley Unix Clone
FreeBSD - OnlineBooks to Read
General Security Related Links
Hacking - How its done Guides
Hacked Web Sites
Information Warfare
Internet Telephony & Protocols
Intrusion Detection Library
Investigations and Courtrooms
Java Security Resources
Jobs & Employment Opportunities
Legal Resources - Legal Basics
Linux Resources - Basics
Linux Resources - Online Books
Mailing List - For Newsletters
Magazine Articles - SEARCHER
Magazine Store - CheapPrices
Military & Govt Security Docs
Networking - Internet Protocols
Novell Networking Security
Online Courses -Boost Your Skills
Pager Hardware Reprogramming
Penetration Testing -Intrusions
Physical and Facility Security
Privacy & Anonymity on the Net
Programming Tutorials
Protocols - Networking - Internet
Resume and Interview Resources
Security Magazines Online
Security Reference Library I
Security Reference Library II
Security Policy Library
Security Standards & Guidelines
Smart Cards
Telecommunication & Internet
Telecommunications Tutorials
Threat Risk Assessments
Unix Security Resources
Unix Security Online Books
VPN's - Virtual Private Networks
Virus Worms Trojans Hoaxs
Voice / IP Protocols and Standards
WIN NT Assorted Files
WIN NT Security Files
WIN 2000 Operating System
Workplace Violence
Y2K Year 2000 Information



 
 Virtual Private Networks
 

 

    Virtual Private Networks


    Background

    Virtual private networks (VPNs) are a fairly quixotic subject; there is no single defining product, nor even much of a consensus among VPN vendors as to what comprises a VPN. Consequently, everyone knows what a VPN is, but establishing a single definition can be remarkably difficult. Some definitions are sufficiently broad as to enable one to claim that Frame Relay qualifies as a VPN when, in fact, it is an overlay network. Although an overlay network secures transmissions through a public network, it does so passively via logical separation of the data streams.

    VPNs provide a more active form of security by either encrypting or encapsulating data for transmission through an unsecured network. These two types of security—encryption and encapsulation—form the foundation of virtual private networking. However, both encryption and encapsulation are generic terms that describe a function that can be performed by a myriad of specific technologies. To add to the confusion, these two sets of technologies can be combined in different implementation topologies. Thus, VPNs can vary widely from vendor to vendor.

    This chapter provides an overview of building VPNs using the Layer 2 Tunneling Protocol (L2TP), and it explores the possible implementation topologies.

    Layer 2 Tunneling Protocol

    The Internet Engineering Task Force (IETF) was faced with competing proposals from Microsoft and Cisco Systems for a protocol specification that would secure the transmission of IP datagrams through uncontrolled and untrusted network domains. Microsoft's proposal was an attempt to standardize the Point-to-Point Tunneling Protocol (PPTP), which it had championed. Cisco, too, had a protocol designed to perform a similar function. The IETF combined the best elements of each proposal and specified the open standard L2TP.

    The simplest description of L2TP's functionality is that it carries the Point-to-Point Protocol (PPP) through networks that aren't point-to-point. PPP has become the most popular communications protocol for remote access using circuit-switched transmission facilities such as POTS lines or ISDN to create a temporary point-to-point connection between the calling device and its destination.

    L2TP simulates a point-to-point connection by encapsulating PPP datagrams for transportation through routed networks or internetworks. Upon arrival at their intended destination, the encapsulation is removed, and the PPP datagrams are restored to their original format. Thus, a point-to-point communications session can be supported through disparate networks. This technique is known as tunneling.

    Operational Mechanics

    In a traditional remote access scenario, a remote user (or client) accesses a network by directly connecting a network access server (NAS). Generally, the NAS provides several distinct functions: It terminates the point-to-point communications session of the remote user, validates the identity of that user, and then serves that user with access to the network. Although most remote access technologies bundle these functions into a single device, L2TP separates them into two physically separate devices: the L2TP Access Server (LAS) and the L2TP Network Server (LNS).

    As its names imply, the L2TP Access Server supports authentication, and ingress. Upon successful authentication, the remote user's session is forwarded to the LNS, which lets that user into the network. Their separation enables greater flexibility for implementation than other remote access technologies.

    Implementation Topologies

    L2TP can be implemented in two distinct topologies:

    Client-aware tunneling

    Client-transparent tunneling

    The distinction between these two topologies is whether the client machine that is using L2TP to access a remote network is aware that its connection is being tunneled.

    Client-Aware Tunneling

    The first implementation topology is known as client-aware tunneling. This name is derived from the remote client initiating (hence, being "aware" of) the tunnel. In this scenario, the client establishes a logical connection within a physical connection to the LAS. The client remains aware of the tunneled connection all the way through to the LNS, and it can even determine which of its traffic goes through the tunnel.

    Client-Transparent Tunneling

    Client-transparent tunneling features L2TP access concentrators (LACs) distributed geographically close to the remote users. Such geographic dispersion is intended to reduce the long-distance telephone charges that would otherwise be incurred by remote users dialing into a centrally located LAC.

