Critical. Authoritative. Strategic.


CBR is proudly produced & published
by Technews
Issue Date: August 2000 (es)

IPSec-based VPNs - what is all the fuss about?

August 2000
Francois Smit, Marketing Manager, Trispen Technologies

A sign of the times in the new economy is the appearance, re-appearance and morphing of terminology to describe this fast changing landscape. Virtual private network (or VPN) is one of those terms that has been around for a few years, but whose meaning has changed quite significantly.
Setting sites on VPNs
Setting sites on VPNs
Until recently the dominant use for the term VPN was to describe the collection of services and network capacity that a frame-relay or ATM outsourced network provider supplied to its clients. Sometimes called QoS VPNs (for Quality of Service), the focus of these networks is to provide guaranteed bandwidth, availability and multiprotocol network support, while sharing the infrastructure between different companies using the services of the VPN provider. The security of these systems relies mostly on the underlying equipment that forms the backbone of the network. To a large extent these networks depend on their dedicated infrastructure for enforcing the 'private' portion of the service.
Nowadays, however, the term VPN is used more frequently to describe a virtual network that is formed between participants over 'public' networks such as the Internet. These types of VPNs have a decidedly stronger focus on security, which is independent of the underlying infrastructure. The advantages of these VPNs are clear. In a recent survey performed by Internet Week among 200 IT managers in the US, almost half of them were installing VPNs to save on connection costs. They are replacing dedicated lines with a VPN. Almost 70% of the respondents were setting up VPNs to connect previously unconnected offices.
VPN usage by application
VPN usage by application
In contrast to private networks, the only underlying protocol required on public networks is the Internet Protocol (IP). The widespread adoption of the Internet running on IP has enabled a myriad of application opportunities. Although web-based applications has mostly fuelled the Internet's growth, the fact that the Internet now connects so many people makes it possible to use it as the backbone for virtual private networks.
Building a VPN over the Internet allows full-featured IP communication to flow between an office and remote users, and between central and remote offices and business partners. As the business communications flowing over these VPNs require far more than web-based access, the technology used to build them must make provision for transparent but secure access. One of the major technologies used in the construction of VPNs over the Internet is the IP Security protocol suite. IPSec was developed by the Internet Engineering Task Force (IETF) and provides many security services, of which the most important is authentication (through the use of a PKI) and privacy (through the use of encryption of data).
IPSec is a flexible protocol, allowing a variety of network configurations. IPSec applications are typically divided the into four main categories:
* Site-to-site VPNs.

* Remote access VPNs.

* Extranets (connection of business partners).

* Intranet security.
Each of these applications have slightly different requirements, but the overlapping requirements are so significant, and the correspondence of these requirements so close to the design goals of IPSec, that IPSec has become the dominant protocol standard for all of these applications.
It comes as no surprise that most IT managers surveyed in the Internet Week survey have plans to implement a VPN in the near future, and that so many people are already using first generation VPNs. The emergence of IPSec-based VPNs has placed VPN technology, with all its associated benefits, within the reach of any organisation.
For details contact Francois Smit of Trispen Technologies on tel: (012) 663 7300.

Others who read this also read these articles

Search Site

Search Directory

  • Search for:


Previous Issues