Page 401 - StudyBook.pdf
P. 401
Infrastructure Security: Devices and Media • Chapter 6 385
NOTE
The tunneling protocols used in VPNs are covered in detail in Chapter 3.
Please refer to this chapter for additional information.
VPNs can be created using either Windows- or UNIX-based servers, or they
can be implemented using dedicated hardware.There are several firewalls and
routers on the market that support VPNs, and there are also dedicated VPN solu-
tions that are not designed to be run as firewalls or routers.
These devices allow administrators to easily create a VPN utilizing dedicated
hardware.This typically gives a large performance increase over a server-based solu-
tion. Remember that encryption always creates a great deal of overhead on servers
due to the additional processing required to encrypt the data.
There are three types of VPNs that can be set up for an organization.The busi-
ness purpose of the VPN defines what type of VPN should be used.These three
types are:
■ Remote access VPN
■ Site-to-site intranet-based VPN
■ Site-to-site extranet-based VPN
A remote access VPN is used when end users require remote access to the cor-
porate network.This type of VPN connects multiple remote clients to the corpo-
rate LAN.A site-to-site intranet-based VPN is used to connect two or more
remote corporate sites to a centralized network using demand-dial routing to cut
down on cost. Rather than using a full leased line for sending small amounts of
data, demand-dial routing allows an organization to connect remote sites to the
centralized site only when needed.A site-to-site extranet-based VPN allows two
separate corporations to connect to each other to perform secure data transfers.
Figure 6.8 shows an example of a remote access VPN, while Figures 6.9 and 6.10
show site-to-site intranet- and extranet-based VPNs.
www.syngress.com
