Performance Analysis and Special Issues of VPN Technologies in Communication: Trusted VPNs, Secure VPNs and Hybrid VPNs

Transcription

1 Performance Analysis and Special Issues of VPN Technologies in Communication: Trusted VPNs, Secure VPNs and Hybrid VPNs DR. P. RAJAMOHAN Senior Lecturer, School of Information Technology, SEGi University, Taman Sains Selangor, Kota Damansara, PJU 5, PJ, Selangor Darul Ehsan, Malaysia. ABSTRACT A Virtual Private Network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. This paper presents the analysis and special issues of VPN technologies in communication especially the three important VPN technologies such as Trusted VPNs, Secure VPNs and Hybrid VPNs with their requirements, techniques and supporting with VPNC standards and performance. Keywords: VPN - Virtual Private Network, VPNC - Virtual Private Network Consortium, IETF - Internet Engineering Task Force, - Requests For Comments, I-Ds - Internet Drafts. 1. INTRODUCTION A Virtual Private Network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company. The main purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the shared public infrastructure. Phone companies have provided private shared resources for voice messages for over a decade. A virtual private network makes it possible to have the same protected sharing of public resources for data. Companies today are looking at using a private virtual network for both extranets and wide-area intranets. A VPN uses the Internet infrastructure to interconnect sites and provide connectivity for remote dial-up users. The nearly universal coverage of the Internet eliminates the need for private leased lines and modem pools, and it eliminates long distance telephone charges remote, dial-up users. VPNs are less costly than conventional wide area networks. A VPN operates by passing data over the Internet or corporate intranet through tunnels which are secure, encrypted virtual connections that use the Internet (or corporate intranet) as the connection medium. The VPN establishes tunnels between servers in a site-to-site VPN, and between clients and servers in a client-to site VPN. The VPN encrypts and encapsulates each IP (or IPX) packet before passing it through a tunnel. The encapsulated packet includes authentication information to ensure the authenticity of the data and its source. The VPN also uses the authentication information to check that the original data has not been corrupted during transmission, ensuring the integrity of the data. Site to site VPN can be further classified into two types. They are Intranet-based VPN and Extranet-based VPN. Intranet-Based VPNs: If a Company has more remote locations that it wishes to join in a single private network, it can create an Intranet VPN to connect LAN to LAN. Extranet-Based VPNs: When a Company has close relationship with another company, it can build an Extranet VPN that connects LAN to LAN and allows all of the various companies to work in a shared environment. Remote access VPN can be also called as virtual private dial-up network (VPDN). This Remote access VPN establishes the User-to-LAN connection. In LAN connection Telecommuters dial up to reach the Server and use their VPN client software to access the corporate network. Thus an authenticated User can logon to the VPN tunnel from anywhere using a laptop.[1]-[3]. 1.1 VPN Terminology Virtual Private Network is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger networks, such as the internet, as opposed to running across a single private network. The link layer protocols of the virtual network are said to be tunneled through the transport network. The rise of the Internet and the increase of speed for cheap Internet connections paved the way for new technologies. Many developers, administrators, and, last but not the least, managers had discovered that there might be better solutions than spending several hundreds of dollars, if not thousands of dollars, on dedicated and dial-up access lines. The idea was to use the Internet for communication between branches and at the same time ensure safety and secrecy of the data transferred. In other words: providing secure connections between enterprise branches via low-cost lines using the Internet. This is a very basic description of what VPNs are all about. Taking into account literally the acronym VPN (Virtual Private Network) Virtual means there is no direct network connection between the two communication Volume 2 Issue 7 July 2014 Page 42

