TERMINOLOGY SIMPLIFIED

Virtual Private Network

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure
and their technology such as the Internet, to provide remote offices or individual users with secure
access to their organization's network. It aims to avoid an expensive system of owned or leased lines
that can be used by only one organization. The goal of a VPN is to provide the organization with the
same secure capabilities but at a much lower cost.

It encapsulates data transfers between two or more networked devices not on the same private
network so as to keep the transferred data private from other devices on one or more intervening local
or wide area networks. There are many different classifications, implementations, and uses for VPNs.
Mechanism
Secure VPNs use cryptographic tunneling protocols to provide confidentiality by blocking
intercepts and packet sniffing, allowing sender authentication to block identity spoofing, and provide
message integrity by preventing message alteration.

Secure VPN protocols include the following:

IPsec (Internet Protocol Security) was originally developed for IPv6, which requires it. This standards-
based security protocol is also widely used with IPv4. L2TP frequently runs over IPsec.
Transport Layer Security (SSL/TLS) can tunnel an entire network's traffic, as it does in the OpenVPN
project, or secure an individual connection. A number of vendors provide remote access VPN capabilities
through SSL. An SSL VPN can connect from locations where IPsec runs into trouble with Network
Address Translation and firewall rules. However, SSL-based VPNs use Transmission Control Protocol
(TCP) and so may be vulnerable to denial-of-service attacks because TCP connections do not
authenticate.
Datagram Transport Layer Security (DTLS), is used in Cisco's next-generation VPN product, Cisco
AnyConnect VPN, to solve the issues SSL/TLS has with tunneling over TCP.
Microsoft's Microsoft Point-to-Point Encryption (MPPE) works with their PPTP and in several compatible
implementations on other platforms.
Microsoft introduced Secure Socket Tunneling Protocol (SSTP) in Windows Server 2008 and Windows
Vista Service Pack 1. SSTP tunnels Point-to-Point Protocol (PPP) or L2TP traffic through an SSL 3.0
channel.
MPVPN (Multi Path Virtual Private Network). Ragula Systems Development Company owns the
registered trademark "MPVPN".[2]
Secure Shell (SSH) VPN -- OpenSSH offers VPN tunneling to secure remote connections to a network
or inter-network links. This should not be confused with port forwarding. OpenSSH server provides
limited number of concurrent tunnels and the VPN feature itself does not support personal authentication
Authentication
Tunnel endpoints must authenticate before secure VPN tunnels can establish.

User-created remote access VPNs may use passwords, biometrics, two-factor authentication or other
cryptographic methods.

Network-to-network tunnels often use passwords or digital certificates, as they permanently store the
key to allow the tunnel to establish automatically and without intervention.

Routing
Tunneling protocols can be used in a point-to-point topology that would theoretically not be considered a
VPN, because a VPN by definition is expected to support arbitrary and changing sets of network nodes.
But since most router implementations support software-defined tunnel interface, customer-provisioned
VPNs often are simply defined tunnels running conventional routing protocols.

On the other hand provider-provided VPNs (PPVPNs), need to support coexisting multiple VPNs, hidden
from one another, but operated by the same service provider.

________________________________________________________________________________________
Page -1
 TERMINOLOGY SIMPLIFIED

SSL versus TLS – What’s the difference?

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data
encryption and authentication between applications in scenarios where that data is being sent across
an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms
SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in
fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is
sometimes referred to as SSL 3.1. With this said though, is there actually a difference between the two?

Is one more secure than the other?

While SSL and TLS differ in ways that make them inoperable with each other, they are generally
considered equal in terms of security. The main difference is that, while SSL connections begin with
security and proceed directly to secured communications, TLS connections first begin with an insecure
“hello” to the server and only switch to secured communications after the handshake between the client
and the server is successful. If the TLS handshake fails for any reason, the connection is never created.

Both Internet security protocols ensure that your data is encrypted as it is transmitted across the
Internet. They also both enable you to be sure that the server that you are communication with is the
server you intend to contact and not some “middle man eavesdropper”. This is possible because servers
that support SSL and TLS must have certificates issued to them by a trusted third party, like Verisign or
Thawte. These certificates verify that the domain name they are issued for really belongs to the server.
Your computer will issue warnings to you if you try to connect to a server and the certificate that it gets
back is not trusted or doesn’t match the site you are trying to connect to.
If you are mostly concerned about your level of security, you can’t really go wrong choosing either SSL
or TLS.

So then, should I choose to connect with TLS or SSL?

The main benefit in opting for TLS over SSL is that TLS was incepted as an open-community standard,
meaning TLS is more extensible and will likely be more widely supported in the future with other
Internet standards. TLS is even backwards compatible, possessing the ability to “scale down” to SSL if
necessary to support secure client-side connections that only understand SSL.
Another more immediate benefit, however, is that TLS allows both secure and insecure connections over
the same port, whereas SSL requires a designated secure-only port. For users connecting to an email
server via POP or IMAP, this means that using TLS will allow you to opt for secure connections but easily
switch to insecure connections if necessary without needing to change ports. This is not possible with
SSL.
However, as discussed in the previous section, it really doesn’t matter which one is used in terms of
security.

What happens if I do not use either security protocol?

If neither SSL nor TLS is used, then the communications between you and the server can easily become
a party line for eavesdroppers. Your email data and your login information are sent in plaintext for all to
see, and there is no guarantee that the server you connect to is not some middle man or interloper.

Rapid Application Development (RAD) refers to a type of software development methodology that
uses minimal planning in favor of rapid prototyping. The "planning" of software developed using RAD is
interleaved with writing the software itself. The lack of extensive pre-planning generally allows software
to be written much faster, and makes it easier to change requirements.

________________________________________________________________________________________
Page -2
 TERMINOLOGY SIMPLIFIED

________________________________________________________________________________________
Page -3