Via: Wikipedia
Secure VPNs use cryptographic tunneling protocols to provide the intended confidentiality (blocking snooping and thus Packet sniffing), sender authentication (blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. This has been the usually intended purpose for VPN for some years.
Because such choice, implementation, and use are not trivial, there are many insecure VPN schemes available on the market.
Secure VPN technologies may also be used to enhance security as a "security overlay" within dedicated networking infrastructures.
Secure VPN protocols include the following:
- IPsec (IP security) - commonly used over IPv4, and an obligatory part of IPv6.
- SSL used either for tunneling the entire network stack, as in the OpenVPN project, or for securing what is, essentially, a web proxy. SSL is framework more often associated with e-commerce, but it has been built-upon by vendors like Aventail and Juniper to provide remote access VPN capabilities.
- PPTP (point-to-point tunneling protocol), developed jointly by a number of companies, including Microsoft.
- L2TP (Layer 2 Tunnelling Protocol), which includes work by both Microsoft and Cisco.
- L2TPv3 (Layer 2 Tunnelling Protocol version 3), a new release.
- VPN-Q The machine at the other end of a VPN could be a threat and a source of attack; this has no necessary connection with VPN designs and has been usually left to system adminstration efforts. There has been at least one attempt to address this issue in the context of VPNs. On Microsoft ISA Server, an applications called QSS (Quarantine Security Suite) is available.
Some large ISPs now offer "managed" VPN service for business customers who want the security and convenience of a VPN but prefer not to undertake administering a VPN server themselves. In addition to providing remote workers with secure access to their employer's internal network, other security and management services are sometimes included as part of the package. Examples include keeping anti-virus and anti-spyware programs updated on each client's computer.
Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. In a sense, these are an elaboration of traditional network and system administration work.
- Multi-protocol label switching (MPLS) is often used to build trusted VPN.
- L2F (Layer 2 Forwarding), developed by Cisco, can also be used.