2 partners, but only a virtual connection provided by VPN. Software, realized normally over public internet connection. And considered to be private because only the members of the company connection by the VPN software are allowed to read data transform. With a VPN The network entities are described as a set of logical connections secured by special software that establishes privacy of safeguard the connection endpoint[2]-[5]. VPN technology has been used to provide secure and efficient connectivity among geographically distributed branch offices, strategic partners, and mobile/telecommuting employees. So VPNs can connect individual users to a remote network or connect multiple networks together. They can provide remote access through tunnel and security functions including Confidentiality, authentication and integrity through some security procedures such as encryption[3]. 1.2 VPN - Tunneling Virtual private network technology is based on the idea of tunneling. VPN tunneling involves establishing and maintaining a logical network connection (that may contain intermediate hops). On this connection, packets constructed in a specific VPN protocol format are encapsulated within some other base or carrier protocol, then transmitted between VPN client and server, and finally de-encapsulated on the receiving side. For Internet-based VPNs, packets in one of several VPN protocols are encapsulated within Internet Protocol (IP) packets. VPN protocols also support authentication and encryption to keep the tunnels secure. Tunnel is a very important technology to implement VPN solution. Tunnel technology can be expressed as X over Y. One network protocol can encapsulate any legal payload of different protocol using tunnel technology. That is, X will become a payload of Y. There have been some standard tunneling protocols, such as L2TP, PPTP, IPSec, etc. Some commercial VPN products are now widely available. They can provide different secure, reliable and efficient services in terms of cost and capabilities. It provides the best performance of fast, security and reliable. In a remote-access VPN, tunneling normally takes place using PPP. Part of the TCP/IP stack, PPP is the carrier for other IP protocols when communicating over the network between the host computer and a remote system. Remote-access VPN tunneling relies on PPP. Each of the protocols listed below were built using the basic structure of PPP and are used by remote-access VPNs. L2TP can be used as a tunneling protocol for site-to-site VPNs as well as remote-access VPNs. In fact, L2TP can create a tunnel between Client and router, NAS and router & Router and router. The long-term direction for secure networking, IPSec is a suite of cryptography-based protection services and security protocols. Because it requires no changes to applications or protocols, you can easily deploy IPSec for existing networks. IPSec provides machine-level authentication, as well as data encryption, for VPN connections that use the L2TP protocol. IPSec negotiates between your computer and its remote tunnel server before an L2TP connection is established, which secures both passwords and data. L2TP uses standard PPP-based authentication protocols, such as EAP, MS-CHAP, SPAP, and PAP with IPSec. Encryption is determined by the IPSec Security Association, or SA. A security association is a combination of a destination address, a security protocol, and a unique identification value, called a Security Parameters Index (SPI). [3]-[4]. L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any authentication scheme supported by PPP. PPTP (Point-to-Point Tunneling Protocol) - PPTP was created by the PPTP Forum, a consortium which includes US Robotics, Microsoft, 3COM, Ascend and ECI Telematics. PPTP supports 40-bit and 128-bit encryption and will use any authentication scheme supported by PPP[3]. L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a partnership between the members of the PPTP Forum, Cisco and the IETF (Internet Engineering Task Force). Combining features of both PPTP and L2F, L2TP also fully supports IPSec[4]. 1.3 VPN Advantages - Cost Savings Organizations historically needed to rent network capacity such as T1 lines to achieve full, secured connectivity between their office locations. With a VPN, you use public network infrastructure including the Internet to make these connections and tap into that virtual network through much cheaper local leased lines or even just broadband connections to a nearby Internet Service Provider (ISP). A VPN also can replace remote access servers and longdistance dialup network connections commonly used in the past by business travelers needing to access to their company intranet. With VPNs, the cost of maintaining servers tends to be less than other approaches because organizations can outsource the needed support from professional third-party service providers. These provides enjoy a much lower cost structure through economy of scale by servicing many business clients. The cost to an organization of building a dedicated private network may be reasonable at first but increases exponentially as the organization grows. A company with two branch offices, for example, can deploy just one dedicated line to connect the two locations, but 4 branch offices require 6 lines to directly connect them to each other, 6 branch offices need 15 lines, and so on. Internet based VPNs avoid this scalability problem by simply tapping into the public lines and network capability readily available. Particularly for remote and international locations, an Internet VPN offers superior reach and quality of service[3]-[5],[9]. Volume 2 Issue 7 July 2014 Page 43

