Server Security: Keeping Your Data Safe Page 8
By Karl Magsig
Methods are also available to secure the actual transmission channel. Most of these methods can be grouped under the heading of a virtual private network (VPN). A VPN is a secure transmission "tunnel" set up between server and client computers. A VPN acts as a private LAN but uses public transmission routes (i.e., the Internet). VPNs use two basic connectivity models.
One, called Layer 2 Tunneling Protocol (L2TP), creates a "tunnel" on the intranetwork it's connecting across, relying on user authentication at both ends (an L2TP server listens on a specific port, when a client requests a connection on that port, it must provide a recognized username and password before data transmission actually begins.)
The other model is Layer 3 Tunneling Protocol (L3TP), which assumes the two communicating devices "know" each other before establishing the connection.
Microsoft's Point-to-Point Tunneling Protocol (PPTP), is a good example of L2TP. When a PPTP connection is initiated from a client to a VPN server, the client must first authenticate to the server, the same as a workstation does when it logs in to a server on a LAN. Once authenticated, the client then encrypts its data and sends it to the server, which decrypts it and vice-versa.
IPSec (IP security) is an example of an L3TP. In Layer 3, the authentication is handled outside the VPN connection. A good example of an IPSec connection is PGP's built-in VPN client/server. The initial connection authentication is handled via PGP's key-pair. The initiating client enters the passphrase used to sign the PGP key being used for the VPN connection. Once the passphrase is authenticated on the VPN server, encrypted data communication begins.
This is just a very brief overview of VPN connections. An in-depth look at VPN and its associated protocols is beyond the scope of this document. For more information on VPN, PPTP and IPSec, check out the VPN information located on Microsoft's MS Developer's Network site, http://msdn.microsoft.com. A search on VPN will bring up lots of very good, thorough information on the subject.