Tunneling in the VPN Environment

Tunneling and Client/Server Remote Access

The virtual private network is the extension of a private network into the internet. The VPN expands the ability of user to connect and access the network across larger geographies using point to point connections and tunneling protocols. These protocols work by allowing a network user to connect with the corporate network remotely (Microsoft, 2016). There are two forms of tunneling: voluntary and compulsory which establish a means for a foreign protocol to cross a network which does not support it. VPN automatically encrypts the data in the tunnels as it travels into the network. The two forms of tunneling are best described as:

Voluntary tunneling: network connection is managed by the VPN client in which the client will make a connection their ISP or carrier network provider and the VPN application creates a “tunnel” or secured connection. This form of tunnel is created on a live connection (Microsoft, 2016).

Compulsory Tunneling: In compulsory tunneling the VPN connection is managed by the carrier network provider. The connection is made the same as voluntary tunneling but the carrier, rather then the application, will create a secure connection between the VPN server and the client (Microsoft, 2016).

Tunneling provides security to corporate networks by encrypting the client tunnels allowing the VPN to operate in the public sphere. In a VPN, the computers at each end of the tunnel encrypt and decrypt data. Protocols are needed with tunneling such as internet protocol security protocol (IPSec) which creates an authentication between client and server that is based on the negotiation of keys (Microsoft, 2016). This protocol allows for data to remain encrypted while in the tunnel.

IPSec is a common security method which works for many companies because of the following protections and benefits:

· Network-based attacks from untrusted computers, attacks that can result in the denial-of-service of applications, services, or the network [protection]
· Data corruption [protection]
· Data theft [protection]
· User-credential theft [protection]
· Administrative control of servers, other computers, and the network [ease of access] (Microsoft, 2016).

However, it has the serious disadvantage of not being a strong means of tunneling that uses remote access VPN and is only good for site to site. This is best used in situations where employees may be working from home and need corporate intranet access (Microsoft, 2016). This can control the access by having the network administrators create IPSec protocols on employee computers. This is a good setup in situations where there is low demand for remote access to the corporate network.

References

Microsoft. (2016, March 28). What is IPSec? Retrieved from Microsoft TechNet: https://technet.microsoft.com/en-us/library/cc776369(v=ws.10).aspx

Photo by Petter Lagson on Unsplash