Improving Network Security with a Virtual Network
- Written by Matt Smith
A virtual network uses virtual links to connect computers rather than physical connections. A virtual link is a combination of hardware and software that provides the functionality of a network. A virtual network is a single administrative entity that may also use virtualized resources and platforms. Businesses often use virtualization to improve network security.
RAD Data Communications states that virtual networks may be based on virtual protocols or devices. Networks based on virtual protocols include Virtual Local Area Networks, Virtual Private LAN Services and Virtual Private Networks. An organization can deploy a VLAN by using a VLAN ID to partition a physical LAN into logical LANs. It's also possible to combine physical LANs into a logical LAN. A single router may connect the computers on a partitioned network, or each VLAN may use its own router.
Organizations often deploy a VLAN onto a VPN, which consists of multiple endpoints connected by a tunnel through a physical network. A VPN's endpoints typically consist of VPN gateways to software clients, and a third party usually administers the physical network. Two endpoints in a VPN comprise a Point-to-Point VPN. An organization can also deploy a multipoint VPN by creating multiple tunnels.
A VPLS is a type of multipoint VPN that can be classified into Ethernet Virtual Connection Services and Transparent LAN Services. An EVCS has a VLAN ID that provides it with sub-netting capability, while a TLS does not have this capability.
Networks based on virtual devices include networks that use a hypervisor to connect virtual machines. A virtual machine is a software application that emulates the characteristics of a physical machine. A hypervisor is a program that creates and manages the virtual machines, which typically run on a single physical machine. This type of network has virtualized network components such as virtual firewalls, routers and switches. It may use virtual protocols such as IEEE 802.1Q, or it may use physical protocols such as Ethernet.
Organizations often use a VPN when they need a secure virtual network. A VPN allows computers to send and receive secure data over a public network like the Internet as if they were on a physical private network. This solution has the connectivity of a public network while providing the functionality, management and security of a private network. A VPN accomplishes this by creating a virtual PTP connection between the two computers. This connection use encryption, dedicated connections or both.
A common use of a VPN is to communicate between an organization's main office and its satellite offices by using the Internet. Kent Information Services reports that this implementation of a virtual network is especially beneficial to medium-sized business. It eliminates the expense of a dedicated data line to provide the required security, which this example accomplishes with tunneling protocols and authenticated remote access.
The VPN Consortium reports that the VPN security model prevents attackers from seeing plain-text data, even when they sniff the network traffic at the packet level. Authentication of the sender prevents an unauthorized user from gaining access to the VPN, and message integrity can detect when an attacker modifies a transmitted message. A VPN must authenticate the endpoints of a tunnel before it can establish a connection between computers. VPNs that allow remote access may use additional methods to authenticate users such as biometrics, two-factor authentication and passwords.
VPNs use a variety of protocols to maintain security, such as Internet Protocol Security. The Internet Engineering Task Force originally developed IPsec for IPv6, although it's primarily used in the Layer 2 Tunneling Protocol and IPv4. IPsec encrypts an IP packet within an IPsec packet, sends it through the tunnel and decrypts the IP packet at the end of the tunnel. Secure Socket Layer/Transport Layer Security can send the traffic for an entire network through a tunnel, and it can also establish a secure connection for an individual session.
Matt Smith is a Dell employee who writes to help raise awareness on the topic of Virtualization and other network management subjects.