Archive

Posts Tagged ‘SSL VPN’

SSL VPN: Architechture of VPN


On my last 2 posts, I had explained the ‘SSL‘ and the ‘VPN‘. What are they, and what is our purpose of using them. Now, we’ll see VPN Architecture. With a simple diagram, I shall try to make you understand.

VPN architectureLet us take our previous example of John. Here, in the figure, the VPN device has 2 Ethernet ports: a Public Port & a Private Port. The Public Port is directly connected to the Internet via firewall and routers. The Private Port is connected to the 30 computers in the XYZ Pvt. Ltd. Now, as we can see, John wishes to connect to VPN; he, using the Internet, can connect to the VPN.

Now, one more thing, we can see, in the figure, over the ‘Internet‘, there is something called “SSL Tunnel Thru Internet“. Remember SSL? This is that tunnel. It is encrypted through several algorithms, which depends on the manufacturer of the device. Some manufacturers uses AES-128 some uses RC4 algorithm.

One more thing, the VPN device looks alike just a normal ’24-port switch‘. It contains more than 1 Ethernet port. It contains all normal hardware components of a CPU: like a Motherboard, a Processor, RAMs, a Hard Disk Drive etc. They also contain some Operating Systems. Generally Linux OS is provided with the devices. The reason is open source, free and its robustness. More over Linux is such a dynamic OS, that, the administrator can perform any type of job there.

So, in a nutshell, this was a brief architecture of VPN devices. If you guys face any problem, just post them in comments or contact us. We shall try to help you.

Thank you.

Advertisements

SSL VPN: Part2(Secured Socket Layer)


Now, we come to SSL.
SSL is a type of protocol; like other protocols: TCP protocol or UDP protocol etc. SSL stands for Secured Socket Layer.

So, what is this secured socket layer?
It is an internet protocol for secure, end to end exchange of information between a browser and a web server. It is sandwiched between the TCP/IP and the application layer. It was developed by Netscape Corporation in 1994. It is supported by all major browsers in the WWW. Conceptually, SSL is visualized as an additional layer in the TCP/IP protocol suite. It provides security in two ways, in terms of confidentiality and authenticity at an application level. TCP/IP provides reliable packet transfer but SSL provides secure packet transfer. The SSL is preceded by the TCP/IP and the data link layer, which means that applications that use SSL will automatically avail the services of TCP/IP and DLL. Since SSL resides above the TCP/IP layer, so it can ensure secure communication between numerous application level protocols on the internet.
However, SSL only secures web sessions and not the e-mail or file transfer sessions. This is one of the reasons why confidential information like credit card numbers is not exchanged via e-mail. In case of SSL, since the packet data is encrypted, so it can be viewed by the viewer while transit, but can not be deciphered. The SSL ensures secure data transfer, but it is not responsible for security of data residing in the web client or server. Thus only the application layer data is encrypted by SSL. Logically, SSL acts as a pipe between the web browser and a server.
OK. Everything fine. So, what it the connection of ‘SSL’ with ‘VPN’?
It is very easy and the answer is in the last paragraph. SSL only secures web sessions and not the e-mail or file transfer sessions. So, as we need to secure our communication, we have to use SSL.

Now, consider the example of John. He wants to connect to the NPN in his office. Here is the step by step connectivity of SSL-VPN:

1.     John opens a web-browser and enters the URL (Uniform Resource Locator).
2.    Then a login screen comes from the VPN where, John has to put his credentials (username & password).
3.    After that, the VPN will try to authenticate John as a registered user. If, successful, the user console will be opened else an error message will be showed.
4.    After successful authentication, in the user console, John will do his job. For example, file sharing service (FTP Service) with his own computer.
5.    Then John will log out from the user console. All these steps 1 to 5, the data will be sent and received in an encrypted form (thanks to SSL!).

So, today, I end here… too much of ‘Gyan’ were given…

On Next Post: Architecture details of VPN