VPN BASICSBy Kevin Stevens

UATNTS4150

VPN

Definition: A Virtual Private Network (VPN) is a

technology that allows secure communication via a “tunnel,” across public networks

Types of VPN’s

Hardware – A dedicated appliance specifically for use as a VPN.

-High performance-Quick implementation for large scale

deployment

Examples: SonicWALL NSA E8500

Types of VPN’s

Software – Software based VPN that can be installed on existing infrastructure.

-Lower capex (Possibly free)-Better compatibility with mixed

environments

Examples: OpenVPN, OpenSwan

VPN Advantages

Cost efficient compared to dedicated lines

Ability to secure traffic through public networks

Faster deployment than other solutions

VPN Disadvantages

No control over Internet bandwidth Increase in network administration Incompatibility issues Can open remote vectors of attack

VPN Configurations

Remote Access – establishes a remote connection on a client/server basis. Typically seen with telecommuters.

Network to network (site to site) – connects remote offices via end points.

VPN Tunneling Protocols

IPSec – Operates at the network layer. Provides functionality to encrypt and authenticate IP data.

PPTP – Point-to-Point tunneling protocol. Operates at the Data link layer. Uses PPP to encapsulate data.

L2TP – Layer 2 Tunneling Protocol. Operates at the Data link layer. Uses PPP to encapsulate data. A combination of L2F and PPTP.

SSL – Works at different levels of the OSI, giving it flexibility.

VPN Encryption Schemes

VPN’s can be setup with a myriad of encryption schemes. Here are some of the basics:

PPP – can provide encryption through Microsoft's Point-to-Point Encryption Protocol (MPPE). MPPE uses the RSA RC4 encryption algorithm.IPsec – provides encryption through the Encapsulating Security Payload (ESP). Supports various encryption algorithms.

SSL/TLS – provides a variety of encryption algorithms.

*Note*

The Virtual Private Network Consortium only supports the following secure VPN

technologies:

IPsec with encryption L2TP inside of IPsec SSL with encryption

References

Krutz L., R., & Vines, R. D. (2007). The CISSP and CAP Prep Guide. Indianapolis: Wiley Publishing.

Merkow, M., & Breithaupt, J. (2006). Information Security Principles and Practice. Upper Saddle River: Prentice Hall.

Northcutt, S., Zeltser, L., Winters, S., & Kent, K. R. (2005). Inside Network Security. Sams Publishing.

VPN Technologies: Definitions and Requirements. (n.d.). Retrieved November 28, 2010, from http://www.vpnc.org/vpn-technologies.html