• Choose a category
• All
• Classic-Fiction

Remote users who connect directly to a system using dial-up connections don’t necessarily need to have encryption capabilities enabled. If the connection is direct, the likelihood that anyone would be able to tap an existing phone line is relatively small. However, you should make sure that connections through a network use an encryption-oriented tunneling system.

Working with Tunneling Protocols

Tunneling protocols add a capability to the network: the ability to create tunnels between networks that can be more secure, support additional protocols, and provide virtual paths between systems. The best way to think of tunneling is to imagine sensitive data being encapsulated in other packets that are sent across the public network. Once they’re received at the other end, the sensitive data is stripped from the other packets and recompiled into its original form.

The most common protocols used for tunneling are as follows: Point-to-Point Tunneling Protocol Point-to-Point Tunneling Protocol (PPTP) supports encapsulation in a single point-to-point environment. PPTP encapsulates and encrypts PPP packets. This makes PPTP a favorite low-end protocol for networks. The negotiation between the two ends of a PPTP connection is done in the clear. After the negotiation is performed, the channel is encrypted. This is one of the major weaknesses of the PPTP protocol. A packet-capture device, such as a sniffer, that captures the negotiation process can potentially use that information to determine the connection type and information about how the tunnel works. Microsoft developed PPTP and supports it on most of the company’s products. PPTP uses port 1723 and TCP for connections.

Layer 2 Forwarding Layer 2 Forwarding (L2F) was created by Cisco as a method of creating tunnels primarily for dial-up connections. It’s similar in capability to PPP and shouldn’t be used over WANs. L2F provides authentication, but it doesn’t provide encryption. L2F uses port 1701 and TCP for connections.

Layer 2 Tunneling Protocol Relatively recently, Microsoft and Cisco agreed to combine their respective tunneling protocols into one protocol: Layer 2 Tunneling Protocol (L2TP). L2TP is a hybrid of PPTP and L2F. It’s primarily a point-to-point protocol. L2TP supports multiple network protocols and can be used in networks besides TCP/IP. L2TP works over IPX, SNA, and IP, so it can be used as a bridge across many types of systems. The major problem with L2TP is that it doesn’t provide data security: The information isn’t encrypted. Security can be provided by protocols such as IPSec. L2TP uses port 1701 and UDP for connections.

Secure Shell Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is now available for use on Windows systems as well. This makes it the preferred method of security for Telnet and other cleartext-oriented programs in the Unix environment. SSH uses port 22 and TCP for connections.

Internet Protocol Security Internet Protocol Security (IPSec) isn’t a tunneling protocol, but it’s used in conjunction with tunneling protocols. IPSec is oriented primarily toward LANTO-LAN connections, but it can also be used with dial-up connections. IPSec provides secure authentication and encryption of data and headers; this makes it a good choice for security. IPSec can work in either Tunneling mode or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload.

Real World Scenario

Connecting Remote Network Users

Your company wants to support network connections for remote users. These users will use the Internet to access desktop systems and other resources in the network. What would you advise the company to consider?

You should advise