VPN (Virtual Private Network) Security Protocols

by Karun Subramanian on August 30, 2015

Commonly used VPN security technologies are:

Point to Point Tunneling Protocol (PPTP):

Layer 2 forwarding Protocol (L2F):

Layer 2 tunneling Protocol (L2TP)

Combines features from L2F and PPTP
Operates at Data Link Layer
Provides Transparency. Requires no additional software
Provides Authentication, Authorization and Accountability
Supports variety of Authentication mechanisms such as PPP,RADIUS,DIAMETER,TACACS,one-time passwords, smart cards

IPSec (Internet Protocol Security)

Operates at Network Layer (Layer 3) of the OSI model
Most popular and robust
Provides confidentiality, integrity and authenticity
In Transport mode, only data is encrypted
In tunnel mode, the entire packet is encrypted
Two main protocols used in IPSec are
1. Authentication Header (AH): Provides integrity, authentication and non-repudiation
2. Encapsulating Security Payload (ESP): Provides confidentiality (encryption) and limited authentication
A Security Association (SA) is a one-way connection between the communicating hosts. So, two SAs are required for each communication session. Only one protocol (AH or ESP) can be used with each SA. A SA has three parameters
1. Security Parameter Index (SPI): 32 bit string used by receiving station to differentiate between SAs terminating on that station.
2. Destination IP Address
3. Security Protocol ID: must be either an AH or ESP association
IKE (Internet Key Exchange) provides Key management. IKE comprises of
1. ISAKMP (Internet Security Association and Key management protocol)
2. SKEME (Secure Key Exchange Mechanism)
3. Oakley Key Exchange Protocol

SSL (Secure Sockets Layer)

Comments on this entry are closed.