[ISN] Protocols serve up VPN security

From: cult hero (jerichoat_private)
Date: Sat Jun 05 1999 - 08:13:55 PDT

  • Next message: cult hero: "[ISN] Product Review: NOVaSTOR DataSAFE"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.990605091207.593Vat_private>
    Forwarded From: darek milewski <darekmat_private>
    Protocols serve up VPN security
    Network World, 05/31/99
    As the need to securely open corporate LANs to telecommuters and disparate
    corporate sites grows, virtual private networks (VPN) continue to meet the
    demand. VPNs - which establish private, secure sessions between two or
    more LANs or between remote users and a LAN - use the Internet or private
    IP networks to distribute data and enable corporations to eliminate
    additional, often expensive, dedicated lines or remote access servers. 
    Today, network executives must weigh two protocols that specify how VPNs
    should be built. The Point-to-Point Tunneling Protocol (PPTP) and IP
    Security (IPSec) protocol enable private sessions over the Internet and
    securely link remote users to corporate networks. The protocols also
    possess relative strengths and weaknesses in data security and ease of
    deployment.  Network managers must determine which VPN protocol best suits
    the need of their organizations. 
    Diagram of how PPTP works
    PPTP vs. IPSec security
    Spearheaded by Microsoft and US Robotics, PPTP was first intended for
    dial-up VPNs. The protocol was meant to augment remote access usage by
    letting users dial in to local ISPs and tunnel into their corporate
    networks. Unlike IPSec, PPTP was not intended to address LAN-to-LAN
    tunneling when it was first created. 
    PPTP extends PPP - a protocol that defines point-to-point connections
    across an IP network. PPP is widely used to connect dial-up and broadband
    users to the public Internet or private corporate networks. Because PPP
    functions at Layer 2, a PPTP connection that encapsulates PPP packets
    allows users to send packets other than IP, such as IPX or NetBEUI. IPSec,
    on the other hand, functions at Layer 3 and is only able to provide the
    tunneled transport of IP packets. 
    The encryption method commonly used in PPTP is defined at the PPP layer. 
    Typically, the PPTP client is the Microsoft desktop, and the encryption
    protocol used is Microsoft Point-to-Point Encryption (MPPE). MPPE is based
    on the RSA RC4 standard and supports 40-bit or 128-bit encryption.
    Although this level of encryption is satisfactory for many applications,
    it is generally regarded as less secure than some of the encryption
    algorithms offered by IPSec, particularly 168-bit Triple-Data Encryption
    Standard (DES). 
    Protect and serve
    Meanwhile, IPSec was built for secure tunneling over the Internet between
    protected LANs. It was meant for a connection with a remote office,
    another LAN or corporate supplier. For instance, a large automotive
    company could use an IPSec VPN to securely connect its suppliers and
    support purchases orders over the 'Net. 
    IPSec also supports connections between remote users and corporate
    networks. Similarly, Microsoft added LAN-to-LAN tunneling support for PPTP
    in its Routing and Remote Access Server for Windows NT Server 4.0. 
    When it comes to strong encryption and data integrity, IPSec is generally
    regarded as superior. The protocol combines key management with support
    for X.509 certificates, information integrity and content security.
    Furthermore, 168-bit Triple-DES encryption, the strongest form of
    encryption available in IPSec, is more secure than 128-bit RC4 encryption.
    IPSec also provides packet-by-packet encryption and authentication and
    prevents the "man-in-the-middle attack," in which data is intercepted by a
    third party, reconstructed and sent to the receiver. 
    PPTP, however, is vulnerable to such assaults, primarily because it
    authenticates sessions but not individual packets. Note, however, that
    mounting a successful man-in-the-middle attack against a PPTP connection
    would take considerable effort and know-how. 
    For many corporations, the ability to run PPTP from the Windows platform
    (it supports Windows NT, 95 and 98) can make deploying and maintaining a
    VPN seamless. For others, PPTP is perceived as less secure than IPSec. 
    It is important to bear in mind, however, if deploying a VPN for remote
    users, IPSec requires an organization to load specialized client software
    on each desktop. Client software deployment and maintenance are a weighty
    undertaking that must be considered. In terms of simplicity, PPTP is
    substantially easier to deploy. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: OSAll [www.aviary-mag.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:24:26 PDT