PC ProSchools – TechTalk

PPTP is the point-to-point tunnel protocol. It is a network protocol that allows a client machine to establish a secure connection to a VPN server on your private network. By using the PPTP protocol, this ensures that the transfer of data is secure between the client machine and the VPN server. The most common use of this is across a public network such as the Internet. Typically you would need 3 computers to make this connection; a PPTP client, a network access server, and a PPTP server. Think of the client as your home PC, the network access server as your ISP server and the PPTP server as your company’s VPN server. To establish this secure VPN connection, first you would create a PPP connection to the ISP server. (The PPP protocol is a data link protocol to establish a connection between 2 point to point links) Once connected to the ISP server (or network access server) you can now send and receive packets over the internet. After the initial connection is made, a second connection is made over the existing connection that you established first. This second connection creates the VPN connection from your PC to the PPTP server, or otherwise known as the “tunnel”. Think of the PPTP server as the gateway into the private network and it is going to require authentication to get in. The client computer is going to need to provide username and password to authenticate. This is done by using such authentication protocols as CHAP, MS-CHAP, and PAP for some examples. Once you are authenticated into the network, data that is sent through the tunnel using this second connection is now encrypted.  Think of the username and password as the “key” to unlocking the encrypted data between the PPTP client and the PPTP server. Only the client and the server are going to have this “key” or username and password, therefore all data sent over the VPN tunnel is now secure.

L2TP is the layer two tunnel protocol and is a combination of Microsoft’s PPTP and Cisco’s L2F (layer 2 forwarding). With PPTP protocol the connection is made between the client machine and the server. With L2TP the connection is made from router to router. To establish this connection you will need the L2TP client machine, (your home PC), a LAC (L2TP access concentrator), this is the server that the client machine is directly connected to. Think of the LAC as your ISP server. You also need the LNS, (L2TP network server) this is the endpoint for the VPN tunnel and this is where data is received and processed. The LNS is going to be connected to your company’s network. To establish the VPN connection, it works in much the same way as PPTP. The client machine is going to establish a PPP connection to the LAC (ISP server). The LAC then exchanges information with the LNS to establish the L2TP tunnel. The VPN tunnel when using L2TP in this manner is between the LAC and the LNS. The same authentication protocols can be used with L2TP that were used with PPTP. L2TP can also be used in conjunction with IPSec to make a more secure connection.

The main difference between L2TP and PPTP is the connection itself. With PPTP the VPN connection, or tunnel, is between the client machine and the VPN server. With L2TP, the connection is router to router, or in the case listed above, between the LAC and the LNS.  PPTP is the legacy protocol and L2TP is the newer and now more widely used protocol. This is mainly because of the interoperability that L2TP provides and the added security of implementing L2TP with IPSec.

Network security has always been a priority to network administrators.  The need to protect data in corporate environments has led to the use of many stand-alone network security devices.  These devices include:

• Firewall/VPN
• Antispam
• Gateway Antivirus
• Antispyware
• Web/Content Filtering
• Intrusion Detection & Prevention

Included with all of these individual devices are their own unique configuration and management interfaces and reporting tools.  Management and configuration of the devices will take place on each device instead of a centralized management point on the network leading to increased total cost of ownership.  Important updates for system and security functions will have to be managed per device, which can possibly lead to missed security updates that can cause system and network vulnerabilities.   These factors have led to the development of Unified Threat Management (UTM) devices.  Here is a list of  some UTM device manufacturers:

• Cisco
• Sonicwall
• Fortinet
• Symantec
• Juniper
• Watchguard
• McAfee

Unified Threat Management (UTM) devices incorporate the functionality of the previously listed devices into one hardware device.  When using a UTM device, management features, updates and configurations can take place from one centralized location.  This reduces the chance of missed updates and lowers the need for knowledge of multiple interfaces.

Using a single device to perform all of these security functions has worried some administrators in the past.   There was a fear of a single point of failure – if your device crashed, then all security functions would stop.  To address this issue, most manufacturers of UTM devices have also incorporated failover functionality which allows another UTM device to automatically take the place of the failed device.

UTM devices were mainly used in small to medium sized businesses when first introduced about five to six years ago.  Large companies were hesitant to implement these devices early on because the devices themselves could not handle the workload of a large network environment.  But as technology has gotten better (which it always does) with increasing speeds, large enterprises have started implementing these devices within their environments.

As time continues forward, the use of Unified Threat Management devices will increase.  Consolidating functionality, whether for security or server functionality, is growing with the use of UTM devices and virtualization software, saving time and money for IT departments and their companies.

