VPN (Virtual Private Network) is a technology that implies a collection of secure private connections over a public internet environment using specialized transfer protocols and safety measures.
The history of VPN begins in distant 1996 when one of Microsoft’s employees developed the basic principles of the PPTP protocol. Nowadays, there are much more modern and advanced private network protocols; however, at the time, it was a significant breakthrough in the field of internet security that helped to completely prevent intrusion into private communications, rather than dealing with the aftermaths of malicious activity (hacker attacks, packet interception, actions of malware or viruses, etc.).
What are the Reasons to Use a VPN?
So how do you know if you need to use a VPN?
Firstly, using a VPN provides a certain degree of privacy. Protection of the data that you send over a network is vital – whether it is a corporate file, a password to access your email, or your private correspondence.
Secondly, a VPN allows distributed branch offices and remote staff to use internal corporate services and access confidential documents without the risk of compromising enterprise security.
What Types of VPN are there?
The first type is used to organize a permanent connection between distributed local network segments (for example, to construct a unified corporate network between a central office and its physically remote branches). It is noteworthy that such networks can be extrapolated to businesses of completely different scales – the smallest companies, medium enterprises, right up to international giants.
Conversely, Remote Access VPN allows implementing temporal secure access to a corporate network for a remote user wherever they need to connect to the internet. As a rule, this method of secure connection is used by individual employees (1, 2) who perform their duties at home or in any other place physically remote from the office.
VPN Connection Protocols
And now let’s look at some of the most popular protocols used to build a VPN. The choice in favor of one or another is made depending on your specific requirements for the VPN, deployment budget, and required security level.
PPTP is aimed at organizing data transfer using a point-to-point communication protocol (PPP) by encapsulating the PPP frames into TCP/IP frames and sending them through tunnels created over existing internet connections. Despite the fact that the standard itself is not certified by IETF, a lot of VPN clients/servers for all the major platforms, including mobile, can create PPTP communications. User authorization is conducted using a simple password. Neither data transfer itself nor authentication is encrypted.
Despite its age, PPTP-based VPN continues to be one of the most popular types of private network, both for business and personal use.
Two major advantages of this type of VPN are the absence of specific hardware and software requirements and the simplicity of the authentication: a user only needs to enter a server address and password.
In recent years, many methods to compromise this protocol were discovered. Moreover, due to the specifics of the connection, forwarding PPTP through firewalls is a complicated task. Of course, PPTP is safer than a standard TCP connection, but of all the VPN protocols it is the least secure.
Layer 2 Tunneling Protocol is a communication protocol that combines the features of Layer 2 Forwarding protocol (L2F) developed by Cisco with Microsoft’s PPTP protocol. This protocol allows organizing VPNs according to specified access priorities. At the same time, it does not have any means of encryption or authentication per se. For this reason, to create the most secure VPN, this protocol is used in conjunction with IPSec, which will be discussed in the next section.
Despite some features derived from PPTP, a VPN built over L2TP is considered an order of magnitude more secure than that protocol.
Internet Security Protocol (IPsec), in fact, is a set of protocols, security measures, and cryptographic services, used to organize protected transmissions over the internet. All the data packets are encrypted, which ensures an enhanced level of connection safety.
The main nuance of working with IPsec is that in the process of establishing a connection, endpoints of a secure channel need to generate and negotiate several parameters, namely, access keys and protocols for data encryption.
There are two modes in which this protocol works: transport (in which the messages themselves are encrypted inside the packets transmitted through the tunnel) and tunnel (when implemented, each data packet is encrypted). It is noteworthy that IPSec can be used in conjunction with other protocols for the implementation of both types of VPN. The only problem with implementing IPsec-based solutions is the rather complicated setup and configuration process.
SSL is a socket-level security protocol. TLS (Transport Layer Security) is a protocol that ensures transport layer security and is based on the SSL 3.0 specification. These two protocols perform the same task: providing secure transmission of data packets between two computers.
For authentication, SSL/TLS use either certificates released by the respective authorities or pre-distributed keys (the latter, by the way, are not supported by all SSL/TLS based VPN implementations). Systems using the SSL/TLS protocols have the same drawbacks as those based on PKI (public key infrastructure). Another security nuance is the possibility to compromise the connection using client device vulnerabilities.
Multiprotocol Label Switching (MPLS) is ideal for implementing Site-to-Site VPNs. In fact, it is one of the most flexible and customizable options, which can be tuned to any network architecture.
MPLS labels form the Label Switch Paths (LSP), defining the forwarding direction at each node of the network. As opposed to the traditional routing scheme with long IP addresses and sizeable routing tables, MPLS provides much faster switching. This ensures high speed in processing traffic, network address transparency, communication confidentiality, scalability, and well-defined control boundaries.
Despite the fact that the use of MPLS in the case of VPN may seem absurd at a first glance, in practice such networks provide many advantages.
While traditional VPN technology provides information transfer over encrypted tunnels at the third (network) layer of OSI (the encryption makes it impossible for outsiders to read the headers and contents of the transmitted packets), MPLS VPN does not use any encryption: here the packets are simply transmitted over the MPLS label route. Contents of the labeled traffic can be read only by endpoints.
From the point of view of users, the undoubted advantages of MPLS are a significant increase in QoS (quality of service) and significantly simpler construction of VPN access protection. Also, when using MPLS, you can transfer any data since the contents of the packet remain unchanged throughout the path, and only the labels are replaced.
The only drawback of MPLS VPN services is the relatively high cost of their implementation and operation.
Which Protocol Would Be Perfect in your Case?
In order to understand which protocol for VPN implementation would be the best in your case, first of all, decide on the required level of network security (the maximally secure option would be a Hybrid VPN based on IPSec and MPLS protocols). Next, decide on the implementation budget. Once you have defined these two points, the choice will be much easier.
Let’s sum up. As you can see, the large variety of protocols for implementing VPN in most cases complicates the procedure of choosing one of them. If you want to entrust the construction of a network to true professionals, contact us at Sirin Software! Our team includes highly trained IT experts, who will not only provide you with qualified help but offer the best possible solution. You can ascertain this by contacting us today.