VirtualPrivate Network (VPN) BySamirPatel ProfessorStan J. SenesyIT620December7th 2017 ABSTRACTSecurity inwireless networks is an interesting subject for over many years. Security hasbeen the biggest issue these days as the attacks are increasing every year.Organizations are facing the biggest challenges in securing theirinfrastructure which can protect against the security threats. There has beenan enormous interest in designing the secure wireless network that can defendagainst these threats. The biggest challenge in wireless network is to securethe transactions of data which are transmitted over radio frequency. Transmissionof data over radio frequency introduces new opportunities for eavesdroppinginto the network which results in unauthorized access. Virtual Private Network (VPN) hasbeen developed as a crucial solution in protecting against the security threatswithin the use of public networks for private communications.
VPN is the bestsecurity solution being used in open standards based technologies to addressany security holes. It provides security in the Wireless LAN by integrating aset of authentication, encryption, access control, and session managementcomponents. The two main methods of VPN; Internet Protocol Security (IPsec) andSecure Sockets Layer (SSL) are being utilized on Enterprise’s WirelessNetworks. Both methods differ in terms of the function they serve as well theunderlying technologies used. The key thing is to decide which method toconsider during the designing of Enterprise’s infrastructure that can providereliability and security to best protect against security breaches. INTRODUCTION Security is a critical factor in the design anddeployment of wireless networks. Security issues are the main concerns for thebusinesses as the wireless data LANs are deployed on the infrastructures.
Wirelessdata transmits over radio frequency which introduces new opportunities foreavesdropping in the wireless communications. The data can be breached with asuitable transceiver within the range of the communication. It makes an easierway to eavesdrop on the data passing through the radio waves.
Wireless networkoffers a platform for an attacker to compromise data transmitting over wirelessdevices without requiring any physical arrangements. The interception over thenetwork to capture all of the traffic transmitting through multiple devices hasbecome a crucial factor in the security. Therefore, businesses need toimplement efficient technology that can protect against wireless networkbreaches. Virtual Private Network (VPN) has been introduced as a viablesolution that builds a secure and private communications over public networkinfrastructures. VPN essentially creates a secure tunnel between a public andprivate network with the use of encryption methods to transmit the data. Atunnel uses cryptographic techniques to prevent other transmitter to interceptthe data being transmitted over the network. VPN leverages the use of differenttypes of protocol to provide scalability and security for the enterprise tosecure the wireless LAN networks. The most common types of protocols used inthe implementation of VPN are IPsec and SSL.
IPsec functions primarily at anetwork layer and SSL functions at an application layer. They both provide avalid solution for securing remote access over wireless networks but it isimportant in the way they can be strategically design to secure the transmitteddata over the networks as well as provide benefits to businesses. ANALYSISThemain factor in the leveraging the use of VPN is to provide a secure remoteconnection from public network to communicate with private network. IPsec andSSL both provide the functionalities that facilitate a secure connection but indifferent ways. IPsec protocol requires a company provided VPN client on thepublic device to initiates a session while SSL can be used with any client.IPsec supports all IP based application and SSL supports any browser basedapplications (See Figure 1). Both of these technologiesemploys standard based encryption and authentication techniques to secureaccess over the network. They both differ (See Figure 2) in the terms of theway they can be implemented depending upon the requirements of the businesses.
Figure 2. Comparisonbetween IPsec vs SSL IPsecoperates at network layer which provides access to entire enterprise network.It typically requires a VPN client installed on a local device which connectsto the firewall or VPN gateway of enterprise network and initiates an Internet keyexchange (IKE).
The flow of the connection is the user gets authenticated withenterprise network and a tunnel is created between two networks. The packetstransmitting over the networks are encrypted which provides dataconfidentiality and integrity. IPsec leverages the use of cryptography standardssuch as 3DES, MD5, and SHA for authenticating packets and encrypting data. IKEcan be used with digital certificates to provide two way authentications. IPsecis generally a main choice during a site-to-site implementation.
SSL operates atapplication layer which provide access to enterprise network from anywhere. SSLleverages the same cryptographic standards as IPsec; however, it provides directaccess to web based application rather than internal network. Any browser thatsupports SSL encryption can be used to initiate remote access connectivity. SSLuses cipher suites to define cryptographic functions for both parties to useduring communications. SSL VPN gateway authenticates to web server using SSLserver by signing a trusted Certification Authority certificate. SSL isgenerally considered when a connection needs to be made with web basedapplication or services running on enterprise’s network. IPsec and SSL are both intended to be used for samepurpose. They both provide a great source of functionalities in securing thewireless data flow over public networks.
