Virtual
Private Network (VPN)
How
Does a VPN Work?
In
a VPN, a company uses the bandwidth of the Internet to establish private,
secure connections between its remote offices and employees. Each of the
remote users connects to the local ISP in the same manner that is used for
Internet access: dial-up, cable, DSL, ISDN, T1 or wireless. A process
called “tunneling” is used to carry the data over the Internet. However,
tunneling alone does not ensure privacy. To secure a tunneled transmission
against interception, all traffic over a VPN is encrypted for safety.
|
|
What
is Tunneling?
Essentially, tunneling is the process of placing an entire packet within
another packet (which provides the routing information) and sending it over
the Internet. The path through which the packets travel is called a tunnel.
For a tunnel to be established, both the tunnel client and the tunnel server
must be using the same tunneling protocol. Two popular tunneling
protocols are the Point-to-Point Tunneling Protocol (PPTP) and Internet
Protocol Security (IPSec). The benefit of using PPTP is that it is built into
the Windows® operating
system allowing any client running Windows to securely connect to the
corporate VPN gateway. IPSec, on the other hand, requires client software for
remote users. IPSec’s advantage is that it provides better overall security
with stronger encryption, and higher performance than PPTP.
What
is Encryption?
Encryption is the process of taking all of the data that one computer is
sending to another and encoding it into a form that only the other computer
will be able to decode. The IP data packet that is being sent across the
Internet is first encrypted and then wrapped in another IP packet. The
corporate and Internet routers see the “wrapper” packets, while the
internal data is securely contained in the payload section of the first IP
packet. The IPSec protocol uses the Data Encryption Standard (DES) to
encrypt and decrypt data. Encryption key lengths range from 56 bits (DES) to
168 bits (3DES). To date, triple DES is the strongest level of encryption
publicly available. It is exponentially more difficult to crack than single
DES; it’s not just three times harder. Microsoft®’s
PPTP uses 40- or 128-bit encryption keys.
Authentication
One of the most important elements of security for a VPN is identifying the
user. This is essential in order to determine what resources the person is
entitled to use. IPSec-enabled devices use a procedure called Internet
Key Exchange (IKE) to transfer security keys. Microsoft’s PPTP leverages
existing user authentication technologies, such as PPP’s Password
Authentication Protocol (PAP) and the Challenge
Handshake Authentication Protocol (CHAP).
|