Re-post article by Cahit Akin, CEO, Mushroom Networks, Inc from mushroomnetworks.com
Which Virtual Private Network (VPN) you need depends upon how you will use it and how much security, performance and failover capabilities you need. The differences in the protocols and blends of VPN are not varied but there are drawbacks to the hardest and the easiest protocols. If you are trying to communicate between sites, have vendors or employees who are out in the field, or need a safe way to connect to a cloud service your VPN must connect and be as secure and as agile as you need.
What are the basic protocols for Virtual Private Networks?
There are seven protocol types or variants of types that can be used for in a virtual private network. These protocols range from simple point to point communications to variants or blends of protocols. To give you a better idea of what you will need here are each of the protocols and how they are used:
- Point to Point Tunneling Protocol – Also known as, PPTP, is the protocol that is most popular and supported by many devices, the easiest to install, and the least overhead to use. The drawbacks to using PPTP is that it uses a weak encryption key (128 bits) so should not be used with sensitive data transfers.
- Site to Site Protocol – Site to site is basically the same as PPTP except it does not use a dedicated line and encryption is done at the routers at both ends of the connection. This type of encryption can be done in hardware or software.
- Layer 2 Tunneling Protocol – L2TP by itself is not much different than PPTP because it relies on the point to point protocol to connect. L2TP is not secure by itself and is often paired with encryption methods outside of the protocol such as IPSec and 3DES. Adding encryption onto this protocol gives it higher overhead as compared to other protocols.
- Internet Protocol Security – IPSec is a trusted encryption and tunneling protocol that uses encryption on the IP traffic over a given tunnel. The disadvantage to IPSec might be the time consuming client installations.
- Secure Socket Tunneling Protocol – SSTP is considered to have the highest security available in VPN protocols with the 2048 bit encryption. SSTP can be used in place of PPTP and L2TP, and is effective in locations where the use of ports are restricted. SSTP uses SSL so traffic can be restricted to port 443. A drawback to using the higher encryption rate is that the operating systems at the endpoints must be up to the current patch and latest OS levels.
- Multi-Protocol Label Switching – MPLS is not a protocol used by end users but is a way to securely connect sites using an ISP tuned virtual private network. An MPLS VPN is inherently more difficult to put together which may make it more expensive than other options. With MPLS you may consider a fail-over strategy over Internet lines.
- Variant or Open Source – Some companies have successfully put together packages that use SSL or IPSec with some of the easier to set up protocols. Open source software like OpenVPN is available to use, functions with most available operating systems and is free to use. One drawback when using open source software is the lack of support when needed.
- Hybrid – Modern approach is to use a blend of transports (such as MPLS and other IP transports) and have the overlay VPN use all the available resources. The key is to leverage a Broadband Bonding router (such as this one) that can present a single IP connection to the VPN layer. This would create a cost effective and reliable VPN architecture, ideal for office-to-office connectivity.
Where can you use a Virtual Private Network?
There are many uses for a VPN in your business. Here are some ways you could and shouldn’t use a VPN with:
Connecting two sites, a server to a remote site, or a single remote user to a site. These kinds of connections are the mainstay of the VPN. When security is needed an encryption with the desired key length, sharing of security certificates, or shared secret is all you may need.
When you need to connect a site or user securely to a cloud based service you might want to consider using a VPN that uses IPSec or SSTP because of the larger encryption key and to restrict connections to specific ports.
Streaming video from one location to another may be what you want to do but if you select using a protocol that uses encryption you might be setting yourself up with a slow and useless connection. Using a protocol like PPTP is what you want when streaming video from one point to another but when you add in an overhead like encryption you will slow down the connection at both ends.
The right protocol for your business or application will be determined by the restrictions on how secure the data needs to be between endpoints and where you want the connection to be made (at the router, or at the server and client.) Once you have those two items determined you will be able to find the right protocol.