2.3 Social and Ethical Implications
This document outlines our term paper topic, how we will approach researching our chosen technology and the activities planned to deliver our term project paper for Telecommunications Management, a course in the Information Resource Management Certificate Program offered by Carnegie Mellon and Columbia Universities.
The proposed topic for our project is a an analysis of the benefits and risks that exists when utilizing a Virtual Private Network. In the paper, we plan to discuss the telecommunication aspects of this technology as well as providing a cost benefit overview for consideration.
As Internet technology expands its scope within organizations, its use and optimization will become a greater issue for today's technology managers. Through explaining the technology options Virtual Private Networks, or VPNs, provide, managers will be better prepared to assess its feasibility within their organizations.
Virtual Private Networking (VPN) technology provides the medium to use the public Internet backbone as an appropriate channel for private data communication. Through the use of encryption and encapsulation technology, a VPN basically establishes a private passageway, or "tunnel", through the Internet. The use of encryption provides a high level of security or privacy to the data transferred across the tunnel. The use of encrypted tunnels provides another option to leasing private data lines.
Note Voice VPN are based on circuit switching which does not lend itself to the bursty data being transmitted via data VPNs.
Currently companies are managing their own modem pools and using either 800 lines or incurring long distance toll charges since they can only manage a limited number of access points. VPNs would instead provide users with many local or toll free phone numbers to Internet Service Providers which would then connect the user to the corporate site securely. The cost savings associated with the elimination of the 800 lines and potential toll charges, not to mention the elimination of the need to manage a pool of modems and the WAN to WAN network as well as the associated periodic upgrades can be substantial. Later you will find a more detailed cost/benefit analysis which will assist you in deciding when VPNs become the preferred choice.
Also, VPN provide a point to multi-point environment whereas the pooled modem approach is a simple point to point environment. This means that users can also access the World Wide Web, FTP sites, and the like.
The users of VPNs include road warriors, remote office connectivity, and business partner connectivity.
Ericson VPN: Leased lines can be unreliable and therefore need to be doubled up on in case one line goes down. This can be expensive.
The Wires--
The Boxes--
Routers or software can provide firewall/encryption services.
Router to Router with firewall on each router - Fsecure by Datafellows is an example of this approach. Not intended for remote computing applications.
Telephone companies are using their CENTREX technologies to provide intranet capabilities.
CONCERT -VPN Service -- Partnership between MCI and British Telecom
Firewall options
While VPNs seem to be a trend of the future, "conversions will not take place in substantial numbers until corporations can be certain their data is safe." RSA Connects VPN Across Internet, 3/96
Encapsulation, or as it is also known, tunneling, encloses one type of data packet into the packet of another protocol, in this case TCP/IP.
Before encapsulation, packets may be encrypted to provide an additional layer of security.
IPSec - Security Standard of Internet Engineering Task Force (IETF). The mission of this standard is to provide secure interoperability of firewalls and TCP/IP products.
S/WAN (Secure Wide Are Network) (rsa.com) is a consortium of firewall vendors working on the IPSec.
The process which assures the user can access a given target server.
tis.com - can export crytogography
Cost effective transmission of data is of enormous importance to all companies. This applies in particular to those companies that are not themselves involved in telecommunications and want to concentrate on their core business.
Virtual Private Network technology may impact the industry through reduction of telecommunication costs and better management of voice and switched data communications among multiple locations. This benefit could greatly reduce the capital costs and recurrent expenses in the areas of operation, maintenance and administration.
Sharing infrastructure costs makes VPNs much more cost effective and the use of a vast, established infrastructure provides greater scalabiltiy.
Pricing: Varies depending on service provider
I. Router Sensitive ($4,995/router) with unlimited connects
II. Connection Sensitive ($2,495/server with 512 maximum connections)
Typical T1 between a Corporate location and its Internet Service Provider can cost approximately $400-$500 per month. T1 lines run across the country can cost thousands of dollars per month.
Cost effective transmission of data is of enormous importance to all companies. This applies in particular to those companies that are not themselves involved in telecommunications and want to concentrate on their core business.
Virtual Private Network technology may impact the industry through reduction of telecommunication costs and better management of voice and switched data communications among multiple locations. This benefit could greatly reduce the capital costs and recurrent expenses in the areas of operation, maintenance and administration.
The great advantage of VPNs is that they can lower the cost of leased lines between distant office locations
Several factors are making VPNs more feasible for companies:
- A consortium of well-known firewall vendors is working toward a common standard that will allow firewall-to-firewall encryption tunnels.
Intranets are becoming a standard.
Trusted Information Systems Inc. (TIS) has successfully obtained the right to export strong cryptography.
Standards
Currently, there are no standards for interoperability among IP tunneling products, the Internet Engineering Task Force (IETF) is working on the details for a common standard called S/WAN, or Secure Wide Area Network. This effort promises a standard that would let companies mix and match different products to create encrypted tunnels.
Firewall standards are needed and need to include both include data encryption and authentication
Security
The biggest concern around the use of VPNs for electronic data exchange is security. The current lack of security is the largest concern for corporations considering the use of VPNs.
Unprotected data sent across the public Internet is susceptible to being viewed, copied or modified by unintended individuals or organizations. This data could include electronic mail, financial transactions, credit card numbers, or confidential corporate information.
