Trusted networks: Such Networks allow data to be transferred transparently. The machines using a trusted network are usually administered by an Administrator to ensure that private and secured data is not leaked. Access to this network is limited. Computers using trusted networks are more secured and confidential because of strong firewalls.
Untrusted networks: Such networks are usually administered by the owners. They can allow improper access to sensitive or personal data. These machines are usually separate. Such machines could me more prone to attacks.
Is there market penetration for these products?
Those companies who were early adopters of firewalls are the ones using VPNs today. VPNs are still early in the use cycle. Three years ago, they hardly existed. Then firewall products started to include them — first ANS Interlock, then TIS Gauntlet. Soon, customers started demanding VPN functionality in their firewalls, even though few of them actually used it. But the Security Architecture for Internet Protocol (IPSEC) standard is changing that — with IPSEC-compliant off-the-shelf products, using encryption to protect the privacy of communications will be an automatic decision. It may take awhile. I predicted that 1998 would be the "Year of the VPN," but maybe 1999 is more realistic. Look, over four years after the famous Internet password sniffing incident, most people still seem to be working with reusable passwords.
What are the different authentication methods used in VPNs?
The authentication method uses an authentication protocol. The methods are:
EAP authentication method: Extensible authentication protocol authenticates remote access connection. The authentication mechanism is decided between the remote VPN client and authenticator (ISA). The mechanism is typical in which authenticator requests for authentication information and the responses are given by the remote VPN client.
MS Chap Authentication method: Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) starts with the authenticator (Remote access server) challenge. The challenge to the remote access client sends a session identifier and challenge string. The client in response sends the nonreversible encryption of the string, the identifier and password. Authenticator checks the credentials and grants access on a successful authentication.
Unencrypted passwords (PAP):- Uses plain text passwords. Does not involve encryption. Used for less secure clients.
Shiva Password Authentication Protocol (SPAP):- It is a password authentication protocol. It is less secure as the same user password is always sent in the same reversibly encrypted form
What security vulnerabilities are unique to or heightened by VPN?
Even though VPNs provide ubiquitous, perimeter security, firewalls are still needed. Walls around cities went away because it became inexpensive to bring them in closer to individual homes. Only a perimeter enforcement mechanism can guarantee adherence to an organization's security policies. However, as part of policy enforcement, a firewall might need to be able to look at the information in a packet. Encryption makes that rather difficult. VPNs — improperly deployed — take away a firewall's ability to audit useful information, or to make decisions beyond the level of "who is allowed to talk to whom." There are ways around this. The easiest way is to make the firewall a trusted third member of the conversation. People who value privacy above everything else chafe at this. But people who value the security of their organization realize that this is a necessity.
What is VPN?
A VPN is a service that offers secure, reliable connectivity over a shared public network infrastructure such as the Internet. VPNs maintain the same security and management policies as a private network. They are the most cost effective method of establishing a virtual point-to-point connection between remote users and an enterprise customer's network.