    The remote users need not support L2TP directly; they merely establish a point-to-point communication session with the LAC using PPP. Ostensibly, the user will be encapsulating IP datagrams in PPP frames. The LAC exchanges PPP messages with the remote user and establishes an L2TP tunnel with the LNS through which the remote user's PPP messages are passed.

    The LNS is the remote user's gateway to its home network. It is the terminus of the tunnel; it strips off all L2TP encapsulation and serves up network access for the remote user.

    Adding More Security

    As useful as L2TP is, it is important to recognize that it is not a panacea. It enables flexibility in delivering remote access, but it does not afford a high degree of security for data in transit. This is due in large part to the relatively nonsecure nature of PPP. In fairness, PPP was designed explicitly for point-to-point communications, so securing the connection should not have been a high priority.

    An additional cause for concern stems from the fact that L2TP's tunnels are not cryptographic. Their data payloads are transmitted in the clear, wrapped only by L2TP and PPP framing. However, additional security may be afforded by implementing the IPSec protocols in conjunction with L2TP. The IPSec protocols support strong authentication technologies as well as encryption.

    Summary

    VPNs offer a compelling vision of connectivity through foreign networks at greatly reduced operating costs. However, the reduced costs are accompanied by increased risk. L2TP offers an open standard approach for supporting a remote access VPN. When augmented by IPSec protocols, L2TP enables the realization of the promise of a VPN: an open standard technology for securing remote access in a virtually private network.

    Review Questions

    Q—What is a VPN?

    A—A VPN is a generic term that describes any combination of technologies that can be used to secure a connection through an otherwise unsecured or untrusted network.

    Q—Explain the difference between L2TP's LAC and LSN.

    A—The LAC provides authentication and access concentration for remote users. After a remote user is authenticated, that user's communications session is then forwarded to the LSN, which provides access to that user's home network.

    Q—What additional functionality does IPSec offer an L2TP implementation?

    A—L2TP's native security mechanisms build on the assumption that the nature of a
    point-to-point connection satisfies most of a remote user's security requirements. IPSec complements L2TP by offering a more robust set of technologies for authenticating remote users and for securing data in transit through foreign networks by encrypting data.

    Q—What is a tunnel?

    A—A tunnel is a logical structure that encapsulates the frame and data of one protocol inside the Payload or Data field of another protocol. Thus, the encapsulated data frame may transit through networks that it would otherwise not be capable of traversing.

    For More Information

    For more information about L2TP and virtual private networking, refer to the following sources of information:

    Black, Ulysses. PPP and L2TP: Remote Access Communications. Prentice Hall: New York, 1999.

    Shea, Richard. L2TP Implementation and Operation. Addison Wesley Longman: Boston, 1999.

    RFC 2401, "Security Architecture for the Internet Protocol"

    RFCs 2402 through 2410 (various IPSec specifications)

    RFC 2407, "The Internet IP Security Domain of Interpretation for ISAKMP"

    RFC 2408, "Internet Security Association and Key Management Protocol (ISAKMP)"

    http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120tl/12tpt.htm

    http://www.cisco.com/warp/public/707/24.html

 

  • ITServ RideWay Station   is a suite of integrated firewall/VPN devices allowing multiple simultaneous VPN connections without the need for proprietary software licensing.
     
  • Adtran  Adtran’s NetVanta 2000 Series provides all the necessary components required to secure an integrated VPN internetworking solution. Together, these plug-and-play devices reduce recurring wide area networking costs, improve data security, increase network performance and availability, and simplify overall network operations.
     
  • A flooded field for IPSec-based VPNs is good for users  We set up a hypothetical security policy for a large, multisite network and evaluated how well each VPN product could fit into that network. With multiple data centers and branch offices with switches, routers and firewalls, our test bed was designed to resemble a standard enterprise data services network. We tested interoperability of each product against every other VPN product, both in setting up initial secure connections and in maintaining long-term operation over a matter of days. Specifically, we rated how each product worked with the others, worked with our certificate authority and with popular VPN client software, and how well each handled different VPN authentication methods.
     
  • Ashley Laurent  Ashley Laurent’s BroadWay VPN Software uses the latest in cryptographic technology to secure data transfer through the IP network. With Ashley Laurent’s software, users can remotely and securely connect to resources behind a BroadWay enabled device in their home or office, and small businesses can connect remote networks across the Internet.
     
  • A Technical Guide to Ipsec Virtual Private Networks  "The goal of this book is to detail the suite of IP Security protocols and their interaction with users, systems, and devices. The book will include in-depth descriptions of the various IPSec communications and key management protocols that provide the foundation of secure communications. Included will be examples of implementations and real world experience and their comparison to the standards that make up IPSec."
     
  • Aventail  is the leading SSL VPN product company and the authority on secure application access technology. Aventail’s family of appliances and managed services are built on Aventail’s proven SSL VPN platform, which leads the industry in End Point Control, policy management, and transparent, easy-to-use access options to the broadest range of applications.
     
