VPN Service: Technology Overview

Apr 12
08:57

2012

Nadine Schulz

Nadine Schulz

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

VPN service has been gaining considerable popularity for quite some time now. Network specialists keep coming up with new solutions and VPN software updates, to guarantee highest safety levels, and adapt to changing hardware possibilities and new technologies. Let us look at some of the most popular solutions.

mediaimage
PPTP
The simplest and at the same time probably the oldest way of establishing an increased safety connection between a mobile client and a LAN (VPN client-to-site) is to use  PPTP,VPN Service: Technology Overview Articles also known as Windows VPN. In order to run it, you simply need to go to the  "Connect to the network at work" option. Like IPSec, this technology is a combination of different protocols:
  • PPTP - first connection initiating a TCP tunnel,
  • GRE - the proper tunnel, through which the data is transmitted.
Although PPTP is the easiest solution for setting up a tunnel, both on the client and the VPN server site, it is definitely not recommended for longer use, due to low level of security.

VPN - SSL VPN Technologies 
As a compromise between flexibility (because obviously our boss must always have access to all data), and security, SSL VPN was brought to life. The idea was simple and brilliant. The customer trying to access internal resources, such as  intranet ERP sites, first has to connect to the SSL VPN concentrator. Afterwards he goes through authentication, and only then gets access to internal corporate resources. At first glance, this solution seemed to be quite perfect: it does not require configuration on the client side, and it allows to monitor all access to internal resources. However, as it later turned out, the network administrator gains all the flexibility at the expense of controlling the client computer. Each PC is equipped with a Web browser which is usually sufficient to establish a connection to the VPN concentrator. Since accessing the network is possible from every computer, there is high chance that some of them are infected and can intercept SSL VPN user credentials.

SSL VPN technology can be divided into three contract types:
  • Web Access (Reverse Proxy)
  • Full accesss (Port Redirect)
  • True SSL VPN (Open VPN, TINA)

VPN - IPSec Technologies
The most popular way to provide secure data transmission is the use of a set of protocols called IPSec, or Internet Protocol Security. Protocols that are part of IPSec are:
  • Internet Key Exchange (IKE and IKEv2)
  • Authentication Header (AH)
  • Encapsulating Security Payload (ESP).

The main objective pursued by IPSec’s authors was to provide integrity and confidentiality of  the data transmitted via IP.
Each of the constituent protocols has been developed for a different purpose, and adds specific functions to the IPSec as a whole. For example, IKE is responsible for the creation of so-called Security Association (SA), which is characterized by the following:
  • security protocol identifier
  • source and destination IP address,
  • SPI, that is a 32-bit number that identifies the connection.

For any VPN service, an unquestionable advantage of such modularity of the IPSec packet is that it is relatively easy to upgrade or expand. Even if in a few years the AES algorithm will be  broken, it will not necessarily mean the end of the entire IPSec. Since AES is only one of the interchangeable modules, it will be easily replaced. The same modularity, however, can also be a nuisance for the administrator. Many elements are necessary for proper operation of encrypted transmission, all of which have to undergo a more or less complicated configuration. The complexity of IPSec can be a threat to the functioning of the VPN as a whole. Yet, from the very beginning of IPSec, attempts are made to improve this protocol by adding new functionalities. One such improvement is the ability to use NATed networks through IPSec NAT Traversal technology.

Article "tagged" as:

Categories: