UTT Technologies VPN Menu
http://www.uttglobal.com Page 157
Chapter 13. VPN Menu
13.1 Introduction to VPN Technologies
PPTP and IPSec are the two most popular VPN tunneling protocols. Tunneling
protocols are at the heart of all VPN implementations. VPN tunneling involves
establishing and maintaining a logical network connection, on which the encapsulated
packets are transmitted securely.
Tunneling protocols operate at the data link layer (Layer 2) or network layer (Layer 3)
of the OSI model. Layer 2 tunneling protocols, such as PPTP, use frames as their unit
of exchange, and encapsulate the original packets inside PPP frames before sending
them through a VPN tunnel over the Internet. Layer 3 tunneling protocols, such as
IPSec (in tunnel mode), use packets as their unit of exchange, and encapsulate IP
packets in an additional IP header before sending them through a VPN tunnel over the
Internet.
To implement secure data transmission, VPN tunneling protocols also need support
one or more security measures to ensure data confidentiality and integrity. Although
PPTP has its own advantages, it doesn’t provide effective security measures to
thoroughly solve the problem of tunnel and data encryption. Compared with PPTP,
IPSec provides a higher level of security including data confidentiality (encryption),
network-level peer authentication, data origin authentication, data integrity, as well as
replay protection. IPSec provides two security mechanisms: encryption and
authentication. Encryption mechanism is used to ensure data confidentiality (prevent
eavesdropping), and authentication mechanism is used to ensure that data is from the
initial sender and not destroyed or tampered during transmission. In short, IPSec
provides transparent security services to protect communications over IP networks
against eavesdropping and tampering and other network attacks.
Although PPTP is not as secure as IPSec, it still can meet the security requirements of
most organizations; in addition, it has several advantages over IPSec, such as ease of
use, low-cost and ease of deployment. On the other hand, although IPSec has a
higher security and reliability, it is usually more complicated to
deploy; and it is
subjected to certain restrictions, for example, some NAT devices don’t support IPSec
pass-through. Therefore, before building your VPN infrastructure, you should choose
an appropriate tunneling protocol for your VPN according to the actual needs.
Because most Windows operating systems (such as Windows 2000, XP, Vista, 7, etc.)
have built-in PPTP client software, a Windows 2000/XP/Vista/7-based computer can
act as a PPTP client to establish an end-to-site VPN tunnel (also known as remote
access or dial-up VPN) with a VPN appliance acting as a PPTP server. In addition,
Windows 2000 and newer versions of Windows have built-in support for IPSec.
To Next Page
Loading...
