Commonly used VPN security technologies are:
- Point to Point Tunneling Protocol (PPTP)
- Layer2 Forwarding Protocol (L2F)
- Layer2 Tunneling Protocol (L2TP)
- IPSec
- SSL
Point to Point Tunneling Protocol (PPTP):
- Uses PAP, CHAP, EAP
- Typically used in dial-up connections in Windows platform
- Operates at Data Link Layer
Layer 2 forwarding Protocol (L2F):
- Developed by CISCO
- Similar to PPTP
- Operates at Data Link Layer
Layer 2 tunneling Protocol (L2TP)
- Combines features from L2F and PPTP
- Operates at Data Link Layer
- Provides Transparency. Requires no additional software
- Provides Authentication, Authorization and Accountability
- Supports variety of Authentication mechanisms such as PPP,RADIUS,DIAMETER,TACACS,one-time passwords, smart cards
IPSec (Internet Protocol Security)
- Operates at Network Layer (Layer 3) of the OSI model
- Most popular and robust
- Provides confidentiality, integrity and authenticity
- In Transport mode, only data is encrypted
- In tunnel mode, the entire packet is encrypted
-
Two main protocols used in IPSec are
- Authentication Header (AH): Provides integrity, authentication and non-repudiation
- Encapsulating Security Payload (ESP): Provides confidentiality (encryption) and limited authentication
-
A Security Association (SA) is a one-way connection between the communicating hosts. So, two SAs are required for each communication session. Only one protocol (AH or ESP) can be used with each SA. A SA has three parameters
- Security Parameter Index (SPI): 32 bit string used by receiving station to differentiate between SAs terminating on that station.
- Destination IP Address
- Security Protocol ID: must be either an AH or ESP association
-
IKE (Internet Key Exchange) provides Key management. IKE comprises of
- ISAKMP (Internet Security Association and Key management protocol)
- SKEME (Secure Key Exchange Mechanism)
- Oakley Key Exchange Protocol
SSL (Secure Sockets Layer)
- Operates at Layer 4 (Transport)
- Provides secure access to Web-enabled application. Provides granular control
- Limitation is that no all applications will work over SSL VPN.
Comments on this entry are closed.