  • VPN Technologies: Definitions and Requirements   A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company. The main purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the shared public infrastructure. Phone companies have provided private shared resources for voice messages for over a decade. A virtual private network makes it possible to have the same protected sharing of public resources for data. Companies today are looking at using a private virtual network for both extranets and wide-area intranets.

    This document describes three important VPN technologies: trusted VPNs, secure VPNs, and hybrid VPNs. It is important to note that secure VPNs and trusted VPNs are not technically related, and can co-exist in a single service package. Before the Internet became nearly-universal, a virtual private network consisted of one or more circuits leased from a communications provider. Each leased circuit acted like a single wire in a network that was controlled by customer. The communications vendor would sometimes also help manage the customer's network, but the basic idea was that a customer could use these leased circuits in the same way that they used physical cables in their local network.
     
  • Biodata VPN  This security gateway works for connecting remote offices to a central computer network over the Internet. It automatically encrypts and decrypts the complete IP-based data stream between two locations. Messages that are exchanged between internal and external workstations are protected against third party spies and hackers.
     
  • Bivio Networks  Our starting point is Check Point FireWall-1 and VPN-1 performance. The Bivio 1000 accelerates Check Point’s software and re-defines the meaning of gigabit throughput performance to include all packet sizes.
     
  • BizGuardian VPN  This product, packaged with the BizGuardian Firewall, creates a virtual private network for an entire business, remote offices and employees included.
     
  • Blue Ridge  The core of Blue Ridge Networks' VPN service is the CryptoServer. Because it was originally designed for select federal agencies and commercial enterprises, the CryptoServer combines the highest level of security with plug-and-play installation and expandability.
     
  • Broadband.com  assists your business in the development and procurement of it's VPN solutions by providing a single point of contact for evaluating a complete range of service options from leading providers including AT&T, Qwest, Worldcom, and Savvis. Broadband.com VPN solutions offer 100% nationwide coverage and provide you with the ability to utilize multiple access solutions including Dial-Up, ISDN, DSL, Cable Internet, T1, DS-3 and up.
     
  • Broadcom  is the leading provider of highly integrated silicon solutions that enable broadband communications and networking of voice, video and data services.
     
  • BtNAccess  BtNAccess VPN Service is a network-based product suite that is built on advanced MPLS capabilities for maximum flexibility and optimum Quality of Service (QoS). With BtNAccess VPN Service, each IP packet is assigned a label by an edge router.
     
  • Building & Managing Virtual Private Networks   "Dave Kosiur explains the business case for VPNs, their potential for saving money, and various means of ensuring security (including encryption and hardware-based systems). He also provides details on all major tunneling protocol suites, including Internet Protocol Security Architecture (IPSec), Point-to-Point Tunneling Protocol (PPTP), and Layer 2 Tunneling Protocol (L2TP).."
     
  • Buyer's Guide: VPNs  Tasked with purchasing and implementing a VPN for your corporate network? We take a look at the big players and latest trends, from IPSec-based VPNs to SSL-based alternatives. We also have a 115 product guide to help you make an informed decision.
     
  • Celotek  Celotek Corporation is a provider of high-speed Virtual Private Networking (VPN) security solutions for commercial Asynchronous Transfer Mode (ATM) networks.
     
  • Checkpoint VPN-1  Secure Virtual Network (SVN) architecture provides security so that corporations can share critical information and resources with partners, suppliers, and others who must be closely linked.
     
  • Cisco VPN500  Utilizing the most advanced high performance encryption and authentication techniques available, the Cisco VPN 5000 Concentrators include support for the industry’s first Layer 3-to-Layer 2 tunnel mapping technology for the utmost flexibility in network design.
     
  • Cloud Connector  provides managed solutions combining firewall, VPN, traffic management, and intrusion detection.
     
  • CommWorks Corporation  Enables service providers to deliver scalable VPN solutions to enterprises via any type of access, such as enhanced data systems, IP telephony, wireless, cable, and DSL. .
     
  • Connect Bridge   resides at the edge of the network, connecting access points to the wired network. Connect Bridges secure the wireless link and filter and route wireless traffic.
     
  • Contivity Captures VPN Crown  One score and 11 years ago, there were no telecommuters. To work at home, an employee had to go to the office to pick up work and return it the next day. The only way to talk to remote employees was by telephone, and long-distance calls were expensive. Most disturbing, remote employees were out of the sights of co-workers and management. Working from home was (and sometimes still is) code for playing golf.
     
  • Cryptek  For both Government and Commercial customers, Cryptek provides the most advanced, secure, cost-effective and manageable VPN solutions available in the market today. DiamondTEK is the ONLY VPN solution which has been certified by the US Government under the Common Criteria!
     
  • CryptoGuard VPN   This is a multifunctional "black box" providing encryption, packet filtering, access right administration via access lists and logbook functionality.
     
  • Danu Industries  Advanced encryption and multimedia network security solutions.
     
  • DigiTunnel Frequently Asked Questions  A Virtual Private Network (VPN) client for Mac OS X, compatible with Windows 2000 and other VPN servers. DigiTunnel supports PPTP (Point-to-Point Tunneling Protocol), an Internet standard for VPN.
     
