2.1 Securing the tunnels
This section is part of the amber and green pathways.
The VPN path or tunnel between the VPN client and the VPN server relies on encryption to protect the data from interception or modification as it travels across the internet.
In a VPN, encryption and decryption is typically performed by the client and server software. Early VPN solutions used proprietary encryption techniques, but shortcomings in many of these methods has forced a switch to public encryption standards.
Authenticity and integrity
It is vital to ensure that information can be trusted – that it is coming from an authenticated user and that it has not been altered in transit. VPNs use a number of methods to ensure authenticity:
- hashes (see Week 5)
- digital signatures (see Week 5)
- message authentication codes (MACs).
MACs are appended to messages and act as an authenticator. They are similar in principle to digital signatures, but the hash is encrypted and decrypted using the same secret key (i.e. using symmetric encryption).
There are three main forms of VPN protocols, namely:
- PPTP (Point to Point Tunnelling Protocol)
- L2TP (Layer 2 Tunnelling Protocol)
- IPSec (Internet Protocol Security)
IPSec has gained a reputation for security thanks to its use of well-known and trusted technologies and is currently the most popular VPN protocol.
This is an Open Source VPN developed in 2004 based on the SSL/TLS protocol. It is designed to be simpler to set up and operate. More information can be found at:
OpenVPN is a popular tool used for accessing VPN services. It is an Open Source VPN developed in 2004 based on the SSL/TLS protocol. It is designed to be simpler to set up and operate.
More information can be found on the OpenVPN site.
There are several such VPN tools available. A list of a few free VPN tools can be found in this PCMag article.
In the next section you’ll discover how secure VPN access can be.