Types of VPN
Secure VPNs use cryptographic tunneling protocols to provide the intended confidentiality (blocking snooping and thus Packet sniffing), sender authentication (blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. This has been the usually intended purpose for VPN for some years.
Because such choice, implementation, and use are not trivial, there are many insecure VPN schemes available on the market.
Secure VPN technologies may also be used to enhance security as a "security overlay" within dedicated networking infrastructures.
Secure VPN protocols include the following:
- IPsec (IP security) – commonly used over IPv4, and an obligatory part of IPv6.
- SSL/TLS used either for tunneling the entire network stack, as in the OpenVPN project, or for securing what is, essentially, a web proxy. SSL is a framework more often associated with e-commerce, but it has been built-upon by vendors like Aventail and Juniper to provide remote access VPN capabilities. A major practical advantage of an SSL-based VPN is that it can be accessed from any public wireless access point that allows access to SSL-based e-commerce websites, whereas other VPN protocols may not work from such public access points.
- OpenVPN, an open standard VPN. Clients and servers are available for all major operating systems.
- PPTP (Point-to-Point Tunneling Protocol), developed jointly by a number of companies, including Microsoft.
- L2TP (Layer 2 Tunneling Protocol), which includes work by both Microsoft and Cisco.
- L2TPv3 (Layer 2 Tunneling Protocol version 3), a new release.
- VPN Quarantine The client machine at the end of a VPN could be a threat and a source of attack; this has no connection with VPN design and is usually left to system administration efforts. There are solutions that provide VPN Quarantine services which run end point checks on the remote client while the client is kept in a quarantine zone until healthy. Microsoft ISA Server 2004/2006 together with VPN-Q 2006 from Winfrasoft or an application called QSS (Quarantine Security Suite) provide this functionality.
- MPVPN (Multi Path Virtual Private Network). MPVPN is a registered trademark owned by Ragula Systems Development Company. See Trademark Applications and Registrations Retrieval (TARR)
Some large ISPs now offer "managed" VPN service for business customers who want the security and convenience of a VPN but prefer not to undertake administering a VPN server themselves. In addition to providing remote workers with secure access to their employer&qt;&qt;s internal network, other security and management services are sometimes included as part of the package. Examples include keeping anti-virus and anti-spyware programs updated on each client&qt;&qt;s computer.
Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider&qt;&qt;s network to protect the traffic. In a sense, these are an elaboration of traditional network and system administration work.
- Multi-Protocol Label Switching (MPLS) is often used to build trusted VPN.
- L2F (Layer 2 Forwarding), developed by Cisco, can also be used.
Mobile VPN – A secure remote access solution designed for mobile and wireless users. A Mobile Virtual Private Network (Mobile VPN) integrates standards-based authentication and encryption technologies to secure data transmissions to and from devices and to protect networks from unauthorized users. Designed for wireless environments, Mobile VPNs are designed as an access solution for users that are on the move and require secure access to information and applications over a variety of wired and wireless networks. Mobile VPNs allow users to roam seamlessly across IP-based networks and in and out of wireless coverage areas without losing application sessions or dropping the secure VPN session. For instance, highway patrol officers require access to mission-critical applications in order to perform their jobs as they travel across networks.