  • Enterasys  Designed for organizations that provide critical support for their remote access users, Enterasys VPN solutions—the XSR Security Router and Aurorean Virtual Network—increase the performance and functionality of the enterprise.
     
  • Entrust Secure VPN Solution Family   Entrust provides secure VPN Solutions to address your VPN security concerns. With Entrust VPN Solutions, remote offices and remote users can be sure of end-to-end security while connecting and communicating with their corporate networks.
     
  • ExtendNet VPN Trouble Shooting  A Connection Can Not Be Made From A PC on the LAN That the VPN Is Attached To. Check the settings on the client's VPN dial-up connection. To do this on a Windows 95 machine, go to My Computer and select the Dial-up Networking folder. Right click on the VPN dial up connection. Select tab labeled "Server Types" and deselect all protocols except for TCP/IP.
     
  • FailSafe Computing  Supply, install and support VPNs, firewalls, encryption and authentication systems throughout England, UK.
     
  • Fiberlink  A network-independent Enterprise Services Provider (ESP) providing customized, Internet-based communications services, including global remote access, LAN-to-LAN VPNs.
     
  • FirstVPN   offers Virtual Private Network design, implementation, and management for service providers and end-users. Whether you have 2 or 10,000 users, we have solutions designed for your specific needs and provide resources on VPN, TCP/IP, the Internet, and other related topics.
     
  • FishNet Consulting  Virtual Private Networks using FireWall-1's encryption are a less expensive alternative to private line networks.
     
  • Future Systems  provides information security solutions for PC, internet, intranet, and wireless applications including VPN systems and firewalls.
     
  • Go Secure!   VeriSign's Go Secure! Services For VPNs is a managed application service that will accelerate the way organizations deploy secure virtual private networking (VPN) applications. VeriSign's Go Secure! family of services enable enterprises to easily.
     
  • GoToMyPC  acts like a VPN to give you remote access to your network from anywhere. Also use it to access programs and files on your PC from any Web browser.
     
  • Guarding E-business Traffic: The Pros and Cons of VPNs  For many organizations in private and government sectors, VPNs offer the security they seek while working within the confines of virtual business. This article asks a number of experts to share their thoughts about virtual private networks - their benefits, their drawbacks and their future.
     
  • HotBrick  offers a VPN firewall appliance.
     
  • i2Roam VPN  acccess your VPN with secure access over the iPass network of over 19000 Pops worldwide in addition to external SMTP servers.
     
  • Imperito  offers Web-based VPN hosting that can be deployed instantly online, providing secure access to hosted applications.
     
  • Information Security VPN  VPN & Firewall Integration, Vulnerability Assessment, VPN Implementation, Total Information Security Company.
     
  • Inkra  Inkra’s Virtual Service Architecture (VSA) enables corporations to implement deep network security, and ensure business continuity—with far less budget, staff, and time than using appliances.
     
  • IP Dynamics  specializing in virtual private networks, dynamic internetworking, P2P, extranet, remote access, and more
     
  • IRE VPN solutions  IRE delivers VPN solutions for secure Internet communications. IRE's SafeNet family of VPN encryption products provides VPN solutions for intranets, extranets, and remote access applications.
     
  • ITServ RideWay Station   is a suite of integrated firewall/VPN devices allowing multiple simultaneous VPN connections without the need for proprietary software licensing.
     
  • Ixia   is a leading provider of multiport traffic generation, performance analysis, and conformance validation systems.
     
  • Kyberpass Validation TrustPlatform   The Kyberpass Validation TrustPlatform offers real-time validation of digital certificates, digital credentials and digital signatures for B2B exchanges, e-Business applications, certificate authorities and Identrus.
     
  • Multi-Tech Systems   manufactures voice and data communications equipment including VPN gateway firewalls, voice over IP (VoIP) systems, global modems, and remote access servers (RAS).
     
  • NetFortress Classic  is an easy-to-use encryption solution that enables the creation of virtual private networks (VPN). Functioning as a bridge, the Classic provides high-speed end-to-end encryption within a single network or across networks
     
  • NetMAX VPN Server Suite   The NetMAX VPN Server Suite simplifies Linux servers by installing a ready-to-configure network security solution consisting of a Virtual Private Network (VPN) server, firewall, router, and proxy/cache server, along with the Linux operating system.
     
  • Netscreen Technologies  developer of security systems that feature firewall protection, VPN, and network traffic management software.
     
  • Network Security  Partnering with ERT Group to construct an Access VPN can offer your businesses a secure, private, and reliable means of communication and can reduce the total cost of ownership.
     
  • Nokia VPN   Enabled by patented IP clustering, these dedicated VPN gateways provide unparalleled reliability while allowing networks to offload VPN traffic from other network devices such as a firewall. Nokia VPN includes client software, management and deployment tools, and VPN gateway servers.
     
  • Novell BorderManager  is an Internet security management suite that offers industry leading firewall, authentication, virtual private network (VPN), and caching services to organizations of all sizes.
     
