This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This report will outline the reasons why tunnelling is used and describe two of the most commonly used tunnelling protocols. This report aims to inform why they have been developed and why one might be preferred over the other.
In this report, I will be mainly focusing on
The main aim of this report is to present information on the following areas
Explain network tunnelling
Briefly describe the reasons for tunnelling
Explain two tunnelling protocols
Compare the strengths and weaknesses of the two tunnelling protocols
Tunnelling allows oneÂ network to send its data through another network's connections; for example the internet. Tunnels are used to create a safe and secure network connection between a private network and a remote host. This enables a remote user to gain access to resources on their private network.
It does this by using tunnelling protocols; this is where a packet based on one protocol is encapsulated in a second packet based on whatever protocol is needed in order for it to travel through the intermediary network. In effect the, the second wrapper 'insulates' the original packet and creates the illusion of a tunnel. Tunnelling technology can be implemented using a Layer 2 or Layer 3 tunnelling protocol.
In real life term, tunnelling is compared to 'encapsulating' a present (original packet) in a box (second wrapper) for delivery through the postal service.
Reasons for Tunnelling
PPTP eliminates the need for expensive, leased-line or private enterprise-dedicated communication
servers because you can use PPTP over PSTN lines. PPTP simplifies and reduces the cost of deploying an enterprise-wide, remote access solution for remote or mobile users because it provides secure and encrypted communications over public telephone lines and the Internet
Point To Point Tunnelling Protocol
The Point to Point Tunneling Protocol (PPTP) was developed by PPTP Forum. This was a group of companies that included Microsoft; Ascend, US Robotics and. 3Com.PPTP is one of the most commonly implemented tunnelling protocols. This is mainly due to the fact that it's supported by windows clients and it's fairly simple to configure and maintain.Â PPTP has the capacity to provide on-demand, multiprotocol for Virtual private networks utilizing public networks for instance the Internet.
PPTP is an expansion of the Point-to-Point protocol (PPP) RFC 1661.
PPTP works at the datalink layer of the OSI model.
There is no encryption with PPTP as it only establishes the tunnel.
PPTP is an extension of the Internet standard Point-to-Point protocol (PPP), the link layer protocol used to transmit IP packets over serial links.
The authentication used by PPTP is the same as PPP (PAP, SPAP, CHAP, MS-CHAP v.1/v.2 and EAP).
Â PPTP encrypted using Microsoft Point-to-Point Encryption (MPPE) protocol to create a secure VPN. PPTP has relatively low overhead, thisÂ making it faster than some other VPN methods.
Structure of a PPTP Packet Containing an IP Datagram
Structure of PPTP Packet Containing IP Datagram
Most old vulnerabilities in PPTP are fixed these days and you can combine it with EAP to enhance it to require certificates as well.
One advantage of using PPTP is that there is no requirement for a certificate infrastructure. However EAP does use digital certificates for mutual authentication (both client and server) and higher security.
How works: A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage as second GRE(generic routing encapsulation) tunnel to the same peer.
Port/protocol:Â 1723 TCP and protocol GRE
User Authentication Protocol: EAP-TLS or MS-CHAPÂ v2
Encryption method:Â MPPE (Microsoft Point-to-Point Encryption)
Encryption Strength:Â MPPE 40 and 128 bit
Layer 2 Tunnelling Protocol
The Layer 2 Tunnelling Protocol (L2TP) was developed in cooperation betweenÂ CiscoÂ and Microsoft to combine features of PPTP with those of Cisco's proprietary Layer 2 Forwarding (L2F) protocol.L2TP (Layer Two Tunnelling Protocol) supports non-TCP/IP clients and protocols (such as Frame Relay, ATM and SONET).
L2TP does not provide any encryption or confidentiality by itself.Â It relies on an encryption protocol that it passes within the tunnel to provide privacy. Nowadays L2TP connectionsÂ do not negotiate the use of PPP encryption through Microsoft Point-to-Point Encryption (MPPE). Instead, encryption is providedÂ through the use of the Internet Protocol securityÂ (IPSec) Encapsulating Security Payload (ESP) header and trailer.Â It is also important to note that IPsec is more resource intensive than PPTP, hence the overhead with a L2TP solution is higher than PPTP.
