Radiology practice is the centralized model in which the doctors are working onsite or from home or nearby offices. Hospitals are offered to work with the radiologists through internet. In this model hundreds of radiologic physicians offers tele radiology service for the hospitals in the United States. In tele radiology the images of the patients are sent to the doctors. Based on the patients study, physicians will send the reviews. The customers are vRad's hospital are innovative to use the telemedicine services. Local radiologists, specialty trained radiologists are available to provide service at any hour. vRad model speed up the turnaround time of the study results and it also provides access with the large network specialists. This model also has some challenges to ensure the secured communication between the hospitals and radiologists. vRad has regulatory requirements which includes the regulations of HIPAA and HITECH. It provides a strict information security for the requirements of auditing. A secured VPN will be designed for the network with tunneling. Encapsulation technologies will be used for the security of the network. The network components will be given with its features.
Visio file attached here.
The network diagram of the VPN is given above. The two Virtual networks are connected through the tunnel. The first tunnel point is connected with the VPN client and the second end point is connected with the Open VPN server. Routers are connected with the cloud. PC is connected with the client and server network .
Security and business objectives
The business requirement is relate to the business vision, goals and objectives. It provide the business scope and it identify the business problems. It also specify the project activity. It clearly defined the business objectives. The business requirement also provides the business information and it help to ensure the project needs. It clearly understood the organization objective, goals, mandate, important business problem and their needs. It generally focus on a stake holder group like employees, clients, customers and suppliers . It support the organizational goals and visions. The network business objectives consists of linking the trouble shooting, management, configuration, installation and maintenance of a network to the organization. The business objectives are needs to understanding the network technologies and achieve the design goals. It determines the network performance parameters like application response time, application availability and latency. It also identify the design constraints. It supports the network specification and policy. The business objectives is used to reduce the communication costs, improve the customer services and streamline business operations.
The security objectives consists of two security requirement such as security policies and security procedures . The security policies are implemented by the security procedures. The security procedures are defines the network audit, configuration and login. It maintains the network design processes. It contains one or more users such as end users, network administrator and security administrators. Security objectives are involves the authorization of data access in a network. Security objective users are control the network administrators. The user network design, satisfies the business and security objectives.
Assume that the network has VPN server and VPN client. They are connected with the cloud through the Firewall and router. The first end point of the tunnel is connected at the client end and the second end point of the tunnel is connected at the server end point . Open VPN client and server are enabled in the firewall. When the client send the request to the server the packets are encapsulated in a tunnel and they are send to the server through the second end point of the tunnel. Hence the packets are secured with the tunneling.
Current VPN Network security
VPN private networks inside the internet are called as Express VPN. The information sent and receive through the VPN is walled off from the other internet and computers. The files shared between the devices network devices are properly secured with WPA2 encryption. The VPN network is physically secured because it is separated from the internet. The VPN is connected with both server and client with dedicated software. Provider has the Remote access server and it is connected with the VPN. RAS requires valid credentials for authentication and it uses many authentication methods. It is the initial layer for the VPN security .
In the client side of the network has different software to establish the connection. This software is used to establish the tunneled connection with RAS. Also it manages the encryption of the connection. In tunneled connection the data packets are split into a small packets and each packet carries an additional information including protocols. In tunneled VPN connection all the data packets are placed inside the other data packet. This process is known as encapsulation.
The next layer of the tunnel is called as tunnel which is used for the secured encryption of the data. It encodes the data packets into some other format which can be read only by the VPN client and server. Hence they are securely connected together. Different types of security protocols are used for the data encryption. IPsec and Open VPN are the main security protocols. Here the data packets are encapsulated with the encryption key and that is key is shared between the client and server only. Encapsulation header hides the information of the packet. These features helps to provide a secured VPN network .
Cisco 1900 series Routers
Cisco routers are designed to meet the application demands and it evolving the cloud based services. It deliver the secure collaboration and virtualized applications through the WAN connectivity . It offers the concurrent services and high performances. It provides the agile application services. It support and control visibility of granular applications. It optimizes the video, voice and data applications. It also provides the high flexibility, scalability, powerful services. This routers embed the security and wireless technology into a single system. IT fully integrated the power distribution and it enhanced the Ethernet ports like 10/100/1000. It also enhanced the high speed WAN interface card slots and integrating the threat control using the firewall.