  • Novell Solution for VPN Infrastructure  By using the Sun-Novell solution, Perot Systems and its customers receive enhanced secure access to remote applications quickly and affordably via the Internet. Perot Systems estimates that its VPN infrastructure, based on Sun Enterprise 250 servers and Novell's NDS eDirectory, will potentially cost one-tenth the reoccurring cost of proprietary remote access schemes, while offering twice the bandwidth. In addition, the Sun-Novell solution is fully interoperable with a range of corporate applications for ease of use, integration, and scalability.
     
  • OpenReach  provides software and services that let companies connect employees, partners, and customers to IT resources and business applications through the Internet.
     
  • OpenRoute  Nx Networks' award winning router product lines make sense of cutting edge data technology concepts: Quality of Service; Virtual Private Networks; security; voice over IP; and firewalls. Such complicated issues now face every small to medium enterprise (SME), and as a result, more SMEs are turning to their Internet Service Providers to provide value added solutions that harness these technologies.
     
  • Our Long and Winding Road to VPN  For many years Network Computing's Real-World Labs have been interconnected over fractional T1 lines. With those T1s, we have used frame relay for Layer 2 support. However, the monthly charges for frame relay had been rather high, and we were paying for Internet access. At the time we didn't think the monthly frame relay costs were likely to drop, so we decided to move from frame relay to a VPN (virtual private network).
     
  • Overview of VPN security  A VPN connection protects your information between your applications and the VPN server itself. It does not provide complete end-to-end security. Wireless users at the UIUC campus are required to use the VPN system because unencrypted wireless communication can be intercepted in the air far more easily than wires can be tapped and interpreted. VPN is recommended for remote access users who need an on-campus IP address to authenticate themselves. But antivirus software, system patches, additional layers of encryption to finish the link between user applications and server applications, and vigilance are still required for system security. In addition, firewalls and other security measures are still recommended.
     
  • Powerful Firewalls & VPN Solutions  Whether you manage a large or small enterprise, WatchGuard® solutions cover your perimeter security needs. Both WatchGuard Firebox® System and Firebox® are easy to install and can be securely managed from a central location anywhere on the Internet. Choose the perimeter security solution that most benefits your business.
     
  • Privador VPN System  The Privador VPN System is a powerful and cost-effective solution for building secure wide-area intranets. It allows its user to securely integrate a number of geographically separated LANs into a single virtual private network, using the Internet as an inexpensive communication channel.
     
  • RapidStream Firewall/VPN Applicances   The RapidStream firewall/VPN appliances provide integrated multiple security services in a single platform. The difference between models is throughput, number of concurrent firewall sessions, and number of VPN tunnels.
     
  • RedCreek  Provides VPN network security for the Internet, intranets, private networks, and mobile users via Personal Ravlin, IPSec-certified Ravlin 10, Ravlin 4, Ravlin IPSec Card, RavlinSoft, and RavlinNodeManager.
     
  • Remote Access IP VPN  MCI® IP Virtual Private Networks (VPN) Remote Services is a CPE-based solution designed for companies with remote or mobile users who need to connect to corporate systems via the public Internet. Remote Services allows businesses to focus on core competencies, while MCI monitors and maintains the actual VPN. IP VPN Remote Services uses either Nortel's Extranet Contivity Switch or the Cisco Concentrator, providing flexibility for accessing either a public or private site. This solution, which uses Internet Protocol Security (IPSec) tunneling, is accessible from more than 4,500 Points of Presence (PoPs) is highly scalable, and permits various encryption levels.
     
  • RouteFinder VPN  The Routefinder VPN Internet security appliance is an integrated VPN gateway/firewall designed to maximize network security without compromising network performance.
     
  • SafeNet   a leading provider of private and public network security solutions who has set the industry standard for VPN technology and secure business communications, today announced the availability of the HighAssurance™ 500 and 1000 Gateways, two VPN appliances that provide high assurance network security for site-to-site and remote access VPNs.
     
  • SecureSoft USA(VPN)  is a leading provider of advanced information security systems and comprehensive security consulting services. Our services include internet and computer network security, VPN or virtual protection network, intrusion detection and firewall protection solutions for corporate enterprise and small business.
  • SecurityNews.cc   All aspects of: Sonic VPN client, Sonicwall VPN Client key Solution. VPN Router Sonicwall VPN setup Linux VPN. Cisco VPN 3002, 98 connection under VPN Windows, Cisco VPN. Firewall VPN Client Software Outsourcing ipsec 1700 Cisco Setup VPN 2000 Setup VPN Win. VPN connection network. SonicWall VPN Client. Setting up a VPN network, client free VPN. Client hardware VPN technology.
  • Snapgear VPN appliances   These products assist companies in setting up a virtual private network (VPN). These appliances also act as a firewall to protect internal resources and data.
     
  • SonicWALL VPN  uses data encryption and the public Internet to provide affordable, high performance, secure communications between sites and dial-up users without incurring the expense of leased site-to-site lines.
     
