Selection of VPN Solutions

24 Aug

Over the last decade (and specifically since the revision of the encryption export control regulations); there has been a considerable amount of research, development, and adoption of VPN technology sets used by not only business and government, but also in consumer markets. Indeed protection of data while in transit, and at rest, is a best practice in industry, a requirement in Government, and is finding use in a growing number of commercial applications. Given the wide array of available technology, the question of which type is best doesn’t really need to be asked. Use of techniques at the application layer such as SSL and SSH, technologies at the transport layer such as IPsec or PPTP, at the link level with L2TP, and while at rest using either hardware or software disk encryption can all be used together to ensure that data confidentiality and integrity is maintained throughout its lifecycle. Even with this complete stack, these protocol selections only touch on the various options, combinations and uses of encryption within each layer.

Given so many options, the selection of which technology to use – like many other things in IT must be based on the answer to “what is it you are trying to do”, “who is going to be using the system”, and “what are your requirements”. At the client end, the simplicity of implementation has become nearly trivial. Window 7, for example, provides native support for IKEv2, PPTP, L2TP/IPsec, and SSTP with a single drop-down selection. Authentication protocols for these can be matched with current infrastructure requirements, and data encryption algorithms can enforce data protection by encrypting within the established tunnel. With so many options, the classification of type will depend on what the requirement is. Should it be classified by authentication mechanism, by layer of operation, by supported encryption strength, or by the endpoints being connected? The short answer is … it depends on what the VPN intends to accomplish.

At its most basic however, the VPN is designed to provide remote-connectivity from one system to another. This connectivity may be to support remote device (e.g. a travelling laptop) access to the corporate LAN, or to interconnect LANs to each other in a MAN/WAN scenario. The purpose of either approach, at its simplest is to provide secure connectivity between these systems for the purpose of protecting the confidentiality and integrity of data in transit. Given the vast array of options as endpoint devices, software methods, hybrid approaches and the various protection levels (and associated cost) that can be provided by each … selection is in the eye of the beholder.


Leave a comment

Posted by on August 24, 2012 in Information Technology


Have Something to Add?

Loading Facebook Comments ...

Join the conversation!

%d bloggers like this: