It encapsulates data transfers between two or more networked devices not on the same private
network so as to keep the transferred data private from other devices on one or more intervening local
or wide area networks. There are many different classifications, implementations, and uses for VPNs.
Mechanism
Secure VPNs use cryptographic tunneling protocols to provide confidentiality by blocking
intercepts and packet sniffing, allowing sender authentication to block identity spoofing, and provide
message integrity by preventing message alteration.
IPsec (Internet Protocol Security) was originally developed for IPv6, which requires it. This standards-
based security protocol is also widely used with IPv4. L2TP frequently runs over IPsec.
Transport Layer Security (SSL/TLS) can tunnel an entire network's traffic, as it does in the OpenVPN
project, or secure an individual connection. A number of vendors provide remote access VPN capabilities
through SSL. An SSL VPN can connect from locations where IPsec runs into trouble with Network
Address Translation and firewall rules. However, SSL-based VPNs use Transmission Control Protocol
(TCP) and so may be vulnerable to denial-of-service attacks because TCP connections do not
authenticate.
Datagram Transport Layer Security (DTLS), is used in Cisco's next-generation VPN product, Cisco
AnyConnect VPN, to solve the issues SSL/TLS has with tunneling over TCP.
Microsoft's Microsoft Point-to-Point Encryption (MPPE) works with their PPTP and in several compatible
implementations on other platforms.
Microsoft introduced Secure Socket Tunneling Protocol (SSTP) in Windows Server 2008 and Windows
Vista Service Pack 1. SSTP tunnels Point-to-Point Protocol (PPP) or L2TP traffic through an SSL 3.0
channel.
MPVPN (Multi Path Virtual Private Network). Ragula Systems Development Company owns the
registered trademark "MPVPN".[2]
Secure Shell (SSH) VPN -- OpenSSH offers VPN tunneling to secure remote connections to a network
or inter-network links. This should not be confused with port forwarding. OpenSSH server provides
limited number of concurrent tunnels and the VPN feature itself does not support personal authentication
Authentication
Tunnel endpoints must authenticate before secure VPN tunnels can establish.
User-created remote access VPNs may use passwords, biometrics, two-factor authentication or other
cryptographic methods.
Network-to-network tunnels often use passwords or digital certificates, as they permanently store the
key to allow the tunnel to establish automatically and without intervention.
Routing
Tunneling protocols can be used in a point-to-point topology that would theoretically not be considered a
VPN, because a VPN by definition is expected to support arbitrary and changing sets of network nodes.
But since most router implementations support software-defined tunnel interface, customer-provisioned
VPNs often are simply defined tunnels running conventional routing protocols.
On the other hand provider-provided VPNs (PPVPNs), need to support coexisting multiple VPNs, hidden
from one another, but operated by the same service provider.
________________________________________________________________________________________
Page -1
TERMINOLOGY SIMPLIFIED
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data
encryption and authentication between applications in scenarios where that data is being sent across
an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms
SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in
fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is
sometimes referred to as SSL 3.1. With this said though, is there actually a difference between the two?
Both Internet security protocols ensure that your data is encrypted as it is transmitted across the
Internet. They also both enable you to be sure that the server that you are communication with is the
server you intend to contact and not some “middle man eavesdropper”. This is possible because servers
that support SSL and TLS must have certificates issued to them by a trusted third party, like Verisign or
Thawte. These certificates verify that the domain name they are issued for really belongs to the server.
Your computer will issue warnings to you if you try to connect to a server and the certificate that it gets
back is not trusted or doesn’t match the site you are trying to connect to.
If you are mostly concerned about your level of security, you can’t really go wrong choosing either SSL
or TLS.
Rapid Application Development (RAD) refers to a type of software development methodology that
uses minimal planning in favor of rapid prototyping. The "planning" of software developed using RAD is
interleaved with writing the software itself. The lack of extensive pre-planning generally allows software
to be written much faster, and makes it easier to change requirements.
________________________________________________________________________________________
Page -2
TERMINOLOGY SIMPLIFIED
________________________________________________________________________________________
Page -3