VPN and Tunneling Protocols

by Krelle Xijao.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on protocols  

You are here: Categories » Electronics and communication » Protocols

Let us discuss the most common and widely used real-world VPN protocols. The growing number of users, the ease of accessibility, and the reduced cost of the Internet connection have introduced a greater need for cost-effective and secure communications without purchase of leased lines. Many companies participated in the development that resulted in the creation of different VPN standards and protocols. We discuss the most common ones here.

IPSec

IPSec is the most widely acknowledged, supported, and standardized of all VPN protocols. It is the ultimate choice for interoperability reasons. IPSec is a framework of open standards that produced a secure suite of protocols that can be run on top of the existing IP connectivity. It provides both data authentication and encryption services at the third OSI layer and can be implemented on any device that communicates over IP. Unlike many other encryption schemes that protect a specific high-layer protocol, IPSec, working at the lower layer, can protect all traffic that is carried over IP. It is also used in conjunction with Layer 2 tunneling protocols to provide both encryption and authentication for non-IP traffic.

The protocol incorporates three major components: the Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE).

The AH is added after the IP header and provides packet-level authentication and integrity services, ensuring that the packet was not tampered with along the way and originated from the expected sender. ESP provides confidentiality, data origin authentication, integrity, optional antireplay service, and limited traffic flow confidentiality. Finally, IKE negotiates security associations that describe the use of security services between participating entities.

PPTP

Point-to-Point Tunneling Protocol (PPTP) is a proprietary development of Microsoft intended for VPN-like communications. PPTP offers user authentication employing authentication protocols such as MS-CHAP, CHAP, SPAP, and PAP. The protocol lacks the flexibility offered by other solutions and does not possess the same level of interoperability as the other VPN protocols, but its use is easy and abundant in the real world.

It consists of three types of communication:

  • PPTP connection, where a client establishes a PPP link to an ISP.

  • PPTP control connection, where the user creates a PPTP connection to the VPN server and negotiates the tunnel characteristics.

  • PPTP data tunnel, where both client and server exchange communications inside an encrypted tunnel.

PPTP is commonly used for creation of secure communication channels between a large number of Windows hosts on the intranet. We have to caution you that it has a long history of insecurities and typically uses lower grade encryption ciphers, such as MD4 or DES.

GRE

Generic Routing Encapsulation (GRE) is a Cisco-developed protocol that is used in networking to tunnel traffic between different private networks. This includes non-IP traffic that cannot be carried across the network in its native form. Even though it does not provide any encryption by itself, it does provide efficient low-overhead tunneling. GRE is often used in conjunction with network-layer encryption protocols to accommodate both features provided by GRE, such as encapsulation of non-IP protocols, and encryption provided by other protocols, such as IPSec.

L2TP

Jointly developed by Cisco, Microsoft, and 3Com, L2TP promised to replace PPTP as a major tunneling protocol. It is essentially a combination of PPTP and Cisco Layer Two Forwarding (L2F), merging both into a single standard. L2TP is used to tunnel PPP over a public IP network. It relies on PPP to establish a dial-in connection using PAP or CHAP authentication but, unlike PPTP, L2TP defines its own tunneling protocol. Because L2TP works on Layer 2, the non-IP protocols can be transported through the tunnel, yet it will work on any Layer 2 media, such as ATM, Frame Relay, or 802.11. The protocol does not offer encryption by itself, but it can be used in conjunction with the other protocols or application-layer encryption mechanisms to provide for security needs.

Share
Leave a comment or ask a question
Total comments: 0

Protocols Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Internet Control Message Protocol ICMP - The Internet Control Message Protocol (ICMP) delivers message packets, reporting errors and other pertinent information to the sending station or source. Hosts and infrastructure equipment use this (more...)
THE WEB APPLICATION ARCHITECTURE - Web application architectures most closely approximate the centralized model of computing, with many distributed “thin” clients that typically perform little more than data presentati (more...)
DNS risks and security - DNS is the Domain Name System. It's a UDP- and TCP-based protocol that listens on port 53. TCP connections are commonly used for zone transfers. The DNS matches IP addresses to hostname (more...)
FTP with IPv6 - FTP has been designed to work over IPv4 supporting 32-bit addresses. With RFC 2428, "FTP Extensions for IPv6 and NATs," a specification was made that allows FTP to work over IPv4 and IPv6. Duri (more...)
DNS in the IPv6 world - DNS is used in the IPv4 world to do name-to-address mappings and vice versa. This is not changing in the IPv6 world. The need for DNS is actually much greater because of the length of IPv6 addr (more...)
RADIUS Vulnerabilities - RADIUS is known to have a set of weaknesses that are either presented in the protocol itself or caused by poor client implementation. The stateless UDP protocol itself allows easier packet forg (more...)
DHCP with IPv6 - DHCP is widely used to configure hosts with their IPv4 addresses and additional information. If you have an IPv6 network, you do not need DHCP to configure your hosts with address information. (more...)
IPSec Protocols Operations and Modes Overview - IPSec was designed by a dedicated working group of the Internet Engineering Task Force (IETF). The goal behind IPSec creation was the development of a single standard providing high-quality, in (more...)
REXEC - REXEC is often confused with the other r services. However, it bears no relationship to them. REXEC runs on TCP port 512. UNIX distributions often ship without an REXEC client program (more...)
Network File System NFS - The Network File System (NFS) protocol defines a way for co-operating systems to share filesystems. Today, everyone seems to refer to NFS mounts as shares. NFS is based on the RPC (Remote (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.