Do you need a virtual private network? Good question. Read this chapter and find out. After we scare you with some common security breaches, you will find some comforting reasons why a virtual private network may be your solution.
Still here? This chapter details the various pieces that make a VPN function and make it more secure. Firewalls, encryption/authentication, and some basic VPN protocols and standards are covered. Rounding out this chapter are some of the varied and fun encryption technologies, such as Data Encryption Standard (DES), the RSA Public Key Cryptosystem, IPSec, and Secure Socket Layer (SSL).
How much is this going to cost me? Justifying the cost of all these technologies is possible once you delve into the exciting world of VPN bean counting. In this chapter, the VPN’s costs and benefits are weighed against the more traditional solutions: private lease-line Wide Area Network (WAN) and remote access. The three solutions are compared through a comprehensive breakdown of equipment, lines, personnel, and—most importantly—time. Prices may vary. Check your local listings for a showing near you.
What’s a specific solution for my VPN? Well, there are several. We start with one of the cheapest versions (free!): Point-to-Point Tunneling Protocol, or, as we call it in the industry, PPTP. PPTP has recently been updated and broadened into the L2TP protocol—but the two are used the same way.
Okay, I’ve decided to use your PPTP or L2TP—but how? Here is everything you ever wanted to know about getting it running. We cover the protocols on Windows NT and Windows 95/98, as well as on Ascend remote access devices. Then we teach you how to test and troubleshoot the connections.
PPTP/L2TP isn’t enough for me—do you have anything else? Actually, yes. The AltaVista Tunnel is the newest entrant into the VPN world; it has proven to be a stable solution. Here we cover how the AltaVista Tunnel works, its advantages and limitations, and how it may fit into your VPN scenario.
Okay, how do I make it work? We cover configuring server and client pieces on Windows NT and Windows 95, as well as mentioning a few Unix versions out there. We also cover testing and troubleshooting.
Years before commercial vendors offered the turn-key solutions described so far in this book, Unix administrators were securing connections through the Secure Shell (SSH). Implementing SSH requires a fair amount of building and cobbling together tools, but it’s a proven solution.
What’s the top of the line? For now, we’ve found Cisco PIX to offer the most features and bandwidth—an expensive choice, but perhaps the only one that large sites will find satisfactory. In this chapter we cover what PIX can do, as well as configuration of the firewall and the private network.
Now what’s wrong? Someone can’t dial in, or a connection that worked fine yesterday is down. This chapter takes you through the various points on the network (or your Internet provider’s network) where access has failed. It also offers suggestions for policies that increase security on the VPN.
Okay, show me one that actually works. Well, here’s a real live working VPN from a real live company, though the names are changed to protect everyone involved. This chapter shows a VPN scenario in all its glory, detailing the needs of a company and how the VPN saved the day. A description of the network topology and various required items is also included, as well as a handy network diagram.
This appendix covers IPv6 (the newest version of the IP protocol), IPsec, and Secure Wide Area Network (S/WAN).
Technology and products for VPNs are evolving quickly. Here’s a list of places we’ve found useful for the latest information.