This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This report will outline the reasons why tunnelling is used and describe two of the most commonly used tunnelling protocols. This report aims to inform why they have been developed and why one might be preferred over the other.
In this report, I will be mainly focusing on
Explain network tunnelling
Briefly describe the reasons for tunnelling
Explain two tunnelling protocols
Compare the strengths and weaknesses of the two tunnelling protocols
Tunnelling allows one network to send its data through another network's connections; for example the internet. Tunnels are used to create a safe and secure network connection between a private network and a remote host. This enables a remote user to gain access to resources on their private network.
It does this by using tunnelling protocols; this is where a packet based on one protocol is encapsulated in a second packet based on whatever protocol is required to allow it to propagate through the intermediary network. In effect the, the second wrapper 'insulates' the original packet and gives the illusion of a tunnel. Tunnelling technology can be implemented using a Layer 2 or Layer 3 tunnelling protocol.
In real life term, tunnelling is compared to 'encapsulating' a present (original packet) in a box (second wrapper) for delivery through the postal service.
Reasons for Tunnelling
There are many reasons why an organization may choose to implement a network tunnel. A few examples are listed below.
Lower communications cost: as it eradicates the need for expensive leased lines because tunnels can operate on Public switched telephone network (PSTN) lines .It will significantly reduce the number of national and international calls.
Lower administration: network administrators need only manage and secure their remote access servers. They only have to manage only user accounts and don't need to worry about supporting complex hardware configurations
Improves organization efficiency: many employees are field based or work from home. Having the ability to access the company's server for resources is a great convenience and productivity improvement.
Improves Security: The use of authentication and encryption protocols helps to protect the data that is transmitted through the tunnel.
Point To Point Tunnelling Protocol
The Point to Point Tunnelling Protocol (PPTP) is a protocol that is used to tunnel Point to Point Protocol (PPP) connections inside an IP network, creating a Virtual Private Network (VPN)
PPTP was developed by PPTP Forum, This was a group of companies that included Microsoft; Ascend, US Robotics and. 3Com.PPTP is one of the most commonly implemented tunnelling protocols. This is mainly due to the fact that it's supported by windows clients and it's fairly simple to configure and maintain. PPTP has the capacity to provide on demand, multi protocol for VPNs utilizing public networks for example, the Internet.
PPTP is an expansion of the Point-to-Point protocol (PPP) RFC 1661. PPTP works at the datalink layer of the OSI model. The authentication process used by PPTP is identical to PPP. PPP has four main authentication protocols which are:
Password Authentication Protocol (PAP) RFC1334 this allows for clear text authentication of a username and password. It is not a secure protocol due to the fact that if PAP packets are captured by a between server and remote clients, it would be possible to figure out remote user's password. It also vulnerable to reply attacks.
Challenge Handshake Authentication Protocol (CHAP) RFC1994 is a more secure authentication protocol than PAP. It works by ensuring that both the server and user know the plain text of the secret, even though it's never sent over the link. The process is carried out when the initial link is created and at regular intervals during the connection to verify the identity of the remote user. It's also known as a three way handshake.
Microsoft Challenge Handshake Authentication Protocol (MS CHAP) RFC 2433. This is a Microsoft extension of CHAP. It follows the three way handshake method like CHAP.MS CHAP works by ensuring that the server stores a digital signature of the user instead of their password. This allows for greater level of security.
MS-CHAPv2. v2 RFC 2759 Microsoft developed an enhanced version of MS-CHAP. The encryption authentication process was revised, where each network device has to authenticate to each other. This method creates two unidirectional data pipes. Through these pipes a different encryption key is used for each connection between the devices.
(Kory Hamzeh,Gurdeep Singh Pall,William Verthein,Jeff Taarud,W. Andrew Little,Glen Zorn, 1999-07) (Gurdeep Singh Pall and Glen Zorn, 2001-03)
There is no encryption with PPTP as it only establishes the tunnel. The encryption technology used by PPTP is Microsoft Point to Point Encryption (MPPE) protocol RFC 3078.MPPE uses the RSA RC4 algorithm and at the present time supports 40-bit, 56-bit and 128-bit session keys.
Diagram of a PPTP Containing an IP Datagram
Structure of PPTP Packet Containing IP Datagram
The PPTP consist of 3 main parts:
Control Connection that runs over the TCP (port 1723)
The main data packets which are encapsulated using GRE and routed through the IP tunnel
The main IP tunnel used for routing the packets which are encapsulated by GRE
Layer 2 Tunnelling Protocol
Layer 2 Tunnelling Protocol (L2TP) RFC 2661 is a protocol used to tunnel data traffic between two points using the Internet. L2TP was developed by Microsoft and Cisco to combine features of PPTP with that of Cisco's Layer 2 Forwarding (L2F) protocol RFC2341.L2TP is capable of supporting non-TCP/IP clients and protocols for example Frame Relay and Asynchronous Transfer Mode (ATM). L2TP is similar to PPTP as it works at the datalink layer of the OSI model and encapsulates the data into PPP frames and transmits these across the connection. To maintain the tunnel and user data L2TP uses UDP for encapsulation. An added security feature of L2TP it can be put in the payload of an internet protocol security (IPSec) packet. This combination is sometimes known as L2TP over IPSec or L2TP/IPSec RFC 3193.
Internet Protocol Security
Internet protocol security (IPSec) RFC 2401 IPSec is a set of IP extensions developed by Internet Engineering Task Force (IETF) that works at the network layer of the OSI model. This provides the current IPv.4 and IPv.6 standard with a compatible security service. IPSec is capable of securing any protocols that runs on top of IP, for example TCP and UDP. IPSec provides cryptographic security services which allows for authentication, access control, integrity and privacy.
L2TP uses the same authentication protocols as PPTP.
L2TP can also use IPSec for authentication. This has two stages of authentication.
Device level authentication: By using pre shared keys or certificates for IPSec sessions
User authentication: A PPP authentication protocol is used for the L2TP tunnel.
IPSec is capable of providing end to end encryption for data that is transmitted between the sending and receiving devices.
There is no encryption provided by L2TP it relies on a separate encryption protocol inside the tunnel to ensure data security. To encrypt the data in the tunnels L2TP can use MPPE or IPSec Encryption Strength: Advanced Encryption Standard (AES) 256, AES 192, AES 128, and 3DES encryption algorithms
Diagram of L2TP Packet Containing an IP Datagram
Structure of L2TP Packet Containing an IP Datagram
Diagram of L2TP/IPSec Packet Containing an IP Datagram