≡ Menu

VPN (Virtual Private Network) Security Protocols


Commonly used VPN security technologies are:

  1. Point to Point Tunneling Protocol (PPTP)
  2. Layer2 Forwarding Protocol (L2F)
  3. Layer2 Tunneling Protocol (L2TP)
  4. IPSec
  5. SSL

Point to Point Tunneling Protocol (PPTP):

  1. Uses PAP, CHAP, EAP
  2. Typically used in dial-up connections in Windows platform
  3. Operates at Data Link Layer

Layer 2 forwarding Protocol (L2F):

  1. Developed by CISCO
  2. Similar to PPTP
  3. Operates at Data Link Layer

Layer 2 tunneling Protocol (L2TP)

  1. Combines features from L2F and PPTP
  2. Operates at Data Link Layer
  3. Provides Transparency. Requires no additional software
  4. Provides Authentication, Authorization and Accountability
  5. Supports variety of Authentication mechanisms such as PPP,RADIUS,DIAMETER,TACACS,one-time passwords, smart cards

IPSec (Internet Protocol Security)

  1. Operates at Network Layer (Layer 3) of the OSI model
  2. Most popular and robust
  3. Provides confidentiality, integrity and authenticity
  4. In Transport mode, only data is encrypted
  5. In tunnel mode, the entire packet is encrypted
  6. Two main protocols used in IPSec are
    1. Authentication Header (AH): Provides integrity, authentication and non-repudiation
    2. Encapsulating Security Payload (ESP): Provides confidentiality (encryption) and limited authentication
  7. A Security Association (SA) is a one-way connection between the communicating hosts. So, two SAs are required for each communication session. Only one protocol (AH or ESP) can be used with each SA. A SA has three parameters
    1. Security Parameter Index (SPI): 32 bit string used by receiving station to differentiate between SAs terminating on that station.
    2. Destination IP Address
    3. Security Protocol ID: must be either an AH or ESP association
  8. IKE (Internet Key Exchange) provides Key management. IKE comprises of
    1. ISAKMP (Internet Security Association and Key management protocol)
    2. SKEME (Secure Key Exchange Mechanism)
    3. Oakley Key Exchange Protocol

SSL (Secure Sockets Layer)

  1. Operates at Layer 4 (Transport)
  2. Provides secure access to Web-enabled application. Provides granular control
  3. Limitation is that no all applications will work over SSL VPN.


Comments on this entry are closed.