3 1.4 The VPN Consortium (VPNC) The VPN Consortium (VPNC) is the international trade association for manufacturers in the VPN market. The primary purposes of the VPNC are[5],[18]: Promote the products of its members to the press and to potential customers Increase interoperability between members by showing where the products interoperate Serve as the forum for the VPN manufacturers throughout the world Help the press and potential customers understand VPN technologies and standards Provide publicity and support for interoperability testing events It should be noted that VPNC does not create standards; instead, it strongly supports current and future IETF standards. 1.5 Internet Engineering Task Force (IETF) The various VPN protocols are defined by a large number of standards and recommendations that are codified by the Internet Engineering Task Force (IETF). There are many flavors of IETF standards, recommendations, statements of common practice, and so on. Some of the protocols used in IPsec are full IETF standards; however, the others are often useful and stable enough to be treated as standard by people writing IPsec software. Neither of the trusted VPN technologies are IETF standards yet, although there is a great deal of work being done on them to get them to become standards[5],[19]. 1.6 Requests For comments (s) The IETF codifies the decisions it comes to in documents called "Requests For Comments". These are almost universally called by their acronym "s". Many s are the standards on which the Internet is formed. The level of standardization that an reaches is determined not only by "how good" the is, but by how widely it is implemented and tested. Some s are not solid standards, but they nonetheless document technologies that are of great value to the Internet and thus should be used as guidelines for implementing VPNs. For the purpose of defining VPNs, any protocol that has become an IETF Request For Comments () document can be treated as somewhat of a standard. Certainly, any IPsec-related that has been deemed to be on the IETF "standards track" should certainly be considered a standard[5],[15],[18]. 1.7 Internet Drafts Before a document becomes an, it starts out as an Internet Draft (often called "I-Ds"). I-Ds are rough drafts, and are sometimes created for no other benefit than to tell the Internet world what the author is thinking. On the other hand, there is often very good information in some I-Ds, particularly those that cover revisions to current standards. Some Internet Drafts go along for years, but are then dropped or abandoned; others get on a fast track to becoming s, although this is rare. Internet Drafts are given names when they first appear; if they become s, the I-D name disappears and an number is assigned. It should be emphasized here that it is unwise to make any programming decisions based on information in Internet Drafts. Most I-Ds go through many rounds of revisions, and some rounds make wholesale changes in the protocols described in a draft. Further, many I-Ds are simply abandoned after discussion reveals major flaws in the reasoning that lead to the draft. VPNC listed all the active I-Ds that relate to VPNs[5][18]. 2. VPN TECHNOLOGIES 2.1 VPN Technologies And Terminology Three important VPN technologies: Trusted VPNs, Secure VPNs and Hybrid VPNs. It is important to note that e trusted VPNs and secure VPNs are not technically related, and can co-exist in a single service package. The requirements and techniques of all this three VPNs technologies supporting with VPNC as given below based on the analysis and research Trusted VPNs Before the Internet became nearly-universal, a virtual private network consisted of one or more circuits leased from a communications provider. Each leased circuit acted like a single wire in a network that was controlled by customer. The communications vendor would sometimes also help manage the customer's network, but the basic idea was that a customer could use these leased circuits in the same way that they used physical cables in their local network. The privacy afforded by these legacy VPNs was only that the communications provider assured the customer that no one else would use the same circuit. This allowed customers to have their own IP addressing and their own security policies. A leased circuit ran through one or more communications switches, any of which could be compromised by someone wanting to observe the network traffic. The VPN customer trusted the VPN provider to maintain the integrity of the circuits and to use the best available business practices to avoid snooping of the network traffic. Thus, these are called Trusted VPNs [3],[18]. Volume 2 Issue 7 July 2014 Page 44