  • Sprint Business  Whether you need a full security overhaul or just better-protected, dedicated and dial-up access, our comprehensive portfolio of products and services - including managed firewall, authentication web filtering, high availability, and managed IP VPN - ensures your solution is a perfect fit.
     
  • StoneGate   combines a clustered, high availability firewall, virtual private network (VPN), load balancing, and redundant Internet connections. All of these capabilities are combined in an integrated and cost effective package.
     
  • StoneSoft  offers enterprise network security products including firewalls and VPNs.
     
  • Streamcore  provides bandwidth management solutions giving priority on access links to business-critical applications.
     
  • TBD Networks: software for managing VPNs  offers software for managing Virtual Private Networks (VPNs) based on equipment by multiple vendors (Cisco IOS, Cisco PIX, Cisco VPN 3000, Nortel Contivity and others). The scalable management software overcomes interoperability problems and makes the management of VPNs cost effective and easy to learn.
     
  • Testing shows a level playing field for user-to-site VPNs  Client-to-LAN virtual private networks (VPN), which encrypt communications between an individual's laptop or home PC and corporate LANs, break two of the cardinal rules of enterprise network support: Never touch the desktop, and never do anything that requires users to change their computing habits. The need for security is driving network managers to lock up communications between users and corporate LANs. But how do you create, deploy, support, manage and report on hundreds or thousands of VPN client users?
     
  • The NCAR/NLANR VPN FAQ   This list of Frequently Asked Questions (FAQ) about Virtual Private Networks (VPN) was compiled by Jeff Custardand was last modified on November 19, 2001 . This FAQ is geared towards the VPN solutions we have tested and implemented here at NCAR, although many "generic" issues are addressed. You will also find some selected links to other web sources of information on VPNs at the bottom of this web page. Thanks to the NCAR VPN team for their input to and assistance with this FAQ. This work is in collaboration with and supported by the National Laboratory for Applied Network Research
     
  • The VPN FAQ   Here are the answers to some of the most common questions about the Virtual Private Network Service. If the answer to your question does not appear here, please review the relevant areas of this website.
     
  • Tools ease mixed-vendor VPN configurations  Because they eliminate the high costs associated with dedicated leased lines, VPNs are becoming increasingly popular as a means of providing secure communication between enterprises and branch offices, business partners, and home offices. In a single-vendor environment, VPN connections are very easy to accomplish. But problems arise when VPN tunnels are created with devices from multiple VPN vendors. In most cases, the enterprise IT staff cannot dictate which specific VPN products will be used by external organizations. The result is that network administrators often spend countless hours and too many resources trying to solve VPN interoperability problems.
     
  • Virtual Private Networking  Virtual Private Networking (VPN) has become one of the new buzzwords in the networking industry. Unfortunately, the term VPN can mean different things to different people. Following are some definitions.

    Remote User to Corporate Site VPN A few years ago, employees working from home, traveling, or working in small offices would connect to a corporate network via dial-up sessions into their corporate Remote Access Server (RAS). This would require long distance calls in some cases plus required the corporation to support modems and dial-in lines, similar to what Internet Service Providers have to do. Since most employees have Internet connections from home, it made sense to be able to connect to the corporate site over their dial-up Internet connection. This also allows employees to use their local ISP's fastest connection such as cable modems, DSL, and ISDN. For traveling users, all they would need to do is dial into their ISPs local phone number.
     
  • Virtual Private Networks under Customer Control  Emerging ATM-based Virtual Private Network (VPN) services offer customers a flexible way to interconnect Customer Premises Networks (CPNs) via high-speed links. Com pared with traditional leased lines, these services allow for rapid provisioning of VPN bandwidth through cooperative control between customer and provider. Customers can dynamically renegotiate the VPN bandwidth according to their current needs, paying for the resources they actually use. In order to meet the various requirements and demands of different classes of VPN customers, a VPN provider must support customers with the flexibility to choose their own control schemes and objectives. The focus of this project is to enhance the customer's capability of controlling a VPN.
     
  • Virtual Private Network Solutions  Entrust Technologies produces the Entrust family of enterprise security products, which provide encryption, digital signature and key management for any size of organization.
     
  • V-One  provides application level & IPSec Virtual Private Network (VPN) security products for commercial enterprises and government agencies. With proven expertise in deploying extranet, remote access and site-to-site solutions, V-ONE's strengths.
     
  • Virtual Private Networking  The Virtual Private Network (VPN) represents secure connectivity for enterprises. It is "virtual" because multiple VPNs co-exist on the same network facilities, yielding economies of scale and lowering costs. It is "private" because only the designated enterprise site can receive and view the data that is being transmitted. It is a "network" in that it connects multiple locations and users of an enterprise community to one another -- securely and economically. Nortel Networks offers a variety of industry-leading VPN solutions that span the major VPN categories.
     
  • VPN+  secures the transmission of mission critical data over TCP/IP networks, such as the Internet. It can route, filter, encrypt and authenticate IPSec and plain-text data under a comprehensive security policy management infrastructure.
     
