In the last section we discussed about the types of VPN. It is as easy and cheap way to access your LAN over the VPN. But at the time of planning of VPN in for corporate network one question always asked about the reliability and security of communication over VPN. So lets discuss about the security of VPN.
Most VPNs rely on tunneling to create a private network that reaches across the Internet. Tunneling is the process of placing an entire packet within another packet before it's transported over the Internet. That outer packet protects the contents from public view and ensures that the packet moves within a virtual tunnel. This layering of packets is called encapsulation. Computers or other network devices at both ends of the tunnel, called tunnel interfaces, can encapsulate outgoing packets and reopen incoming packets. Users (at one end of the tunnel) and IT personnel (at one or both ends of the tunnel) configure the tunnel interfaces they're responsible for to use a tunneling protocol. Also called an encapsulation protocol, a tunneling protocol is a standardized way to encapsulate packets [L2F, PPTP, and L2TP].
The purpose of the tunneling protocol is to add a layer of security that protects each packet on its journey over the Internet. The packet is traveling with the same transport protocol it would have used without the tunnel; this protocol defines how each computer sends and receives data over its ISP. Each inner packet still maintains the passenger protocol, such as Internet protocol (IP) or AppleTalk, which defines how it travels on the LANs at each end of the tunnel. The tunneling protocol used for encapsulation adds a layer of security to protect the packet on its journey over the Internet.
Encryption and Security Protocols in a VPN
Encryption is the process of encoding data so that only a computer with the right decoder will be able to read and use it. You could use encryption to protect files on your computer or e-mails you send to friends or colleagues. An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt it. The most common forms of encryption are symmetric-key encryption or public-key encryption:
- In symmetric-key encryption, all computers share the same key used to both encrypt and decrypt a message.
- In public-key encryption, each computer has a public-private key pair. One computer uses its private key to encrypt a message, and another computer uses the corresponding public key to decrypt that message.
VPN needs more than just a pair of keys to apply encryption. That's where protocols come in. A site-to-site VPN could use either Internet protocol security protocol (IPsec) or generic routing encapsulation (GRE). GRE provides the framework for how to package the passenger protocol for transport over the Internet protocol (IP). This framework includes information on what type of packet you're encapsulating and the connection between sender and receiver.
IPSec is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server. IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:
- Encapsulated Security Payload (ESP) encrypts the packet's payload (the data it's transporting) with a symmetric key.
- Authentication Header (AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender's identity) until it gets to its destination.
In a remote- access VPN, tunneling typically relies on Point-to-point Protocol (PPP) which is part of the native protocols used by the Internet. More accurately, though, remote-access VPNs use one of three protocols based on PPP:
- L2F (Layer 2 Forwarding) -- Developed by Cisco; uses any authentication scheme supported by PPP
- PPTP (Point-to-point Tunneling Protocol) -- Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP
- L2TP (Layer 2 Tunneling Protocol) -- Combines features of PPTP and L2F and fully supports IPSec; also applicable in site-to-site VPNs
So after this final part of VPN, I believe everyone got the full concept of VPN and its working topology as well as the types of VPN. Yes, may be before this article you had doubts about the reliability of communication over VPN. It is secure or not. Hopefully this article cleared your doubts about the security of the data when you are keeping it in VPN.
Thanks so much for reading this article, your feedback is required.