4 2.1.2 Secure VPNs As the Internet became more popular as a corporate communications medium, security became much more of a pressing issue for both customers and providers. Seeing that trusted VPNs offered no real security, vendors started to create protocols that would allow traffic to be encrypted at the edge of one network or at the originating computer, moved over the Internet like any other data, and then decrypted when it reached the corporate network or a receiving computer. This encrypted traffic acts like it is in a tunnel between the two networks: even if an attacker can see the traffic, they cannot read it, and they cannot change the traffic without the changes being seen by the receiving party and therefore rejected. Networks that are constructed using encryption are called Secure VPNs [3],[10],[18] Hybrid VPNs More recently, service providers have begun to offer a new type of trusted VPNs, this time using the Internet instead of the raw telephone system as the substrate for communications. These new trusted VPNs still do not offer security, but they give customers a way to easily create network segments for wide area networks (WANs). In addition, trusted VPN segments can be controlled from a single place, and often come with guaranteed quality-of-service (QoS) from the provider. A secure VPN can be run as part of a trusted VPN, creating a third type of VPN that is very new on the market are called Hybrid VPNs [3],[18]. The secure parts of a hybrid VPN might be controlled by the customer (such as by using secure VPN equipment on their sites) or by the same provider that provides the trusted part of the hybrid VPN. Sometimes an entire hybrid VPN is secured with the secure VPN, but more commonly, only a part of a hybrid VPN is secure[11]. 2.2 Usage Scenarios for VPN Technologies Usage scenarios for Trusted VPNs Companies who use Trusted VPNs do so because they want to know that their data is moving over a set of paths that has specified properties and is controlled by one ISP or a trusted confederation of ISPs. This allows the customer to use their own private IP addressing schemes, and possibly to handle their own routing. The customer trusts that the paths will be maintained according to an agreement, and that people whom the customer does not trust (such as an attacker) cannot either change the paths of any part of the VPN or insert traffic on the VPN. Note that it is usually impossible for a customer to know the paths used by trusted VPNs, or even to validate that a trusted VPN is in place; they must trust their provider completely [15],[18] Usage scenarios for Secure VPNs The main reason that companies use Secure VPNs is so that they can transmit sensitive information over the Internet without needing to worry about who might see it. Everything that goes over a secure VPN is encrypted to such a level that even if someone captured a copy of the traffic, they could not read the traffic even if they used hundreds of millions of dollars worth of computers. Further, using a secure VPN allows the company to know that an attacker cannot alter the contents of their transmissions, such as by changing the value of financial transactions. Secure VPNs are particularly valuable for remote access where a user is connected to the Internet at a location not controlled by the network administrator, such as from a hotel room, airport kiosk, or home [10]-[13], [18] Usage scenarios for Hybrid VPNs It is clear that secure VPNs and trusted VPNs have very different properties. Secure VPNs provide security but no assurance of paths. Trusted VPNs provide assurance of properties of paths such as QoS, but no security from snooping or alternation. Because of these strengths and weaknesses, Hybrid VPNs have started to appear, although the list of scenarios where they are desired is still evolving. A typical situation for hybrid VPN deployment is when a company already has a trusted VPN in place and some parts of the company also need security over part of the VPN. Fortunately, none of the common trusted VPN technologies prevent the creation of hybrid VPNs, and some manufacturers are creating systems that explicitly support the creation of hybrid VPN services [18],[20]. 2.3 Requirements for VPNs There is one very important requirement that is common to Trusted VPNs, Secure VPNs and Hybrid VPNs: The VPN administrator must know the extent of the VPN. Regardless of the type of VPN in use, a VPN is meant to have capabilities that the "regular" network does not. Thus, the VPN administrator must be able to know at all times what data will and will not be in the VPN Trusted VPN Requirements No one other than the trusted VPN provider can affect the creation or modification of a path in the VPN. The entire value of the trusted VPN is that the customer can trust that the provider to provision and control the VPN. Therefore, no one outside the realm of trust can change any part of the VPN. Note that some VPNs span more than one provider; in this case, the customer is trusting the group of providers as if they were a single provider. Volume 2 Issue 7 July 2014 Page 45