  • VPN and Security  Avaya VPN and Security solutions allow you to take advantage of the cost savings and productivity enhancing benefits of a secure virtual private network. Virtual Private Network. Our VPN Solutions help you take full advantage of the cost savings and productivity enhancing benefits of virtual private networks. Secure Socket Layer Acceleration. Avaya SSL Acceleration Solutions can help you increase both the speed and capacity of your eBusiness secure transaction processing servers.
     
  • VPN Client Software  Using the SonicWALL VPN Client 8.0 application, mobile users can securely connect to their office network's SonicWALL VPN gateway and enjoy the benefits of broadband performance and the privacy of a Virtual Private Network (VPN). The SonicWALL VPN Client software is ideal for mobile users needing secure access to mission-critical network resources, but for mobility reasons are unable to utilize a SonicWALL VPN appliance-based solution.
     
  • VPN Dynamics  offers management, security, training, and certification services
     
  • VPN - FAQ  The most likely problem is due to differences in configuration on the local and remote systems. From the Virtual Private Networking configuration window, select the "Active Connections" option from the "View" menu. If the Active Connections Monitor shows your connection, look at its "Status" column. If your connection has an "Error" status, right-click on the connection, and select "View Error Information."
     

VPN - Virtual Private Network - Downloadable Info


VPN BIBLIOGRAPHY OF DOCS AND PUBLISHED ARTICLES - CLICK HERE


FirstVPN offers Virtual Private Network design, implementation, and management for service providers and end-users.


Ascend's Guide to VPNs
Virtual private networks resource guide.
 
AT&T Enhances VPN Services
By Chuck Moozakis (News, December 20, 1999) AT&T has pumped up its VPN portfolio, adding new security, tunneling, and service level agreements.
 
CA Acquires VPN Vendor
By Bob Wallace (News, September 24, 1999) In an effort to bulk up its security product suite, Computer Associates today acquired virtual private network (VPN) software maker Snare Networks Corp. for an undisclosed sum.
 
Cable & Wireless Rolls Out VPN Service
By CHUCK MOOZAKIS (News, October 07, 1999) Offerings include three VPN and managed firewall services.
 
Can't Get Enough Of VPN?
By Salvatore Salamone (Opinion, June 21, 1999) You can always tell when a new technology has caught people's attention: There's a flood of interest and a thirst for information.
 
Check Point Builds API For Secure VPNs
By Rutrell Yasin (Product, August 02, 1999) Check Point Software is taking steps to help IT managers deploy secure virtual private networking.
 
Check Point Ports VPN-1, FireWall-1 To Linux
By Larry Greenemeier (News, November 08, 1999) Network security specialist embraces Linux operating system but only the 2.2.12 kernel initially.
 
dtool -VPNs
Dtool is an excellent resource for Network Design, VPNs, Frame Relay, SNMP, Java, Javascript, CGI, Perl, HTML, Visual Basic, VBA, Windows 95/98 and Windows NT
 
FirstVPN Virtual Private Network VPN Research Center
FirstVPN offers Virtual Private Network design, implementation, and management for service providers and end-users.
 
Fortress Plans Cable-Based VPN Applications
By Charlotte Dunlap (News, June 24, 1999) Anticipating that cable soon will become enterprise networks' infrastructure of choice, security developer Fortress Technologies said it plans a massive rollout of VPN applications for cable.
 
Free Network Software Package Builds In Security
ZDNET article on Free S/WAN software
 
Integrated VPN Suite Includes Firewall
By Salvatore Salamone (Product, September 13, 1999) One of the obstacles to virtual private network deployment has been that IT managers have had to buy an array of equipment and integrate it themselves.
 
Intel Launches VPN Application
(News, June 25, 1999) Intel on Friday started shipping a virtual private network application aimed at companies with fewer than 500 employees.
 
IPSec Developers Forum
An industry forum for the assessment of IPSec interoperability
 
L2F
CISCO's Layer Two Forwarding protocol
 
L2TP Mailing List
Subscription Info
 
Linux IP Tunnel Mini-HOWTO
Instructions on how to setup an IP tunnel under Linux
 
Lucent Point-to-Point Tunneling Protocol Frequently Asked Questions
The Point-to-Point Tunneling Protocol (PPTP) is an extension to the standard Point-to-Point Protocol (PPP) that is used to create multiprotocol Virtual Private Networks (VPNs) via the Internet.
 
Managing Virtual Private Networks
By David Leon Clark (Required Reading, July 19, 1999) Virtual Private Networks (VPNs) -- secure links over Intranets and the Internet -- are the big topic for 1999. This topic is especially timely as the Internet Protocol (IP) acquires high importance.
 
More on mastering the secure shell
This article covers the process of installing and configuring ssh
 
No Winners Declared In VPN Bake-off Event -- IPSec Still Tough To Configure; Interoperability Proves Elusive
By Salvatore Salamone (Product, June 21, 1999) When it comes to virtual private network interoperability, don't expect much more than basic connectivity.
 
Plans for a Secure Future
By Brian Robinson (September 20, 1999) It's inevitable that virtual private networks (VPNs) will become a tool for e-commerce and other sensitive applications.
 
