Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Desktop virtualization cheat sheet
IBM cat brain simulation dismissed as 'hoax' by rival scientist
Microsoft issues security advisory on IE exploit, patch in works
Cisco pedigree wins over VCs
NASA’s Atlantis leaves space station, targets Earth
Google Chrome: Redefining end user computing
Porn plus Facebook can lead to embarrassment, perhaps worse
De-Worm Your iPhone
Microsoft begins paving path for IT, cloud integration
Ciena will pay $769M for Nortel's metro Ethernet business
Malware enlists jailbroken iPhones for botnet
Check Point tackles Web 2.0 apps and social-site widget control
Cisco's free iPhone app grabs security feeds
New attack fells Internet Explorer
Global warming research exposed after hack
/

Protocols serve up VPN security

Related linksToday's breaking news
Send to a friendFeedback

By GREG MARCOTTE
Network World, 05/31/99

As the need to securely open corporate LANs to telecommuters and disparate corporate sites grows, virtual private networks (VPN) continue to meet the demand. VPNs - which establish private, secure sessions between two or more LANs or between remote users and a LAN - use the Internet or private IP networks to distribute data and enable corporations to eliminate additional, often expensive, dedicated lines or remote access servers.

Today, network executives must weigh two protocols that specify how VPNs should be built. The Point-to-Point Tunneling Protocol (PPTP) and IP Security (IPSec) protocol enable private sessions over the Internet and securely link remote users to corporate networks. The protocols also possess relative strengths and weaknesses in data security and ease of deployment. Network managers must determine which VPN protocol best suits the need of their organizations.

Diagram of how PPTP works

PPTP vs. IPSec security

Spearheaded by Microsoft and US Robotics, PPTP was first intended for dial-up VPNs. The protocol was meant to augment remote access usage by letting users dial in to local ISPs and tunnel into their corporate networks. Unlike IPSec, PPTP was not intended to address LAN-to-LAN tunneling when it was first created.

PPTP extends PPP - a protocol that defines point-to-point connections across an IP network. PPP is widely used to connect dial-up and broadband users to the public Internet or private corporate networks. Because PPP functions at Layer 2, a PPTP connection that encapsulates PPP packets allows users to send packets other than IP, such as IPX or NetBEUI. IPSec, on the other hand, functions at Layer 3 and is only able to provide the tunneled transport of IP packets.

The encryption method commonly used in PPTP is defined at the PPP layer. Typically, the PPTP client is the Microsoft desktop, and the encryption protocol used is Microsoft Point-to-Point Encryption (MPPE). MPPE is based on the RSA RC4 standard and supports 40-bit or 128-bit encryption. Although this level of encryption is satisfactory for many applications, it is generally regarded as less secure than some of the encryption algorithms offered by IPSec, particularly 168-bit Triple-Data Encryption Standard (DES).

Protect and serve

Meanwhile, IPSec was built for secure tunneling over the Internet between protected LANs. It was meant for a connection with a remote office, another LAN or corporate supplier. For instance, a large automotive company could use an IPSec VPN to securely connect its suppliers and support purchases orders over the 'Net.

IPSec also supports connections between remote users and corporate networks. Similarly, Microsoft added LAN-to-LAN tunneling support for PPTP in its Routing and Remote Access Server for Windows NT Server 4.0.

When it comes to strong encryption and data integrity, IPSec is generally regarded as superior. The protocol combines key management with support for X.509 certificates, information integrity and content security. Furthermore, 168-bit Triple-DES encryption, the strongest form of encryption available in IPSec, is more secure than 128-bit RC4 encryption. IPSec also provides packet-by-packet encryption and authentication and prevents the "man-in-the-middle attack," in which data is intercepted by a third party, reconstructed and sent to the receiver.

PPTP, however, is vulnerable to such assaults, primarily because it authenticates sessions but not individual packets. Note, however, that mounting a successful man-in-the-middle attack against a PPTP connection would take considerable effort and know-how.

For many corporations, the ability to run PPTP from the Windows platform (it supports Windows NT, 95 and 98) can make deploying and maintaining a VPN seamless. For others, PPTP is perceived as less secure than IPSec.

It is important to bear in mind, however, if deploying a VPN for remote users, IPSec requires an organization to load specialized client software on each desktop. Client software deployment and maintenance are a weighty undertaking that must be considered. In terms of simplicity, PPTP is substantially easier to deploy.

diagram


Feedback

Tell us your thoughts on this article or the issues raised in it. We'll cc: the author and editors on all comments.

Comments:

Name:
E-mail address:

Can we post your comments in an online forum on the topic?
Yes No

What did you think of this article?
Very useful Somewhat useful Not at all useful

Would you want to see:
More articles on this topic
Fewer articles on this topic

Thank you! When you click Submit, you'll be taken back to this article.

Related Links

 
NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.