What is secure VPN setup and configuration?

Virtual Private Networks (VPNs) use public communication infrastructure, usually the internet, and provide secure remote access to an organization’s servers. This means that members can access the network from a location that doesn’t contain the servers, such as a branch office or from home. VPN’s have hosts that accept each VPN connection from various clients. One main goal of a VPN is to provide data transfers from various private networks while avoiding expensive private data lines that would only be usable by one organization.

VPNs have several security mechanisms that can be configured during setup. Most VPNs are secured by using cryptographic tunneling protocols. These encryptions prevent packets from being intercepted or decoded. This also prevents messages from being altered and prevents user impersonation. Users must login and provide credentials before the system approves their access.

These are some of the Secure VPN protocols:

• Transport Layer Security (TLS/SSL) can tunnel the traffic for an entire network and secure an individual connection. An SSL or TLS VPN won’t have issues with Network Address Translation and firewalls, but since these protocols use TCP (Transmission Control Protocol) they are vulnerable to denial of service attacks. This is because TCP connections do not authenticate.

• IPsec (Internet Protocol Security) is not vulnerable to denial of service attack, but it can run into problems with firewall rules and Network Address Translation. The standards-based protocol was developed for IPv6 (Internet Protocol version 6) and is commonly used with IPv4.

• Secure Shell (SSH) is also called OpenSSH because it is used with the OpenBSD operating system. It secures remote connections to a network or links within the network. This type of VPN hand handle a limited number of concurrent tunnels and does not support personal authentication.

• Datagram Transport Layer Security (DTLS) A Cisco VPN protocol that solves some of the issues with SSL/TLS and tunneling over TCP.

• Microsoft's Microsoft Point-to-Point Encryption (MPPE) works with Microsoft’s point-to-point tunneling protocol in several implementations that are compatible with other platforms.

• Microsoft introduced Secure Socket Tunneling Protocol (SSTP). SSTP is able to tunnel Point-to-Point Protocol (PPP) or L2TP traffic through an SSL 3.0 channel.

There are also three building blocks for a ‘provider-provided’ VPN (PPVPN):

A customer edge device, which is a device on the customer premises that can access the PPVPN (configurable for some vendors’ solutions).

A Provider edge device, which is one or more devices that present the provider’s of a customer site and maintain VPN state.

A Provider device, which operates in the provider’s core network and doesn’t directly interface with customer endpoints.