Cisco ASA5555-2SSD120-K9 firewall
Cisco firewall is used to integrate the all sizes of networks. It is used for medium and small business, critical data centers, service providers and large enterprises. It deliver the multistate performance with modular scalability . It provides the low operation costs. It evolving the network security needs by delivering the various security services. It provides the deep and broad network security services, application visibility and control, web security essentials and cloud web security. It provides the high performance, flexibility and scalability services. This firewall integrated the management console for all functions. It has the high range capabilities. It basically focus on layer 7 application protection. Every capabilities are needs to separate the management consoles and scripts to share the data. It provides the high operational efficiency .
VPN is depends on the tunneling idea. It involves the logical network connection. It maintain and establishing the logical network connection. In logical network connection, the packets are created in specific VPN protocol that encapsulated within the protocols. The encapsulated packets are transmitted between the VPN server and clients. The VPN protocols are support the encryption and authentication to take the tunnels secure . The VPN tunneling is classified into two types such as Compulsory and voluntary. The voluntary tunneling is the basically used for VPN tunneling. In voluntary, the clients are manage the connection setup. The clients are create the network provider connection and then creates the tunnel to the server through the live connection. The compulsory VPN tunneling is basically authenticates and associates the client with the specific VPN servers. It also called as VPN front end processor and Point of presence server. It transfers the management control through the VPN tunnels. The VPN tunneling performs an operation is called as data encapsulation. Tunneling makes the end to end communication different from the LAN environment. The tunneling is helps us better understanding the VPN network. The VPN network using the tunneling protocols such as point to point protocol, Internet protocol security and layer 2 tunneling protocols. The VPN tunneling using these protocols to implement the VPN tunneling . The most popular VPN protocols are Point to point tunneling protocol, internet protocol security and layer two tunneling protocols. The VPN tunneling classified into three types such as,
- L3VPN based on MPLS
- IPsec Tunnel
IPsec Tunnel is the simplest form of VPN network. To build a VPN type by using the Routers and Firewalls. The IP sec tunnel is designed for the encapsulation in a device and it has the some policies to build a tunnel between the two various sites .
It is the latest version of VPN tunnel. It is used to expand the IPsec tunnel into the cloud networks. It directly connected with the any other network. It requires the NHPR, GRE and routing protocols.
L3VPN based on MPLS
The MPLs tunnel is the widely used service provider. The large enterprise using the PMLS tunnel.
Encapsulation protocols are used in the network layer. Encapsulation protocols are not always carried out in a communication link. It is also used in the layer 3 protocol link. The selection of encapsulation protocols are not proper. The offset of the encapsulation protocol is defined in the window and it works with the conjunction. This mechanism is used to instruct the AES and it skips the number of octets in the header of the link layer. It also decodes the packet through encapsulation protocols .
Encapsulation techniques are the part of the network. It has various approaches for virtual network and it gains the support. Network virtualization is increased in the popular organizations like IEFT. The standardization data plan level is important for interoperability. It provides physical and hypervisor switch for the network services. Virtual LAN is the latest encapsulation technology which is developed for the data centers.
The main requirements of the encapsulation protocols are standardization and Hardware interoperability with efficiency. For standardization the protocol must be implemented in an efficient way. It also uses the software based encapsulation approaches. The components must be implemented in an efficient way to participate the encapsulation protocol .
The tunneling technologies are listed below.
Point to point tunneling protocol
This protocol is used to allow IP and IPX traffic to be encrypted and encapsulated in an IP header. Then these are transmitted across an IP inter network. This technology can be supported by the operating system such as Linux OS and Mac.
Layer two tunneling protocol
This protocol also allow the IP, IPX traffic to be encrypted and it send through the point to point data gram. It provides the high level security for the VPN connection .
IP Security tunneling
It allows IP payload to be encrypted and also encapsulated in an IP header. It sent across the IP inter network. The internet protocol security using the advanced encryption algorithm to encrypting the packets in the network modes. The network modes are classified into two types such as tunneling mode and transport mode. In tunneling model, the entire data packets are encrypted. In transport mode, the message content only encrypted.
System network architecture tunneling
The system network architecture tunneling done by using the IP inter networks. The SNA traffic is to send the IP inter network and that frames are encapsulated in the IP and UDP header.
IPX tunneling for the novel NetWare through the IP inter networks. The IPX packets are sent to a Netware server.
