Functions of VPN?

C. K. Lung clung at hotmail.com
Sat Sep 11 21:08:54 EDT 1999


Andrew;

Thank you for taking time to response my post.  What I really look for is if
I can deploy VPN for an extranet.  Here is the scenario:

A company wants to setup an e-somthing for its 10,000 suppliers.  When the
company needs something, it will broadcast a "request for quotations" to all
qualified suppliers through e-mail.  Interested parties then access the
company's web site, in a DMZ, and complete a form(s) on an oracle server,
which is behind a firewall, on-line.  The security officer wants only
qualified suppliers can access the web site, only they can log onto the web
site in the DMZ, and complete the form on the oracle server behind the
firewall.  Noone else can use any one of the services as a spring board to
any other servers behind the firewall.  In short, their access is extremely
limited.

An option is to deploy digital certificates, say VeriSign On-site.  The
company also wants to explore VPN solution.  I have just attended a 2-day
VPN conference.  I got an impression that VPN is effective for mobile
employees (users) and branch offices.  One of the speakers felt that VPN is
not ready for Extranet yet.

In fact, we have briefly looked at Aventail's Extranet Centre.  It seems
that it would provide the application level authentication we want.

Any comments/suggestions are greatly appreciated.

Thanks,

C.K.







----- Original Message -----
From: Andrew Paul <APaul at cncx.com>
To: C. K. Lung <clung at hotmail.com>
Sent: Thursday, September 09, 1999 9:51 PM
Subject: RE: Functions of VPN?


> C.K.
>
> Your explanation would be one view of what a VPN is.  To an extent it
> depends on a persons techno religious biases.  Some people say a VPN must
> include encryption to be a VPN.  The simplest explaination is that a VPN
is
> the creation of a "private" network over a shared network.  Shared,
doesn't
> have to mean the public Internet but most people think of it in terms of
the
> public internet.  It can involve technologies such as IPSec, L2TP, L2F,
PPTP
> and some could even make a case for Frame Relay.
>
> In general though a VPN is over the public internet, use some form of
> tunneling, include some form of encryption of the data (most commonly DES
or
> triple DES), can include dedicated sites and/or mobile users, provides
user
> authentication which can be as simple as user-id/password up to challenge
> response token cards, digital certificates and smart cards.
>
> Most VPNs don't go down to the level of application authentication.  Most
> provide secure communications between IP addresses but there are systems
> such as Aventail's www.aventail.com that can create VPNs which can control
> this type of access.
>
> There are many companies that provide VPN hardware and software and more
> seem to pop up every day.
>
> BTW - Here is a glossary definition from the CNET web site:  A Virtual
> Private Network, or VPN, is a private network of computers that's at least
> partially connected by public phone lines. A good example would be a
private
> office LAN that allows users to log in remotely over the Internet (an
open,
> public system). VPNs use encryption and secure protocols like PPTP to
ensure
> that data transmissions are not intercepted by unauthorized parties.
>
>
> I hope that helps
>
> Andy
>
> -----Original Message-----
> From: C. K. Lung [mailto:clung at hotmail.com]
> Sent: Thursday, September 09, 1999 4:45 PM
> To: vpn at listserv.secnetgroup.com
> Subject: Functions of VPN?
>
>
> Am I correct to say:
>
> VPN is used to authenticate users, encrypt and authenticate data
travelling
> through Internet using IPSec.  Once a user is allowed into a protected
> network by VPN, his/her access is controlled by, in NT's terms, user
rights,
> file/directory level access permission, as well as application's access
> control.
>
> Any comments and info are greatly appreciated.
>
> Thanks,
>
> C.K.
>
> ****************************************************************
> TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
>
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
>
> We are currently experiencing "unsubscribe" difficulties.  If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to
owner-vpn at listserv.secnetgroup.com
>
> ****************************************************************
>

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************




More information about the VPN mailing list