Structure of an L2TP Packet Containing an IP Datagram
Structure of L2TP Packet Containing an IP Datagram
Port:Â 1701 UDP
User Authentication Protocol:Â EAP-TLS or MS-CHAP v2
* In addition to providing computer-level authentication, IPSec provides end-to-end encryption for data that passes between the sending and receiving nodes.
Encryption Strength:Â Advanced Encryption Standard (AES) 256, AES 192, AES 128, and 3DES encryption algorithms
L2TP vs PPTP
L2TP/IPSec and PPTP are similar in the following ways:
provide a logical transport mechanism to send PPP payloads;
provide tunneling or encapsulation so that PPP payloads based on any protocol can be sent across an IP network;
rely on the PPP connection process to perform user authentication and protocol configuration.
Some facts about PPTP:
+Â PPTPÂ easy to deploy
+Â PPTPÂ useÂ TCP, this reliable solution allow to retransmit lost packets
+Â PPTPÂ support
-Â PPTPÂ less secure with MPPE(up to 128 bit)
-Â dataÂ encryptionÂ begins after the PPP connection process (and, therefore, PPP authentication) is completed
-Â PPTPÂ connections require only user-level authentication through a PPP-based authentication protocol
Some facts about L2TP(over IPsec):
+Â L2TP/IPSecÂ data encryption begins before the PPP connection process
+Â L2TP/IPSecÂ connections use the AES(up to 256bit) or DESUup to three 56-bit keys)
+ L2TP/IPSecÂ connections provide stronger authentication by requiring both computer-level authentication through certificates and user-level authentication through a PPP authentication protocol
+ L2TPÂ useÂ UDP. It is a faster, but less reliable, because it does not retransmit lost packets, is commonly used in real-time Internet communications
+ L2TPÂ moreÂ "firewall friendly"Â than PPTP - a crucial advantage for an extranet protocol due to most firewalls do not support GRE
-Â L2TPÂ require certificate infrastructure for issuing computer certificates
There's no clear winner, but PPTP is older,Â more light-weight,Â works in most cases and clients are readily pre-installed, giving it an advantage in normally being very easy to deploy and configure (without EAP).
Strengths And Weaknesses Of PPTP and L2TP
Both PPTP and L2TP have advantages and disadvantages:
PPTP can only run on top of IP networks, whereas L2TP can use other protocols such as Internetwork Packet Exchange (IPX) and Systems Network Architecture (SNA).
PPTP does not support dial-in authentication protocols such as Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control Systems (TACACS+), whereas L2TP does.
PPTP is an encryption protocol, whereas L2TP is not, so it lacks security.
Layer 2 Tunneling Protocol (L2TP) is a protocol used to tunnel data communications traffic between two sites over the Internet. L2TP is often used in tandem with IPSec (which acts as a security layer) to secure the transfer of L2TP data packets over the Internet. Unlike PPTP, a VPN implementation using L2TP/IPSec requires a shared key or the use of certificates.
Advantages & Disadvantages
A VPN is a inexpensive effective way of building a private network. The use of the Internet as the main communications channel between sites is a cost effective alternative to expensive leased private lines. The costs to a corporation include the network authentication hardware and software used to authenticate users and any additional mechanisms such as authentication tokens or other secure devices. The relative ease, speed, and flexibility of VPN provisioning in comparison to leased lines makes VPNs an ideal choice for corporations who require flexibility. For example, a company can adjust the number of sites in the VPN according to changing requirements.
There are several potential disadvantages with VPN use. The lack of Quality of Service (QoS) management over the Internet can cause packet loss and other performance issues. Adverse network conditions that occur outside of the private network is beyond the control of the VPN administrator. For this reason, many large corporations pay for the use of trusted VPNs that use a private network to guarantee QoS. Vendor interoperability is another potential disadvantage as VPN technologies from one vendor may not be compatible with VPN technologies from another vendor. Neither of these disadvantages have prevented the widespread acceptance and deployment of VPN technology.