Академический Документы
Профессиональный Документы
Культура Документы
The growing
number of users, the ease of accessibility, and the reduced cost of the Internet connection have
introduced a greater need for cost-effective and secure communications without purchase of
leased lines. Many companies participated in the development that resulted in the creation of
different VPN standards and protocols. We discuss the most common ones here.
IPSec
IPSec is the most widely acknowledged, supported, and standardized of all VPN protocols. It is
the ultimate choice for interoperability reasons. IPSec is a framework of open standards that
produced a secure suite of protocols that can be run on top of the existing IP connectivity. It
provides both data authentication and encryption services at the third OSI layer and can be
implemented on any device that communicates over IP. Unlike many other encryption schemes
that protect a specific high-layer protocol, IPSec, working at the lower layer, can protect all
traffic that is carried over IP. It is also used in conjunction with Layer 2 tunneling protocols to
provide both encryption and authentication for non-IP traffic.
The protocol incorporates three major components: the Authentication Header (AH),
Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE).
The AH is added after the IP header and provides packet-level authentication and integrity
services, ensuring that the packet was not tampered with along the way and originated from the
expected sender. ESP provides confidentiality, data origin authentication, integrity, optional
antireplay service, and limited traffic flow confidentiality. Finally, IKE negotiates security
associations that describe the use of security services between participating entities.
PPTP
PPTP is commonly used for creation of secure communication channels between a large number
of Windows hosts on the intranet. We have to caution you that it has a long history of
insecurities and typically uses lower grade encryption ciphers, such as MD4 or DES.
GRE
L2TP
Jointly developed by Cisco, Microsoft, and 3Com, L2TP promised to replace PPTP as a major
tunneling protocol. It is essentially a combination of PPTP and Cisco Layer Two Forwarding
(L2F), merging both into a single standard. L2TP is used to tunnel PPP over a public IP network.
It relies on PPP to establish a dial-in connection using PAP or CHAP authentication but, unlike
PPTP, L2TP defines its own tunneling protocol. Because L2TP works on Layer 2, the non-IP
protocols can be transported through the tunnel, yet it will work on any Layer 2 media, such as
ATM, Frame Relay, or 802.11. The protocol does not offer encryption by itself, but it can be
used in conjunction with the other protocols or application-layer encryption mechanisms to
provide for security needs.