Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Introduction to cyber security: stay safe online
Introduction to cyber security: stay safe online

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

2.1 Securing the tunnels

Described image
Figure 4

The VPN path or tunnel between the VPN client and the VPN server relies on encryption to protect the data from interception or modification as it travels across the internet.

Encryption

In a VPN, encryption and decryption is typically performed by the client and server software. Early VPN solutions used proprietary encryption techniques, but shortcomings in many of these methods has forced a switch to public encryption standards.

Authenticity and integrity

It is vital to ensure that information can be trusted – that it is coming from an authenticated user and that it has not been altered in transit. VPNs use a number of methods to ensure authenticity:

  • hashes (see Week 5)
  • digital signatures (see Week 5)
  • message authentication codes (MACs).

MACs are appended to messages and act as an authenticator. They are similar in principle to digital signatures, but the hash is encrypted and decrypted using the same secret key (i.e. using symmetric encryption).

VPN protocols

There are three main forms of VPN protocol currently in use:

PPTP (Point to Point Tunnelling Protocol)

PPTP was designed in a consortium led by Microsoft, which included an implementation of the protocol as a standard component of Windows NT 4. Microsoft also released PPTP as a free add-on to Windows 95 and Windows 98, allowing users of (at the time) the most popular version of Windows to access corporate networks.

PPTP proved unsuited to large companies (being limited to 255 connections per server), but more seriously, the PPTP standard did not settle on a single form of user authentication or encryption; therefore two companies could offer software supporting PPTP, yet each product would be incompatible with the other! From Windows 2000 onwards, Microsoft replaced PPTP with L2TP (see below).

L2TP (Layer 2 Tunnelling Protocol)

This is an adaptation of a VPN protocol known as L2F originally developed by Cisco to compete with PPTP. In an attempt to improve L2F, a successor was devised by a group composed of the PPTP Forum, Cisco and the Internet Engineering Task Force (IETF). L2TP combines features of both PPTP and L2F.

IPSec (Internet Protocol Security)

IPSec was designed by an international committee (The Internet Engineering Task Force (IETF)) in 1992 with a first draft standard published in 1995, the revised standard was published in 1998. IPSec is now the most widely supported protocol with backing from Intel, IBM, HP/Compaq and Microsoft (among others).

IPSec has gained a reputation for security thanks to its use of well-known and trusted technologies. Rather than invent new techniques for encryption, the designers of the protocol built their system on top of existing encryption technologies, which had, in themselves been subjected to intense scrutiny.

In the next section you’ll discover how secure VPN access can be.

OpenVPN

This is an Open Source VPN developed in 2004 based on the SSL/TLS protocol. It is designed to be simpler to set up and operate. More information can be found at: https://community.openvpn.net/ openvpn/ wiki/ OverviewOfOpenvpn#OpenVPNOSS [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)]