5 No one other than the trusted VPN provider can change data, inject data, or delete data on a path in the VPN. A trusted VPN is more than just a set of paths: it is also the data that flows along those paths. Although the paths are typically shared among many customers of a provider, the path itself must be specific to the VPN and no one other than trusted provider can affect the data on that path. Such a change by an outside party would affect the characteristics of the path itself, such as the amount of traffic measured on the path The routing and addressing used in a trusted VPN must be established before the VPN is created. The customer must know what is expected of the customer, and what is expected of the service provider, so that they can plan for maintaining the network that they are purchasing [6]-[7],[18]-[20] Secure VPN Requirements All traffic on the secure VPN must be encrypted and authenticated. Many of the protocols that are used to create secure VPNs allow the creation of VPNs that have authentication but no encryption. Although such a network is more secure than a network with no authentication, it is not a VPN because there is no privacy The security properties of the VPN must be agreed to by all parties in the VPN. Secure VPNs have one or more tunnels, and each tunnel has two endpoints. The administrators of the two endpoints of each tunnel must be able to agree on the security properties of the tunnel No one outside the VPN can affect the security properties of the VPN. It must be impossible for an attacker to change the security properties of any part of a VPN, such as to weaken the encryption or to affect which encryption keys are used [10]-[13],[18]-[20] Hybrid VPN Requirements The address boundaries of the secure VPN within the trusted VPN must be extremely clear. In a hybrid VPN, the secure VPN may be a subset of the trusted VPN, such as if one department in a corporation runs its own secure VPN over the corporate trusted VPN. For any given pair of address in a hybrid VPN, the VPN administrator must be able to definitively say whether or not traffic between those two addresses is part of the secure VPN[18]-[20]. 3. TECHNOLOGIES SUPPORTED BY VPNC The following technologies support the requirements from the previous section. VPNC supports these technologies when they are implemented by users themselves and when they are implemented in provider-provisioned VPNs with examples of few s. 3.1 Trusted VPN Technologies Modern service providers offer many different types of trusted VPNs. These can generally be separated into "layer 2" and "layer 3" VPNs [6]-[8],[13]-[18] Technologies For Trusted Layer 2 VPNs Include: ATM - Asynchronous Transfer Mode Circuits Frame Relay Circuits Transport of Layer 2 Frames Over MPLS, as described in draft-ietf-l2vpn-vpls-bgp and other related Internet Drafts. Transport of Layer 2 Frames Over MPLS Transport of Layer 2 Frames Over MPLS 3916 Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) 3985 PWE3 Architecture 4447 Transport of Layer 2 Frames Over MPLS 4448 Encapsulation Methods for Transport of Ethernet Over MPLS Networks Technologies For Trusted Layer 3 VPNs Include: MPLS with constrained distribution of routing information through BGP, as described in 4364 and other related Internet Drafts. It is widely assumed that both will become standards in the future. Also, the service provider industry has not embraced one of these technologies much more strongly than the other. Volume 2 Issue 7 July 2014 Page 46

6 General MPLS 3031 Multiprotocol Label Switching Architecture Full standard 3032 MPLS Label Stack Encoding Full standard 3036 Label Distribution Protocol (LDP) Specification Full standard 3037 LDP Applicability MPLS constrained by BGP routing 4364 BGP/MPLS IP VPNs 4365 Applicability Statement for BGP/MPLS IP VPNs 4381 Analysis of the Security of BGP/MPLS IP VPNs 4026 Provider Provisioned Virtual Private Network (VPN) Terminology 4176 Framework for PPVPN Operations and Management 4265 Definition of Textual Conventions for Virtual Private Network (VPN) Management 4031 Service requirements for Layer 3 Provider Provisioned Virtual Private Networks 3809 Generic Requirements for Provider Provisioned VPNs (PPVNP) 4110 Framework for Layer 3 Provider Provisioned Virtual Private Networks 4111 Security Framework for Provider Provisioned Virtual Private Networks 3.2 Secure VPN Technologies For Secure VPNs list of protocols with few example of s[10]-[18]. General IPsec ESP and AH (encryption and authentication headers) Key exchange (ISAKMP, IKE, and others) Cryptographic algorithms IPsec policy handling Remote access SSL and TLS IPsec With Encryption in either tunnel and transport modes. The security associations can be set up either manually or using IKE with either certificates or preshared secrets. IPsec is described in many s, including 2401, 2406, 2407, 2408, and 2409 (for IKEv1), and 4301, 4303, 4306, 4307, and 4308 (for IKEv2). General IPsec 4301 Security Architecture for the Internet Protocol 2401 Security Architecture for the Internet Protocol Obsoleted by 4301 Volume 2 Issue 7 July 2014 Page 47

7 ESP and AH Headers 4302 IP Authentication Header 4303 Encapsulating Security Payload (ESP) 4304 Extended Sequence Number Addendum to IPsec DOI for ISAKMP 4835 Cryptographic Algorithm Implementation Requirements For ESP And AH Key Exchange 4306 Internet Key Exchange (IKEv2) Protocol 4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) 4308 Cryptographic Suites for IPsec 2407 Internet IP Security Domain of Interpretation for ISAKMP Obsoleted by 4306 (IKEv2) 2408 Internet Security Association and Key Management Protocol (ISAKMP) Obsoleted by 4306 (IKEv2) 2409 Internet Key Exchange (IKE) Obsoleted by 4306 (IKEv2) Cryptographic Algorithms 2405 ESP DES-CBC Cipher Algorithm With Explicit IV 2451 ESP CBC-Mode Cipher Algorithms 2104 HMAC: Keyed-Hashing for Message Authentication 2202 Test Cases for HMAC-MD5 and HMAC-SHA Use of HMAC-MD5-96 within ESP and AH 2404 Use of HMAC-SHA-1-96 within ESP and AH IPsec Inside of L2TP as described in 3193 has significant deployment for client-server remote access secure VPNs. Remote access 2661 Layer Two Tunneling Protocol (L2TP) 2888 Secure Remote Access with L2TP 3193 Securing L2TP using IPsec SSL 3.0 or TLS With Encryption. TLS is described in These technologies (other than SSL 3.0) are standardized in the IETF, and each has many vendors who have shown their products to interoperate well in the field. SSL and TLS 5246 The TLS Protocol Version HTTP Over TLS 4366 TLS Extensions 4279 Pre-Shared Key Ciphersuites for TLS Volume 2 Issue 7 July 2014 Page 48

