VoyForums
[ Show ]
Support VoyForums
[ Shrink ]
VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

Login ] [ Main index ] [ Post a new message ] [ Search | Check update time ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 05:07:23 01/17/02 Thu
Author: >.<
Author Host/IP: 208.133.199.238
Subject: ????
In reply to: VPN 's message, "And because I know we ALL want to know more!" on 05:06:16 01/17/02 Thu

VPN technology is based on a tunneling strategy. Tunneling involves encapsulating packets constructed in a base protocol format within some other protocol. In the case of VPNs run over the Internet, packets in one of several VPN protocol formats are encapsulated within IP packets.

VPN Security
VPNs work hard to ensure their data remains secure, but even its security mechanisms can be breached. Particularly on the Internet, sophisticated hackers with ample amounts of free time will work equally hard to "steal" VPN data if they believe it contains valuable information like credit card numbers.

Most VPN technologies implement strong encryption so that data cannot be directly viewed using network sniffers. VPNs may be more susceptible to "man in the middle" attacks, however, that intercept the session and impersonate either the client or server. In addition, some private data may not be encrypted by the VPN before it is transmitted on the public wire. IP headers, for example, will contain the IP adddresses of both the client and the server. Hackers may capture these addresses and choose to target these devices for future attacks.

VPN Protocols
Several interesting network protocols have been implemented for use with VPNs. These protocols attempt to close some of the security holes inherent in VPNs. These protocols continue to compete with each other for acceptance in the industry.

Point-to-Point Tunneling Protocol (PPTP)
PPTP is a protocol specification developed by several companies. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in support for the protocol. The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use. Microsoft continues to improve its PPTP support, though.

PPTP's primary strength is its ability to support non-IP protocols. The primary drawback of PPTP is its failure to choose a single standard for encryption and authentication. Two products that both fully comply with the PPTP specification may be totally incompatible with each other if they encrypt data differently, for example.

Layer Two Tunneling Protocol (L2TP)
The original competitor to PPTP in VPN solutions was L2F -- a protocol implemented primarily in Cisco products. In an attempt to improve on L2F, the best features of it and PPTP were combined to create new standard called L2TP. L2TP exists at the data link layer (layer two) in the OSI model -- thus the origin of its name.

Like PPTP, L2TP supports non-IP clients. It also fails to define an encryption standard. However, L2TP supports non-Internet based VPNs including frame relay, ATM, and SONET.

Internet Protocol Security (IPsec)
IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution, or it can used simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer (layer three) in OSI.

IPsec extends standard IP for the purpose of supporting more secure Internet-based services (including, but not limited to, VPNs). IPsec specifically protects against "man in the middle attacks" by hiding IP addresses that would otherwise appear on the wire.

SOCKS Network Security Protocol
The SOCKS system provides a unique alternative to other protocols for VPNs. SOCKS functions at the session layer (layer five) in OSI, compared to all of the other VPN protocols that work at layer two or three. This implementation offers advantages and disadvantages over the other protocol choices. Functioning at this higher level, SOCKS allows administrators to limit VPN traffic to certain applications. To use SOCKS, however, administrators must configure SOCKS proxy servers within the client environments as well as SOCKS software on the clients themselves.

VPN Hardware and Software
Literally dozens of vendors offer VPN-related products. These products sometimes do not work with each other because of the choice of incompatible protocols (as described above) or simply because of lack of standardized testing.

Some VPN products are hardware devices. Most VPN devices are effectively routers that integrate encryption functionality. Other types of VPN products are software packages. VPN software installs on top of a host operating system and can require significant customization for the local environment. Many vendor solutions comprise both server-side hardware and client-side software designed for use with the hardware.

Conclusion
An amazing amount of development effort has been invested in VPN technologies. Yet the task of choosing and deploying a VPN solution remains far from simple. It may prove helpful to train users in at least the basics of VPN clients to help them migrate to new VPN deployments.

The most common public network used with VPNs is the Internet, but traffic congestion and router failures on the Net can adversely impact the performance of these VPNs. When building a Net-based VPN, it will be important to choose a high-quality service provider.

[ Next Thread | Previous Thread | Next Message | Previous Message ]
Post a message:
This forum requires an account to post.
[ Create Account ]
[ Login ]
Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.