The demand for secure Internet communications extends beyond LAN to LAN data exchange. Over the past five years the number of remote and mobile PC users, such as telecommuting employees and traveling executives and salespeople, has increased significantly, thus creating a demand for remote access products so that remote or mobile users can communicate securely with the corporate office.
Secure remote access was only possible using modems and direct dial-in access over phone lines until recently. A secure VPN to connect remote PC users to the local network in the office would result in significant cost savings for business by reducing the number of modems and dial-in lines required to support dial-in networking, as well as by reducing long distance charges since remote PC users would connect to their local ISP.
Regulations
Currently, carriers are feeling pressure as worldwide regulatory agencies expecting them maintain high-quality telephone service for the public. They are talking about upgrades that can cost as much as $1 million per central office. These network upgrade options include one or a combination of the three following solutions:
Adding lines and retrofitting existing originating central office (CO) switches;
Adding trunk groups on the network side;
Adding lines and retrofitting terminating CO switches.
Hence, carriers are faced with negative financial scenarios in order to supply the demand
Regulations around voice telephony vary from country to country, this is causing VPN operators to go through complicated approval procedures before offering services in different locations. The CEC's 1993 directive on closed user groups prohibits VPNs from carrying certain types of calls. The rules designate two types of network users: subscribers to the VPN service (known as on-net users) and users outside the VPN service (known as off-net users). On-net users are connected to the VPN service via a leased line; off-net calls are carried by the switched public telephone network.
Although regulatory barriers are falling by the wayside, telecommunications restrictions still remain in many countries. In those countries, global operators face a maze of regulations covering voice services, a factor that's likely to slow down their progress in rolling out networks. And until monopolies on domestic public voice telephony are completely disbanded, users won't see the full cost savings effect from international VPN service.
Multinational providers that go the cross-border VPN route need to centralize their management of telephone services to take full benefit of VPNs.
British Telecom has encountered regulatory complications in the U.S. The Justice Department granted approval to the Concert joint venture on the understanding that BT and MCI wouldn't restrict competition. This means if a BT customer in the U.K. wants a Concert VNS connection in the U.S., BT can't force it to use MCI access circuits. As a result, BT wasn't able to provide Concert VNS connections in the U.S. until it got its own public carrier license so that it can reach interconnect agreements with the local telephone companies carrying calls from customers to Concert access points. It got a license for leased-line connections last November and a license for switched connections in January. However, BT delayed offering switched access on the erroneous assumption that it needed to file tariffs in all U.S. states beforehand. Now that the carrier has learned that it doesn't have to file those tariffs, it expects to offer switched access in the U.S. within the next few months.
Loss of Data
"Brownouts" are a major concern for companies. The power loss issues facing companies could result in loss of crucial time sensitive data and effect business performance.
Currently, transactions that are not crucial in nature are being
sent via VPNs. There are hopes that improvements in technology
will provide the confidence in VPNs needed to have companies send
all types of data over their VPNs.
US Govt. control of encryption is stifling US providers.
Ericson VPN: VPN growth due to
1. increased demand especially from large multinationals.
The paper will provide the above information generated from the approach activities and document that information in a concise and detailed manner. In addition, the project team plans to outline a case study to provide a better vantage point for the reader through the application of a VPN to a feasible scenario.
In March 1996, US Computer (Saratoga, CA0 did a study: "Internet-Based
Secure Virtual Private Networks: The Cost of Ownership" They compared using
VPNs over the Internet to typical leased line approaches. US Computer
found:
For 10 node networks, using VPNs could:
- reduce costs by 47%, or $1.3M per year for high priority backbones
- reduce costs by 20% or $240K per year for low priority branch office
networks
For 50 node networks, using VPNs could:
- reduce costs by 48%, or $6.5M per year for high priority backbones
- reduce costs by 23% or $1.3M per year for low priority branch office
networks
High priority backbones are networks supporting critical corporate
applications, such as transaction or other online processing, and have
high availability requirements.
Low priority branch office networks are primarily used for file transfer
and email and don't have as high availability requirements.
This study was funded by Sun to push their SPF stuff, but the numbers are
pretty solid.
May 5, 1997 BBN rolls out VPN capability -- Service lets customers outsource private networks
August 19, 1996 DEAL WITH CISCO ENABLES VIRTUAL PRIVATE NETWORKS -- GridNet serves up VAR ISP bundle
March 17, 1997 SAFER NETS? -- Though there's still confusion over just what a VPN is, the prospect of encrypted data flowing over IP networks is grabbing a lot of attention
September 15, 1996 Spanning The Globe With Your VPN
May 19, 1997 On The Hunt For The Right Virtual Private Network Service
February 24, 1997 Managers Seek New Way to Nets
Company References
Check Point Software Technologies Ltd.
Compatible Systems Corporation
Webweek.com
Distributed Computing Monitor
MAS.NET
ftp.cygnus.com/export.html
ftp.ietf.org\draft-ietf-ipsec-vpn-00.txt; rfc-1826; rfc-1825; rfc-1827
linux.org: solution for laptops.
ds.internic.net - lid-abstract.txt
SecurTek Corp
ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-vpn-00.txt
Internet Security Working Group document from the Internet Engineering Task Force (IETF)
Trusted Information Systems Inc.