Site to Site VPN, Remote VPN

WHAT IS VPN, you ask?
Well..VPN stands for Virtual Private Network.
It is an encrypted connection between private networks over a public network such as the internet.
Basically its like a condo in Singapore, it is scalable (can be big or small) and there are security features installed within it as well as only people with the proper authorization and credentials can enter.
Here is a little image which hopefully can help in your understanding of VPN.

There are two types of VPN that's gonna appear in this post: Site-to-Site VPN and Remote VPN (as can be seen from the title).

---------------------------------------------------------------------------------------------------------------------
Site-to-Site VPN is simply an extension of the classic WAN (Wide Area Network). There are about 4 ways which this can be done. Again another image...

Note that its called Site-to-Site VPN, not Side-to-Side.
Just for convenience sake, Site-to-Site VPN shall now be called S2S VPN.

Now, a S2S VPN allows offices in multiple fixed locations secure connections with each other over a public network like the Internet. S2S VPN extends the company's network, making all the resources from all offices available to each other. One example using a S2S VPN would be a huge massive company that has multiple branches either worldwide or across the country.

From the S2S VPN, there are again another 2 different types of the S2S VPN.

Intranet-based: Multiple remote networks connecting together via intranet VPN so that each LAN joins a single WAN.

Extranet-based: For this case, a extranet VPN connects 2 or more different companies (partner, client, supplier, etc) together. The created extranet would connect all the different LANS together, allowing them to work in a secure shared network environment while preventing access to their separate intranets. Its like buying a house together, both have access to that shared house but not to each other's own personal ones.
---------------------------------------------------------------------------------------------------------------------
There is the other kind of VPN, its called the Remote VPN. It allows INDIVIDUAL USERS to establish secure connections with a remote computer network. These users would be able to access the network's resources as if the computer was plugged directly into the network's servers. An example would be Temasek Polytechnic (TP), they are getting their students to use VPN (at home, at library, in the toilet, etc) to connect to TP's resources as if the students were using the school's computers.
Now..apparently there are 2 components needed for a Remote VPN. One is a Network Access Server (NAS), A.K.A. Media Gateway A.K.A. Remote-Access Server (RAS).

Why so many names??!! Well..because NAS can also mean Network-Attached Storage (Which I might add..has a totally different purpose that the thing stated above.) OKAY, GOING BACK!

This RAS can either be a dedicated server or a multiple software application running on a shared server. The user/client would need to connect to this RAS from the Internet in order to use the VPN. As mentioned before, the user would need to input his/her credentials to login to the VPN. The VPN would use some authentication process or a authentication server running on the network to authenticate the user's credentials.

There are 2 things needed for the Remote VPN, so here's the other..client software. The user that wants to login to his/her VPN would require his machine to have some sort of application or software that have the capabilities to establish and maintain a connection to that VPN. Nowadays most Operating Systems have their own built-in software already to connect to Remote VPNs, but there are some VPNs which require their users to install a specific application just for their own security sake or possibly other reasons entirely.

How this be working then???
The software sets up a tunneled connection to the RAS; the user has to specify through its Internet address. The software also handles the encryption required to keep the connection all secure and hushhush.

For large corporations or business with awesome IT staff normally purchase, deploy and maintain their own Remote VPNs (just because they can and its safer this way). Of course..if the company has the money, they can outsource their Remote VPN services through an Enterprise Service Provider (ESP). The ESP sets up a RAS for the paying company and keeps that RAS all working just fine. But, to leave a secure connection in the hands of another organisation..food for thought eh?

That's all I have time for. See ya around!

GOOD LUCK FOR ALL FORMS OF TERM TESTS, EXAMINATIONS AND ENJOY YOUR HOLIDAYS. SPEND THEM WELL, for there'll be reports and projects that won't be doing itself...

Public Key Infrastructure (Digital Cert )

Public Key Infrastructure (PKI) uses Public Key Technology [notice the similarities? =D]
And the technology involves the use of Digital Signatures [the title my friend, the title!]

Signatures...?? Do what one??
Well, they are used for
- Authentication [Identifying and confirming that you are who you say who are]
- Integrity [The data you sent is legit and not tampered with]
- Non-repudiation [You are unable to deny that you were the one who sent the data]
- Confidentiality [Concerns with what you can see, and also the encryption and decryption of the information sent as well as ensuring no other party is viewing the data]


Public Key Infrastructure is the combination of Software, Encryption Technologies and Services. These 3 components grants organisations the capabilities to enforce security on any forms of communications or business transactions on the world wide web. It incorporates digital certificates, public-key cryptography and certificate authorities into a shared network security architecture.

Now then..moving on to digital signatures..it is different from digital certificate. Digital signatures are like physical signatures you do when you sign a form or a letter, just in a digital way. They can be used to authenticate the identity of the sender of a message or the signer of a document, as well as ensure that the content of the message or document has not been tampered with.

Digital signatures can be extremely portable, time-stamped and it is unable to be copied by anybody else. This ability to ensure that the original signed message arrived means that the sender cannot repudiate it later. It can be used for all kinds of messages regardless of encryption, just so that the receiver would know if the message received is from the right sender and if the content is unchanged.

A digital certificate has the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.

Here is a breakdown of how it works..

1) You type an email out for your colleague.
2) Using some software, you get a message hash of the email contents.
3) You use a private key that you obtained from a public-private key authority to encrypt the hash.
4) The encrypted hash becomes your digital signature of the messaage.
5) Your colleague received the email, and verify's that the sender is you by making a hash of out the received message.
6) Your colleague uses your public key to decrypt the hash.
7) If the hashes match, then everything is fine.