Virtual Private Network (VPN)

A Virtual Private Network (VPN) supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN).

Traditionally, to connect devices that are physically separated by significant distances, yet need to remain secure, has been through the use of leased lines. a VPN, however, typically takes advantage of a public network, sharing the cabling and routing, whilst providing security against unauthorized access, or hostile viewing of the data in transit.

Although proprietary systems exist, there are four, popular protocols for VPN: PPTP, L2TP, IPSec, SSL, and these are well documented.

Eseye recommends using the VPN connection from it's Cisco infrastructure using IPSec. IPSec operates at layer 3 of the OSI model. Applications do not need to be modified to use IPSec, and the protocol can be used for protecting any ip based data communication. Many hardware VPN devices use an implementation of IPSec, in addition, a number of client software applications are available.

IPSec

IPSec provides secure communications across the internet by a) establishing authentication between the host and client and b) authenticating and encrypting each packet of data sent between the client and the host.

IPSec comprises a number of open standards, Internet Key Exchange, (IKE) Authentication Header (AH) and Encapsulating Security Payload (ESP)

Details on the IPSec standards are published by, amongst others, Cisco, and further details can be found on the Cisco website.

IPSec Software clients

There are a number of IPSec clients available for Linux, windows and other OS based hosts,

IPSec Hardware clients

A number of manufacturers supply hardware termination to IPSec VPNs

TO determine if a VPN is needed the simple question can be asked : Is my connection to a single location on the internet, or to multiple locations ?

If the data communictation is always to a single location, then a VPN may be a good option. If the data is to be accessed from anywhere, then probably not.

A security company offering a monitored alarm service needed a link to the call centre Eseye provided SIM cards that were fitted to each alarm control panel, and a VPN connection to a server in the call centre.

The call centre staff are monitor the status of each connection 24 hours a day, and notify the appropriate authorities when an alarm is raised.