7
Chapter 2: Planning your Network
Why do I need a VPN?
ADSL Gateway with 4-Port Switch
data inside of a local network. But what do you do once information is sent outside of your local network, when
emails are sent to their destination, or when you have to connect to your company's network when you are out on
the road? How is your data protected?
That is when a VPN can help. VPNs secure data moving outside of your network as if it were still within that
network.
When data is sent out across the Internet from your computer, it is always open to attacks. You may already have
a firewall, which will help protect data moving around or held within your network from being corrupted or
intercepted by entities outside of your network, but once data moves outside of your network - when you send
data to someone via email or communicate with an individual over the Internet - the firewall will no longer protect
that data.
At this point, your data becomes open to hackers using a variety of methods to steal not only the data you are
transmitting but also your network login and security data. Some of the most common methods are as follows:
1) MAC Address Spoofing
Packets transmitted over a network, either your local network or the Internet, are preceded by a packet header.
These packet headers contain both the source and destination information for that packet to transmit efficiently.
A hacker can use this information to spoof (or fake) a MAC address allowed on the network. With this spoofed
MAC address, the hacker can also intercept information meant for another user.
2) Data Sniffing
Data "sniffing" is a method used by hackers to obtain network data as it travels through unsecured networks,
such as the Internet. Tools for just this kind of activity, such as protocol analyzers and network diagnostic tools,
are often built into operating systems and allow the data to be viewed in clear text.
3) Man in the Middle Attacks
Once the hacker has either sniffed or spoofed enough information, he can now perform a "man in the middle"
attack. This attack is performed, when data is being transmitted from one network to another, by rerouting the
data to a new destination. Even though the data is not received by its intended recipient, it appears that way to
the person sending the data.
These are only a few of the methods hackers use and they are always developing more. Without the security of
your VPN, your data is constantly open to such attacks as it travels over the Internet. Data travelling over the
Internet will often pass through many different servers around the world before reaching its final destination.
That's a long way to go for unsecured data and this is when a VPN serves its purpose.
Figure 2-3: VPN Gateway-to-VPN Gateway
MAC Address: the unique address that a manufacturer
assigns to each networking device
firewall: a set of related programs located at a network
gateway server that protects the resources of a network
from users from other networks.