When a company has several offices located at different places and a whole lot of workers always on the move, calling over wired lines or making long distance calls may turn out to be quite expensive. Apart from that, such modes of communication are likely to pose considerable risks to the network security of any organization.
A more cost effective as well as secure option for remote access today is to get a Virtual Private Network (VPN) installed. While this could either be a remote access or a site-to-site (intranet-based) type for communication with own offices and mobile workers, a site-to-site (extranet-based) VPN can also be used for connecting to an outside company with close ties.
The Virtual Private Network uses a public telecommunication network, such as Internet, to allow the end users for accessing the main network of the organization. VPN employs virtual connections originating from the main network to route through the Internet to the remote sites thereby helping greatly in protecting the remotely deployed computers from illegal incursions.
VPN offers extra security through data encryption – in the form of coding at the transmitting end and decoding at the receiving end – that permits only authorized employers to access the company’s network. The privacy factor is achieved through adherence to prescribed security measures and by implementing the right computer network protocol.
Tunneling One’s Way Through
In case the organization’s central network has a stable Internet connection – a T-1 or a business-class broadband – and the remote users happen to have some kind of Internet connectivity too, the best and the cheapest way is to connect by tunneling through the Internet, or some other public network.
The VPN know-how facilitates employing tunneling protocols – ‘tunneling’ implies a secure tunnel through the public network – to form the connection with encryption procedures that should let every user to access any VPN server on the network and get connected to any specific computer forming part of the network.
Types of VPN Protocols
Listed below are four VPN tunneling protocols:
Point-to-Point Tunneling Protocol (PPTP)
PPTP (Point-to-Point Tunneling Protocol), which was developed by Microsoft with cooperation from a few other technology companies, is a revised version of Point-to-Point protocol (PPP), which happens to be the Internet standard link layer protocol employed to send IP packets over serial links.
A VPN client computer based on this tunneling protocol can connect to a PPTP server either through ISP’s network access server (supporting inbound PPP connections) or by making use of a physical TCP/IP-enabled LAN connection in order to connect to a PPTP server. Even though PPTP practically sets up the tunnel it does not have any facility for encryption, which is done through the use of Microsoft Point-to-Point Encryption (MPPE) protocol. PPTP is considered to be the most favored VPN tunneling protocol because of its relatively lower overhead and higher speed.
Internet Protocol Security (IPsec) Protocol
IPsec is a protocol suite that encrypts data transmitted from one computer to another so that the data can not be altered or interpreted in the event of malicious intervention. In a VPN scenario, IPsec is used in combination with Layer Two Tunneling Protocol (L2TP). As a matter of fact, IPSec provides the encryption facilities for L2TP tunnels.
Layer 2 Tunneling (L2TP) Protocol
L2TP was created by Microsoft together with Cisco by blending certain individual features of PPTP and L2F (Layer 2 Forwarding, Cisco’s proprietary protocol protection). The L2TP tunneling protocol also facilitates data encryption in conjunction with IPsec over and above authenticating the source/origin of the data and providing replay protection facility – a method to mislead an attacker regarding the actual contents of the data.
Secure Sockets Layer (SSL) Protocol
SSL is a general-purpose encryption standard that facilitates encryption and decryption of data. Extremely suitable for web applications requiring a secure link, this protocol is ideal for controlling access to Web-based subscription services as also for e-commerce applications. Since this protocol utilizes the Web browser as the client application, there is no requirement of any separate VPN client software. As a result, there has been increasing preference for this ‘clientless’ protocol amongst prospective users.
Since there is always more than one VPN protocols available, a company should examine all the relevant aspects in advance. Factors such as the number of connections vis-à-vis types of modes, applicability of a VPN protocol to own scenario and the pros/cons of various protocols, and the like, must be thoroughly considered before zeroing on any particular one.