Virtual private network for secure private communications
Virtual private network (VPN), an extension of a company's intranet over the existing framework of either a public or private network, can help you communicate privately and securely within your organization.
With the rise in the use of VPN and the security they provide, JKL Toy company is exploring options to transmit data over the Internet. They have recently acquired another small toy manufacturing company that they intend to operate as a subsidiary of themselves. JKL will need to pass information between the two companies. Both companies use the i5/OS operating system and a VPN connection that can provide the security they need to communicate between the two networks. Creating a VPN is more cost-effective than using traditional non-switched lines.
These are some of the users who can benefit from using VPNs for connectivity:
- Remote and mobile users.
- Home office to the branch office or other off-site locations.
- Business-to-business communications.
Security risks occur if you do not limit user access to sensitive systems. Without limiting who can access a system, you may increase the chances that company information is not kept confidential. You need a plan that will allow only those who need to share information about a system to access that system. A VPN allows you to control network traffic while providing important security features such as authentication and data privacy. Creating multiple VPN connections allows you to control who can access which systems for each connection. For example, Accounting and Human Resources may link through their own VPN.
When you allow users to connect to system over the Internet, you may be sending sensitive corporate data across public networks, which might expose this data to attack. One option for protecting transmitted data is to use encryption and authentication methods for ensuring privacy and security from outsiders. VPN connections provide a solution for a specific security need: securing communications between systems. VPN connections provide protection for data that flows between the two endpoints of the connection. Additionally, you can use packet rules security to define what IP packets are allowed across the VPN.
You can use VPN to create secure connections to protect traffic that flows between controlled and trusted endpoints. However, you still must be wary about how much access you provide to your VPN partners. A VPN connection can encrypt data while it travels over public networks. But, depending on how you configure it, data flowing across the internet may not be transported through a VPN connection. In such a case, the data would not be encrypted as it flows across the internal networks that communicate through the connection. Consequently, you should carefully plan how to set up each VPN connection. Ensure that you give your VPN partner access to only those hosts or resources on your internal network that you want them to access.
For instance, you might have a vendor that needs to obtain information about what parts you have in stock. You have this information in a database that you use to update Web pages on your intranet. You want to allow this vendor to access these pages directly through a VPN connection. But you do not want the vendor to be able to access other system resources, such as the database itself. You can configure your VPN connection such that traffic between both endpoints is restricted to port 80. Port 80 is the default port that HTTP traffic uses. Consequently, your vendor can send and receive HTTP requests and responses over that connection only.
Because you can restrict the type of traffic that flows across the VPN connection, the connection provides a measure of network level security. However, VPN does not work in the same manner that a firewall does to regulate traffic into and out of your system. Also, a VPN connection is not the only means available to secure communications between your i5/OS operating system and other systems. Depending on your security needs, you might find that using SSL is a better fit.
Whether a VPN connection provides the security that you need depends on what you want to protect. Also, it depends on the trade-offs that you are willing to make to provide that security. As with any decision that you make about security, you should consider how a VPN connection supports your security policy.