Summary


In this chapter, we discussed the basics behind how VPNs work and the process of tunneling. We discussed the advantages of VPNs, including security, deployment, and cost benefits. We also looked at some disadvantages, including bandwidth considerations, design and implementation issues, and troubleshooting and control issues.

We also covered the popular VPN protocols IPSec, L2TP, and PPTP. IPSec is a suite of security protocols that includes IKE, AH, and ESP. IKE is used in two phases to negotiate and authenticate VPN partners. Next, one or both AH and ESP protocols are used as the main security protocol for data transmission. AH is used to authenticate and verify integrity of data flow, whereas ESP completely encapsulates the packet or its payload (depending on SA mode), offering full confidentiality of data flow.

Finally, we covered L2TP and PPTP and saw the advantages of a Layer 2based tunneling protocol, including the transmission of non-IP protocols, and its ability to pass NAT without issue. The downside is that because both protocols were built on PPP, they have communication session vulnerabilities that aren't found with IPSec.

Regardless of your choice of VPN hardware or tunneling protocol, the concepts of VPNs are universal. Correctly identifying and weighing the disadvantages and advantages for your particular environment is a necessary part of designing remote communications. After a VPN is decided upon as the choice communication for your situation, a full understanding of the principles of cryptography and their incorporation into the VPN will help facilitate a smooth implementation.

Understanding VPNs, IPSec, cryptography, and other tunneling protocols will be advantageous to anyone who is involved in the upkeep and implementation of network security.



    Inside Network Perimeter Security
    Inside Network Perimeter Security (2nd Edition)
    ISBN: 0672327376
    EAN: 2147483647
    Year: 2005
    Pages: 230

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net