Their major difference between the twoVPN protocols is the security protection they provide. Companies decide to choosethe effective protocol to implement is primarily based upon the securityaspects of both protocols. The major security components considered are theencryption and authentication methods.
They both use the same encryptionmethods but different algorithms. Both protocols utilize the robust security protocolsand methods but the decision to choose should be based on the company’srequirements. VPN can be implemented with many other protocols:however, IPsec and SSL are the main being leveraged in many industries. Thesuggestion in choosing the one that can provide the best security measuresdepends on the business requirements. IPsec is complex and connects more sitestogether. IPsec VPN should be used in situations where the connection needs tobe run 24×7. SSL VPN should be used in situations where mobile use within theorganization is much needed.
IPsec requires a VPN client which cannot be usedwith mobile. In the situation like this, SSL is much more ideal as itauthenticates the user within SSL enabled browser within the devices. They bothshould be implemented when designing Enterprise infrastructure as it adds anextra layer of security within the environment.CONCLUSION VPNis a powerful technology in terms of securing the environment.
Regardless of whichmethod to use in implementation, VPN should be implemented as a part of a defensein depth strategy that utilizes comprehensive policies and varieties of networksecurity policies. Wireless LAN network within the businesses leveragesmajority of their transactions. The data being transmitted over public networkshould be well protected to provide efficiency in the way the businesses run. Attacksare growing in numbers and wireless network is the first line that provides theentries for attacker to get into the private network. VPN doesn’t secure allthe aspects of the wireless network; however, it is the main method thatprovides an extra layer of security within the company’s environment. The maingoal for them is to implement the securities within their infrastructure thatis reliable and best suites the needs of today’s world.
REFERENCES IPSec vs. SSL: WhyChoose?. (2017). ebook Woburn: An OpenReach Backgrounder Comparing VPNTechnologies. Available at:https://pdfs.semanticscholar.org/6b7f/c468155115b5ac42fd0e7c5d1c5a91ece4d7.pdfAccessed 9 Dec.
2017.Greene, T. (2017).
IPSecvs. SSL VPNs. online Network World. Available at:https://www.networkworld.com/article/2287584/lan-wan/ipsec-vs–ssl-vpns.
htmlAccessed 10 Dec. 2017.SearchEnterpriseWAN. (2017). Which VPN should your business network implement?. onlineAvailable at:http://searchenterprisewan.techtarget.
com/tutorial/Which-VPN-should-your-business-network-implementAccessed 11 Dec. 2017.SearchSecurity.
(2017). Tunnelvision: Choosing a VPN — SSL VPN vs. IPSec VPN. online Available at:http://searchsecurity.techtarget.com/feature/Tunnel-vision-Choosing-a-VPN-SSL-VPN-vs-IPSec-VPNAccessed 12 Dec. 2017.
Lifewire. (2017). NotSure Whether to Use IPSec or SSL for VPN Connectivity? Read This. onlineAvailable at: https://www.
lifewire.com/vpns-ipsec-vs-ssl-2486720 Accessed 12Dec. 2017.SearchSecurity. (2017).
IPSec VPN vs. SSL VPN: Comparing respective VPN security risks. onlineAvailable at:http://searchsecurity.techtarget.com/tip/IPSec-VPN-vs-SSL-VPN-Comparing-respective-VPN-security-risksAccessed 11 Dec. 2017.Ferrigni, S.
(2003). SSLRemote Access VPNs Is this the end of IPSec?. ebook SANS InstituteInfoSec Reading Room. Available at: https://www.sans.org/reading-room/whitepapers/vpns/ssl-remote-access-vpns-ipsec-1285Accessed 10 Dec. 2017.SearchNetworking.
(2017).IPsec vs. SSL VPNs: Understanding the basics. online Available at:http://searchnetworking.techtarget.com/feature/IPsec-vs-SSL-VPNs-Understanding-the-basicsAccessed 12 Dec. 2017.Impact of ImplementingVPN to Secure Wireless LAN.
(2009). ebook World Academy of Science,Engineering and Technology International Journal of Electronics andCommunication Engineering. Available at:http://waset.org/publications/9220/impact-of-implementing-vpn-to-secure-wireless-lanAccessed 9 Dec. 2017.Wei Qu and S.
Srinivas, “IPSec-based secure wireless virtual private network,” ebook MILCOM2002. Proceedings, 2002, pp. 1107-1112 vol.
2. Available at: http://ieeexplore.ieee.org/stamp/stamp.
jsp?tp==1179632=26490Accessed 9 Dec. 2017.