Virtual Private Networks (VPN) allow businesses of all sizes to create a ""virtual"" network that can connect all of their computers, servers, and Internet Protocol (IP) devices regardless of where the sites are located -- be it San Francisco, San Diego, or San Salvador. Once the security policy is defined for the business, secure interconnection of all IP devices is performed by hardware or software encryption of the data that is transferred between sites or individual computers on the network. The only significant limiting factor becomes the bandwidth of the internet connection type -- whether DSL, Cable, or Optical connectivity -- between sites.

A VPN can:

• Extend geographic connectivity
• Improve security
• Reduce initial and recurring costs over maintaining a dedicated Wide Area Network
• Reduce transit time and transportation costs for remote users
• Improve productivity by simplifying the data storage, transfer, and backup processes
• Provide global networking opportunities
• Provide remote and telecommuter access to data

The following graphic illustrates a VPN connection between corporate offices, remote users, the database and application server and strategic partners. (Courtesy of Cisco Systems)

IPsec is an acronym for Internet Protocol Security Protocol. IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the packet while transport only encrypts the packet .

Analogies:

Tunnel: The BART tube in the SF Bay Area is analogous to the service provider that moves the headers and packets that have both been encrypted. From the surface nothing can be seen but the data is moving around. No one knows who the data is moving back and forth between.

Transport: A UPS« truck is in charge of carrying packages based on an address on surface streets. UPS knows the address but not the contents. Only the header is free for all to read The packet is fully encrypted or scrambled data. Anyone who looks at the data packet sees nothing but packing foam. The contents are unknown.

Only systems that are IPSec compliant can take advantage of this protocol. Also, all devices must use a common key and the firewalls of each network must have very similar security policies set up. IPSec can encrypt data between various devices

• Router to router
• Firewall to router
• PC to server
• PC to router

VPN Routers manage the encryption automatically, freeing the server for other duties. Remote users will need compatible VPN firewall software installed on their computers to communicate.
.