8 3.3 Hybrid VPN Technologies Any Supported Secure VPN Technologies Running Over Any Supported Trusted VPN Technology. It is important to note that a hybrid VPN is only secure in the parts that are based on secure VPNs. That is, adding a secure VPN to a trusted VPN does not increase the security for the entire trusted VPN, only to the part that was directly secured. The secure VPN acquires the advantages of the trusted VPN, such as having known QoS features[18],[20]. 4. CONCLUSION VPN can be a solution to reduce the network complexity, reduce the networks operational cost and access the remote network via global Internet or Intranet with support of VPN Technologies in communication along with VPNC supports. IPsec is the most dominant protocol for secure VPNs. SSL gateways for remote-access users are also popular for secure VPNs. L2TP running under IPsec has a much smaller but significant deployment. For trusted VPNs, the market is split on the two MPLS-based protocols. Companies want to do their own routing tend to use layer 2 VPNs; companies that want to outsource their routing tend to use layer 3 VPNs. VPNC does not create standards; instead, it strongly supports current and future IETF standards. The cost savings from the use of public infrastructures could not be recognized if not for the security provided by VPN s. Encryption and authentication protocols keep corporate information private on public networks. With VPN technologies, new users can be easily added to the network. Corporate network availability can be scaled quickly with minimal cost. A single VPN implementation can provide secure communications for a variety of applications on diverse operating system. 5. REFERENCES [1] Dave Kosiur, Wiley & Sons, Building and Managing Virtual Private Networks ; ISBN: , pp [2] John Mains, VPNs A Beginners Guide, McGraw Hill; ISBN: , pp [3] Dr.S.S.Riaz Ahamed & P.Rajamohan, Comprehensive performance Analysis and special issues of Virtual Private Network Strategies in the computer Communication: a Novel Study, International Journal of Engineering Science and Technology (IJEST), ISSN : Vol. 3 No. 7 July 2011, pp [4] Wei Luo, Carlos Pignataro, Dmitry Bokotey, Anthony Chan (Cisco Press 2005), Layer 2 VPN Architectures, pp [5] Wikipedia, Virtual private network, private network & Wikipedia, Open VPN, [6] Chris Metz., The Latest in Virtual Private Networks: Part I. IEEE Internet Computing, pp , [7] Chris Metz., The Latest in Virtual Private Networks: Part II. IEEE Internet Computing, pp , [8] Chris Metz., Multiprotocol Label Switching and IP, Part II: Multicast virtual private net-works, IEEE Internet Computing, pp [9] Alwin Thomas and George Kelley, Cost-Effective VPN-Based Remote Network Connectivity Over the Internet, [10] Ronald, F.J. (Ed 2003). CCSP Cisco Secure VPN. Types of VPN, pp [11] Ronald, F.J. (Ed 2003). CCSP Cisco Secure VPN. VPN Over IPSec., pp [12] Ronald, F.J. (Ed 2003). CCSP Cisco Secure VPN. Explanation of the IPSec protocols, pp [13] B. Gleeson et al., IP Based Virtual Private Networks, 2764, February [14] A. Nagarajan, Generic Requirements for Provider Provisioned Virtual Private Networks (PPVPN),3809, June 2004 [15] L. Andersson and T. Madsen, Provider Provisioned Virtual Private Network (VPN) Terminology, 4026, March 2005 [16] E. Rosen & Y. Rekhter, BGP/MPLS VPNs, 2547, March [17] K. Muthukrishnan & A. Malis, A Core MPLS IP VPN Architecture, 2918, September [18] standard [19] [20] E. Ramaraj and S. Karthikeyan, A New Type of Network Security Protocol Using Hybrid Encryption in Virtual Private Networking, Journal of Computer Science 2 (9): , 2006, ISSN , 2006 Science Publications. Volume 2 Issue 7 July 2014 Page 49

9 AUTHOR DR. P. RAJAMOHAN received his Bachelor of Science Degree in Physics later he obtained his Post Graduate Diploma in Computer Applications (PGDCA), Master Degree in Computer Applications (MCA) and PhD in Computer Science. His primary research interest in Virtual Private Network Implementation for Efficient Data Communication and wireless Networks Communications. He is the member of the Institution of Engineers (India), member of Associate in Cisco Certified Networks, member of the International Association of Engineers (IAENG) and member of the Computer Science Teachers Association, USA (CSTA). Dr. P. Rajamohan, over all his 20 years experiences in both academic and IT industry. He is currently working as a Senior Lecturer in School of Information Technology, SEGi University, Malaysia. Volume 2 Issue 7 July 2014 Page 50