Protocols give VPNs their rights of passage

Protocols give VPNs their rights of passage

A typical virtual private network has gateways at both ends of a public network. A variety of products, such as VPN access servers, VPN routers and even computers loaded with VPN client software, can act as the gateways.

At one end of the network, frames of data are encapsulated, given headers and routing information, and sent on their way. When they reach their destination, the gateway or appliance at the other end unencapsulates the data frames and forwards them to the intended recipient.

The logical path through which the encapsulated packets travel the internetwork is called a tunnel. Tunneling, which includes the entire process of encapsulation, transmission and unencapsulation, is nothing new. It has been around for years in various forms, including IBM Corp.'s Systems Network Architecture over IP networks and Novell Inc.'s Internet Packet Exchange tunneling for IP internetworks.

But three important tunneling protocols with high-level encryption and security features have revolutionized the growth of VPN services, particularly over the Internet:

  • Point-to-Point Tunneling Protocol, which facilitates the encryption and encapsulation of IP, IPX and NetBEUI traffic into an IP header so that it can be sent safely over the Internet, or an enterprise intranet or extranet

  • Layer 2 Tunneling Protocol, which allows the same type of traffic to be encrypted and sent over any medium that supports point-to-point datagram delivery, such as IP, X.25, frame relay or asynchronous transfer mode

  • IP Security Tunnel Mode, which allows IP data payloads to be encrypted and then encapsulated in an IP header to be sent across the Internet or an enterprise intranet.

    A white paper by Microsoft Corp. says four security techniques are vital to any VPN system, regardless of the tunneling protocols it uses:

  • User authentication. It must verify a user's identity and restrict VPN access to authorized users. It also must provide audit and accounting records on user privileges.

  • Address management. It must assign and keep private clients' addresses on the private network.

  • Data encryption. It must render data carried on the public network unreadable to unauthorized clients.

  • Key management. It must generate and refresh encryption keys for the client and server.

  • 'J.B. Miles


    • Records management: Look beyond the NARA mandates

      Pandemic tests electronic records management

      Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

    • boy learning at home (Travelpixs/

      Tucson’s community wireless bridges the digital divide

      The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

    Stay Connected