The Open VPN technologies is used to creating the both site to site internet connection and point to point connection. It can be established by using the both TLS and SSL protocols.
Transport layer security (TLS) and Secure Socket Layer (SSL)
These two protocols are used to establishing the VPN internet connection between the client and server .
Secure Shell (SSH)
SSH protocol is used to create the VPN tunnel. The SSH connection is basically used to establishing the remote server and local port via encrypted tunnel. The IP security added the some security features like Data integrity, anti-replay, data origin authentication and data confidentiality.
A secured VPN network is designed which can be used between the radiologic physicians and hospitals. Tunneling is used between the networks for secured communication. The security and business objectives of the design is given. The security of the current VPN network is analyzed. Network components are given with its features. VPN tunneling technique is established in the network. Encapsulation protocols and technologies are used to provide a secured VPN network.
"Computer network technologies and services/VPN - Wikibooks, open books for an open world", En.wikibooks.org, 2017. [Online]. Available: https://en.wikibooks.org/wiki/Computer_network_technologies_and_services/VPN. [Accessed: 31- May- 2017].
"Networking 101: Understanding Tunneling", Enterprisenetworkingplanet.com, 2017. [Online]. Available: https://www.enterprisenetworkingplanet.com/netsp/article.php/3624566/Networking-101-Understanding-Tunneling.htm. [Accessed: 31- May- 2017].
"What is Tunneling (VPN)?", Ecomputernotes.com, 2017. [Online]. Available: https://ecomputernotes.com/computernetworkingnotes/security/tunneling. [Accessed: 31- May- 2017].
"VPN Tunneling Encapsulation Questions?", Techexams.net, 2017. [Online]. Available: https://www.techexams.net/forums/network/38044-vpn-tunneling-encapsulation-questions.html. [Accessed: 31- May- 2017].
"How VPN Works: Virtual Private Network (VPN)", Technet.microsoft.com, 2017. [Online]. Available: https://technet.microsoft.com/en-us/library/cc779919(v=ws.10).aspx. [Accessed: 31- May- 2017].
"What A VPN Tunnel Is & How To Set One Up", MakeUseOf, 2017. [Online]. Available: https://www.makeuseof.com/tag/vpn-tunnel-set/. [Accessed: 31- May- 2017].
"What Is VPN Tunneling?", Lifewire, 2017. [Online]. Available: https://www.lifewire.com/vpn-tunneling-explained-818174. [Accessed: 31- May- 2017].
"VPN Tunneling Protocols", Technet.microsoft.com, 2017. [Online]. Available: https://technet.microsoft.com/en-us/library/cc771298(v=ws.10).aspx. [Accessed: 31- May- 2017].
"What Is VPN & Tunneling; How To Create And Connect To VPN Network", Addictivetips.com, 2017. [Online]. Available: https://www.addictivetips.com/windows-tips/what-is-vpn-how-to-create-and-connect-to-vpn-network/. [Accessed: 01- Jun- 2017].
"What is a VPN Tunnel? | ExpressVPN", Expressvpn.com, 2017. [Online]. Available: https://www.expressvpn.com/internet-security/vpn-tunnel. [Accessed: 01- Jun- 2017].
"Tunnels, VPNs, and VLANs", Grotto-networking.com, 2017. [Online]. Available: https://www.grotto-networking.com/BBTunnelsVPNs.html. [Accessed: 01- Jun- 2017].
"Network Design Requirements: Analysis and Design Principles", supportforums.cisco.com, 2017. [Online]. Available: https://supportforums.cisco.com/sites/default/files/ccde_9781587144615_chapter1.pdf. [Accessed: 01- Jun- 2017].
"What Is a Virtual Private Network (VPN)? - Definition & Types - Video & Lesson Transcript | Study.com", Study.com, 2017. [Online]. Available: https://study.com/academy/lesson/what-is-a-virtual-private-network-vpn-definition-types-quiz.html. [Accessed: 01- Jun- 2017].
"VPN SECURITY", www.infosec.gov.hk, 2017. [Online]. Available: https://www.infosec.gov.hk/english/technical/files/vpn.pdf. [Accessed: 01- Jun- 2017].
"How Virtual Private Networks Work", Cisco, 2017. [Online]. Available: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/14106-how-vpn-works.html. [Accessed: 01- Jun- 2017].
A. Perez, Network Security, 1st ed. London: ISTE, 2014.