First, let’s take a look at private vs virtually private networks. Your hardwired LAN is a private network. It would take some real effort and a lot of risk for someone to tap into your network wiring and install a device to capture traffic. The same is true if you establish a wide area network or WAN using point to point private lines. A PTP T1 line falls into that category. While it is not impossible to sneak into your wiring closet or even the telephone company and put a tap on the line, it is so difficult that only those with the most secure requirements will go to extremes to protect against this type of attack.
What distinguishes a private network is that 100% of the traffic is yours and yours alone. You are not sharing the lines with anyone else. The advantage to a private network is inherent security. The disadvantage is cost. You pay for all the construction, maintenance and monthly lease fees. It’s unlikely that your private network will be fully loaded at all times. Whatever capacity is unused goes to waste.
Contrast the private network with a public network like the Internet. They are polar opposites. The Internet allows anyone and everyone access by design. Traffic on the Internet is everybody in the pool. Your packets are intermingled with everyone else’s. Even so, a wired connection to the Internet isn’t the worst situation. That belongs to the unsecured wireless network. No need to plant malware in someone’s computer when everything they are doing is perfectly visible on any WiFi enabled computer within range. You are most vulnerable reading private unencrypted emails in a popular public hotspot. Anyone with a laptop computer and some easy to obtain spyware can be reading your messages right along with you.
It seems like such a crying shame that the one network that any employee can access at home or while traveling is such a security nightmare. That’s where the technique of encryption becomes valuable. It doesn’t matter if someone is monitoring your traffic if all they see is gibberish. You encrypt your message at one end and decrypt it at the other end and you have a created what is known as a secure tunnel through the Internet. The public network has now become a virtually private network. It’s not a private network because you are still sharing the transport with many others. It’s virtually private because no one can read your traffic and make any sense out of it.
There are two popular methods of creating Internet or IP VPNs. One is IPsec or Internet Protocol security. The other is SSL or Secure Socket Layers. IPsec is based on software installed in both the company server and the client computer. IPsec encrypts and decrypts each packet, so once you have it installed you have a virtually private line to the company no matter where you hooked to the Internet. Of course, you need to use the specific laptop or other computer set up to work with this system. You can’t just go to any computer and connect back to headquarters.
If you want to do that, you need SSL (Secure Socket Layer). The beauty of SSL is that the software is already built into Web browsers and some email programs. SSL has been popularized for ecommerce and online banking. When you go to a SSL enabled webpage, you’ll notice that the http:// has become https:// The “s” means secure page. To access it you need a user account ID and a password at a minimum. Some sites go further and ask personal challenge questions or display special graphics that give you confidence you are logged into the correct site.
For corporate wide area networks, an alternative to private lines is the MPLS network. These are multi-tenant networks that spread the cost of building and running the system among many users. MPLS networks are considered VPNs because they use a proprietary label switching protocol that isn’t compatible with IP tools. This unique protocol plus access controlled to a limited number of business clients and not the general public give MPLS networks an enhanced level of security.
Do you need private or virtually private network connects to conduct business? If so, compare VPN options and prices to help decide which mix of network techniques is right for your company.