Network Setup, VPN introduction

Share your love

Set Up a Small Business Network

When building a small office network, the two most essential pieces of equipment you will need are switches and routers. Though they look similar, the two devices perform different functions within a network.

What is a switch?

Switches facilitate the sharing of resources by connecting together all the devices, including computers, printers, and servers, in a small business network. Thanks to the switch, these connected devices can share information and talk to each other, regardless of where they are in a building or on a campus. Building a small business network is not possible without switches to tie devices together.

What is a router?

Just as a switch connects multiple devices to create a network, a router connects multiple switches, and their respective networks, to form an even larger network. These networks may be in a single location or across multiple locations. When building a small business network, you will need one or more routers. In addition to connecting multiple networks together, the router also allows networked devices and multiple users to access the Internet.

Ultimately, a router works as a dispatcher, directing traffic and choosing the most efficient route for information, in the form of data packets, to travel across a network. A router connects your business to the world, protects information from security threats, and even decides which devices have priority over others.

Tips for Success

Tips to help you build the best network for your small business

  • Consider business-grade switches and routers. Consumer or home-networking products will not deliver the reliable communications your small business needs or keep pace as your business grows.
  • Invest in a network designed to grow over time. With a network that scales as your business grows, you can add new features and functionality, such as video surveillance, integrated messaging, wireless applications, and voice over IP (VoIP), as you need them.
  • Technology should help you work more efficiently, not take time away from other projects that are critical to your business. Look for switches and routers that are easy to install, use, and manage. For example, choosing switches with inline power will allow you to place equipment, like wireless access points, anywhere there is a network wall jack. You will not have to worry about installing additional electrical outlets or wires to power devices.
  • Design your network with reliability and redundancy in mind. This will help give you the business continuity you need to recover quickly from unplanned events.

Why do businesses use VPNs?

VPNs are a cost-effective way to connect remote users to corporate network securely while also improving connectivity speeds. With VPNs, businesses can use high-bandwidth, third-party Internet access instead of expensive, dedicated WAN (wide-area network) links or long-distance, remote-dial links.

What is secure remote access?

Secure remote access is a method for connecting remote users and devices securely to a corporate network. It includes VPN technology, which authenticates users or devices, confirming that they meet certain requirements—also known as “posture”—before they can connect to the network remotely.

What is a VPN “tunnel”?

A “tunnel” is the encrypted connection a VPN establishes so that traffic on the virtual network can be sent securely across the Internet. VPN traffic from a device such as a computer or smartphone is encrypted as it travels through the VPN tunnel.

Types of encrypted VPNs

Remote-access VPN: computer to network

A remote-access VPN extends almost any data, voice, or video application to a remote device, also known as an “endpoint” or a host. Advanced VPN technology allows for security checks to be conducted on endpoints to make sure that they meet a certain posture before they can connect to the network.

SSL VPN and IPsec

Secure Sockets Layer (SSL) VPN and IP security (IPsec) are tunnels and authentication technologies. Businesses can use SSL VPN, IPsec, or both to deploy a remote-access VPN, depending on deployment requirements. SSL VPN and IPsec protect data traversing the VPN from unauthorized access.

For more information about using this type of VPN technology, see the Key Advantages of SSL VPN and the General Risks of SSL VPN sections on this page. For an overview of working with this type of VPN technology, see the Types of VPN topologies section, also on this page.

Site-to-site IPsec VPN: network to network

A site-to-site IPsec VPN lets businesses extend their network resources to branch offices, home offices, and business partner sites. Organizations use site-to-site VPNs when distance makes it impractical to have direct network connections between these sites. Establishing and maintaining site-to-site VPN connections requires dedicated equipment.

Key advantages of SSL VPN

It’s built into modern web browsers

The SSL VPN function is already built into modern web browsers, allowing users from any Internet-enabled location to launch a web browser to establish remote-access VPN connections. SSL VPN technology not only can help boost workforce productivity but can also reduce costs for VPN client software and support.

Most users don’t need to install client software

SSL VPN uses SSL protocol and its successor, Transport Layer Security (TLS), to provide a secure connection between remote users and internal network resources. Because most web browsers now have SSL/TLS, users do not typically need to install client software to use SSL VPN. That’s why SSL VPN is also known as “clientless VPN” or “web VPN.”

It’s flexible for end users

SSL VPN is also easy to use. Different IPsec VPN vendors may have different implementation and configuration requirements. But SSL VPN only requires users to have a modern web browser. Users may even choose their favorite web browsers without being restricted by the operating system.

General risks of SSL VPN

User credential-related risks

VPN security is only as strong as the methods used to authenticate users and devices at the remote end of the VPN connection. Simple authentication methods are subject to password “cracking” attacks, eavesdropping, or even social engineering attacks. Two-factor authentication is a minimum requirement for providing secure remote access to a corporate network.

Spread of threats from remote computers

Remote access is a major threat vector to network security. A remote computer that does not meet corporate security requirements may potentially forward an infection, like a worm or virus, from its local network environment to the internal network. Up-to-date antivirus software on the remote computer is essential to mitigate this risk.

Split tunneling

Split tunneling occurs when a device on the remote end of a VPN tunnel simultaneously exchanges network traffic with both the public and private networks without first placing all the network traffic inside the VPN tunnel. This can allow attackers on the shared network to compromise the remote computer and gain network access to the private network.

Types of VPN topologies

The 3 main VPN topologies

A VPN topology specifies the peers and networks that are part of the VPN and how they connect to one another. Here is a quick overview of the three main types of topologies:

  • Hub-and-spoke
    In this VPN topology, multiple remote devices (spokes) communicate securely with a central device (hub). A separate, secure tunnel extends between the hub and each spoke.
  • Point-to-point
    Establishing this topology requires specifying two endpoints as peer devices that will communicate directly with each other. Either device can initiate the connection.
  • Full mesh
    In this topology, which works well in complicated networks, every device in the network can communicate with every other device via a unique IPsec tunnel.

Implicitly supported topologies

The three main VPN topologies also can be combined to create more complex topologies, including:

  • Partial mesh
    This is a network in which some devices are organized in a full mesh topology, and other devices form either a hub-and-spoke or a point-to-point connection to some of the fully meshed devices.
  • Tiered hub-and-spoke
    This is a network of hub-and-spoke topologies in which a device can behave as a hub in one or more topologies and a spoke in other topologies. Traffic is permitted from spoke groups to their most immediate hub.
  • Joined hub-and-spoke
    This is a combination of two topologies (hub-and-spoke, point-to-point, or full mesh) that connect to form a point-to-point tunnel.

Be mindful of IPsec policy constraints

An IPsec policy defines the characteristics of the site-to-site VPN, such as the security protocols and algorithms used to secure traffic in an IPsec tunnel. After an organization creates a VPN topology, it can configure the IPsec policies it applies to that topology, depending on the assigned IPsec technology.

Keep in mind that not all IPsec policies can be applied to all VPN topologies. What is applied depends on the IPsec technology assigned to the VPN topology. Also, the IPsec technology assigned to a VPN depends on the topology type.

Share your love
Articles: 363

Leave a Reply

Your email address will not be published. Required fields are marked *