Redefining the Virtual Private Network (VPN)
 
Safe Passages
By Charlotte Dunlap (News, July 12, 1999) Virtual private networks (VPNs) finally are being recognized, and most enterprise networks will include these secure implementations by year's end. Now a second wave of VPN projects are under way.
 
Savvis Goes Global With VPN
By Salvatore Salamone (News, September 24, 1999) The company delivers VPN quality-of-service capabilities and details a global expansion of its services.
 
Savvis Goes Global With VPN, Offers QoS Service
By SALVATORE SALAMONE (News, September 24, 1999) Savvis Communications Corp. has began delivering VPN quality-of-service capabilities and detailed a global expansion of its VPN services.
 
Securing Corporate Nets Using VPN Technology
With Salvatore Salamone, Editor-at-large, InternetWeek (November 15, 1999 - December 03, 1999) If you are looking at incorporating VPN technology in your organization, you should check out this November 1999 Security Tech Center archived roundtable to lea
 
Sprint Intros Managed VPN
By CHUCK MOOZAKIS (News, September 17, 1999) Sprint's Global Internet VPN service will be available in November and offer connectivity to more than 30 countries with the support of Global One, a joint venture among Sprint, Deutsche Telekom and France Tele
 
The Data VPN Movement
This article discusses several aspects related to the deployment of VPNs in the corporate world (January 1, 1997)
 
The VPN Source Page
This page features links to various articles and resources on VPN
 
Tom Dunigan's Virtual Private Networks page
This page describes IP-based VPN technology over the Internet
 
Understanding Point-To-Point Tunneling Protocol (Microsoft)
This white paper explains Point-to-Point Tunneling Protocol (PPTP) usage scenarios, architecture, and security.
 
Understanding VPN Performance
By Salvatore Salamone (Product, June 21, 1999) Scaling up a VPN effort can prove challenging. Once VPNs move from the pilot stage to the operational networking stage, IT managers need equipment that is both resilient and powerful enough.
 
Vendors, VARs See Future For VPNs On Cable
By Amy Rogers and Charlotte Dunlap (July 05, 1999) Tampa, Fla. - Seeking to break away from the pack, some vendors and security systems integrators are testing cable as the transport for Virtual Private Networking.
 
Virtual Private Networking: A Microsoft Overview
An overview of virtual private networks and some of the key technologies that permit private networking over public internetworks.
 
Virtual Private Networks
By Charlie Scott, Andy Oram, Paul Wolfe (Required Reading, July 09, 1999) From The Publisher: How do you provide a low-cost, secure electronic network for your organization?
 
Virtual Private Networks (VPN)
This document discusses key concepts related to Virtual Private Networks
 
Virtual Private Networks: Making the Right Connection
By Dennis Fowler, John Fowler (Required Reading, May 19, 1999) Virtual Private Networks: Making the Right Connection is an intelligent introduction written especially for business and IT professionals who want a realistic assessment of what a VPN can provide.
 
VPDN.com
A source for daily news and background on Virtual Private Networks
 
VPN in the News
 
VPN Info on the World Wide Web
 
VPN Information on the WWW
 
VPN Insider
VPN Insider -- Superguide for Virtual Private Networks, IPSec, network security, routers, switchers
 
VPN Management
(Product, June 21, 1999) Bell Atlantic Corp. and UUnet last week introduced managed virtual private network services. Bell Atlantic unveiled managed VPN services for remote-access and site-to-site connectivity.
 
VPN Open For Business Users
By Rutrell Yasin (News, August 02, 1999) A portal launched last week will let companies securely conduct business over the Internet using virtual private networking technology.
 
VPN Product Features
 
VPN, ipsec, internet privacy and encryption information
ipsec, internet privacy and encryption information. security protocols. information. VPN.
 
VPNware VSU-1100 Sets the Pace
By Mike Fratto (Product, September 20, 1999) VPNet Technologies VPNware System VSU-1100
 
What Is A Virtual Private Network?
A Network Computing Online Article
 
White Paper - Introducing IPSec
Introduction to the IP Security Protocol Suite (IPSec), designed to provide security at the network level for any application.
 
Worldwide VPN Market To Reach $32 Billion
By Kevin Merrill (June 28, 1999) The worldwide market for virtual private network (VPN) products and services will reach $32 billion by 2003, up from $2.4 billion this year, according to a study by market research firm Infonetics.
 

Key On-line Sites  (courtesy of www.cse.ohio-state.edu )

Books on VPN (courtesy of www.cse.ohio-state.edu )

See also "Books on Network Security," http://www.cse.ohio-state.edu/~jain/sec_book.htm

One to five asterisks in front of the some of the books represent our subjective view of their goodness. The titles without asterisks have not been rated. The books are arranged in the reverse order of year of publication.

Recommended:

2001:

Industry Reports:

 

Web Pages

VPN Vendors

Security Consulting and Testing Companies

IETF Working Groups on VPN

IETF Working Groups on Security

Usenet Newsgroups

IETF RFC's on VPN (non-Security Issues)

IETF RFC's on Security

Internet Drafts