A VPN primer

A virtual private network (VPN) uses a public or shared network (such as

the Internet or a campus intranet) to create a secure, private network connection

between a client and a server. The VPN client cloaks each packet in a wrapper

that allows it to sneak (or tunnel) unnoticed through the shared network.

When the packet gets to its destination, the VPN server removes the wrapper,

deciphers the packet inside and processes the data.

There are two varieties of VPNs, and they differ primarily in their approach

to protecting your data: PPTP and L2TP. The oldest and simplest type of

VPN uses the point-to-point tunneling protocol (PPTP).

PPTP's data encryption algorithm — MPPE, or Microsoft point-to-point

encryption — uses the client's log-in password to generate the encryption

key. This is controversial because hackers are always finding ways to acquire

passwords. What's more, early versions of Microsoft PPTP had flaws that

could expose tunneled data to inspection by hackers. Microsoft has since

patched PPTP for all versions of Windows, but skeptics remain wary of it.

The more secure alternative to PPTP is L2TP (Layer 2 Tunneling Protocol).

L2TP is another Microsoft development merging elements of PPTP with Layer

2 Forwarding, a Cisco Systems Inc. packet encapsulation scheme. L2TP alone

is not secure, so it is almost invariably paired with a fast-growing encryption

standard called IPSec (Internet Protocol security).

Implemented properly, IPSec is virtually impenetrable. Ideally, IPSec

encryption employs triple Data Encryption Standard (3DES) based on ANSI

X.509 security certificates. Electronic certificates, issued internally

or by a public authority such as Verisign Inc., irrefutably identify the

client and server. 3DES encryption (ANSI X9.52) stiffens standard 56-bit

encryption keys — which can be broken only with considerable effort — by

applying the encryption algorithm three times.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.