Bob manages the sales department. Most of his sales representatives travel among several client sites. He wants to enable these sales representatives to check the shipping status of their orders online. This information currently resides on the company intranet, but it is not accessible to anyone outside the company firewall. Bob has asked you to accomplish this. You decide to create an extranet to allow these employees to view their customers’ order status and history.
Which technique could you use to secure communications between network segments sending order-status data via the Internet?
A. VPN
B. VLAN
C. Extranet
D. Certificate server
The correct answer is A.
A virtual private network (VPN) is not a physical network. In a VPN, a public network, such as the Internet, is used to allow secure communication between companies that are not located together. A VPN transports encrypted data.
A Virtual LAN (VLAN) allows networks to be segmented logically without physically rewiring the network. A VLAN restricts flooding to only those ports included in the VLAN.
An extranet enables two or more companies to share information and resources. While an extranet should be configured to provide the shared data, an extranet is only a Web page. It is not actually responsible for data transmission.
A certificate server provides certificate services to users. Certificates are used to verify user identity and protect data communication.
VPNs use what is known as a tunneling protocol for the secure transfer of data using the Internet. A common tunneling protocol for this purpose is Point-to-Point Tunneling Protocol (PPTP). The term “tunnel” refers to how the information is privately sent. Data being sent is encapsulated into what are called network packets. Packets are encrypted from where they originate before they are sent via the Internet. The information travels in an encrypted, or non-readable, form. Once the information arrives at its destination, it is then decrypted. According to RFC 2637, PPTP is a VPN technology that allows PPP to be tunneled through an IP network. Microsoft’s implementation of PPTP does NOT include encryption by default, Microsoft Point-to-Point Encryption (MPPE) is used for encryption purposes. PPTP uses an enhanced Generic Routing Encapsulation (GRE) mechanism to provide a flow– and congestion-controlled encapsulated datagram service for carrying PPP packets. The GRE packets forming the tunnel itself are not cryptographically protected. Because the PPP negotiations are carried out over the tunnel, it may be possible for an attacker to eavesdrop on and modify those negotiations.
By using a VPN, a company avoids the expense of leased lines for secure communication, but instead can use public networks to transfer data in a secure way. Client computers can connect to the VPN by dial-up, DSL, ISDN, or cable modems. To ensure the privacy and integrity of the data, connections between firewalls over public networks should use an encrypted VPN.
An intranet is a local area network (LAN) add-on that is restricted to certain users, usually a company’s employees. The data contained on it is usually private in nature.
An extranet, on the other hand, has a wider boundary because it usually allows two or more companies to communicate and share private information.