Thursday, April 3, 2008

Protocols, Protocols, and More Protocols!

Because the functions provided by a VPN include tunneling, data integrity, and authentication, it makes sense that a VPN is not created using a single protocol. Instead, several protocols can be used to create a VPN, each performing a particular function. In this section the following protocols are briefly examined:

For the most part, only IPSec should be a major factor in VPNs in the coming years. PPTP was used by Windows NT 4.0 as part of its VPN package, and L2TP has replaced it in Windows 2000 and Windows XP VPNs. L2TP is basically just the PPTP protocol combined with the L2F protocol developed by Cisco. However, most VPN vendors are using the IPSec protocols instead, which are described in greater detail than PPTP and L2TP. The IPSec protocols incorporate some of the security mechanisms that were originally designed to be included in IPv6 but have been adapted for use in the existing IPv4 network.

Internet 2010

Note

Before you adopt a particular VPN solution, you should determine if the connection will be used by PDAs, Pocket PCs, or smartphones. Many of these devices do not include integrated VPN support, but in some cases updates to the operating system or third-party software does provide this functionality as an additional feature. IPSec is the most common VPN protocol supported by hand-held devices.

IPSec Protocols

As noted previously, IPSec is the emerging standard being adopted by more and more VPN vendors. IPSec was derived from concepts that were originally designed to provide for secure communications in the next generation of the IP protocol, IPv6, which is gradually being developed.

Although Microsoft chooses to use L2TP and IPSec in combination as its VPN solution for Windows 2000 and Windows XP, many hardware and software vendors are sticking with a simple IPSec solution.

The good news is that if you decide on an all-IPSec solution, you can be virtually assured that equipment (or software) from one vendor to another will work together. If you have an all-Windows server environment, this might be of no concern. For those who operate multiprotocol networks, IPSec might be the best choice. As noted previously, IPSec is also the most widely supported VPN protocol on handheld devices.

IPSec is a standard defined in several Request for Comments (RFC) documents. IPSec is transparent to the end user and can traverse the Internet using standard IPv4 routers and other equipment without requiring any modification because it operates at the Network layer. IPSec is also flexible, allowing for the negotiation and use of many different encryption and authentication techniques.

The three main components of IPSec are the following:

No comments:

Internet Blogosphere