Strengths And Weaknesses Of Two Tunnelling Protocols Computer Science Essay

Published Date: 02 Nov 2017

Introduction

This report will outline the reasons why tunnelling is used and describe two of the most commonly used tunnelling protocols. This report aims to inform why they have been developed and why one might be preferred over the other.

In this report, I will be mainly focusing on

The main aim of this report is to present information on the following areas

Explain network tunnelling

Briefly describe the reasons for tunnelling

Explain two tunnelling protocols

Compare the strengths and weaknesses of the two tunnelling protocols

Network Tunneling

Tunnelling allows one network to send its data through another network's connections; for example the internet. Tunnels are used to create a safe and secure network connection between a private network and a remote host. This enables a remote user to gain access to resources on their private network.

It does this by using tunnelling protocols; this is where a packet based on one protocol is encapsulated in a second packet based on whatever protocol is required to allow it to propagate through the intermediary network. In effect the, the second wrapper ‘insulates’ the original packet and gives the illusion of a tunnel. Tunnelling technology can be implemented using a Layer 2 or Layer 3 tunnelling protocol.

In real life term, tunnelling is compared to ‘encapsulating’ a present (original packet) in a box (second wrapper) for delivery through the postal service.

Reasons for Tunneling

There are many reasons why an organization may choose to implement a network tunnel. A few examples are listed below.

Lower communications cost: as it eradicates the need for expensive leased lines because tunnels can operate on Public switched telephone network (PSTN) lines .It will significantly reduce the number of national and international calls.

Lower administration: network administrators need only manage and secure their remote access servers. They only have to manage only user accounts and don’t need to worry about supporting complex hardware configurations

Improves organization efficiency: many employees are field based or work from home. Having the ability to access the company’s server for resources is a great convenience and productivity improvement.

Improves Security: The use of authentication and encryption protocols helps to protect the data that is transmitted through the tunnel.

.

Tunneling Protocols

Point To Point Tunneling Protocol

The Point to Point Tunneling Protocol (PPTP) is a protocol that is used to tunnel Point to Point Protocol (PPP) connections through an IP network, creating a Virtual Private Network (VPN)

PPTP was developed by PPTP Forum, This was a group of companies that included Microsoft; Ascend, US Robotics and. 3Com.PPTP is one of the most commonly implemented tunnelling protocols. This is mainly due to the fact that it’s supported by windows clients and it’s fairly simple to configure and maintain. PPTP has the capacity to provide on demand, multi protocol for VPNs utilizing public networks for instance, the Internet.

Cc751470.xns_k03(en-us,TechNet.10).gif

(King, 27/2/2013)

Authentication protocols

PPTP is an expansion of the Point-to-Point protocol (PPP) RFC 1661. PPTP works at the datalink layer of the OSI model. The authentication process used by PPTP is identical to PPP. PPP has four main authentication protocols which are:

Password Authentication Protocol (PAP) RFC1334 this allows for clear text authentication of a username and password. It is not a secure protocol due to the fact that if PAP packets are captured by a between server and remote clients, it would be possible to figure out remote user’s password. It also vulnerable to reply attacks.

Challenge Handshake Authentication Protocol (CHAP) RFC1994 is a more secure authentication protocol than PAP. It works by ensuring that both the server and user know the plain text of the secret, even though it’s never sent over the link. The process is carried out when the initial link is created and at regular intervals during the connection to verify the identity of the remote user. It’s also known as a three way handshake.

Microsoft Challenge Handshake Authentication Protocol (MS CHAP) RFC 2433. This is a Microsoft extension of CHAP. It follows the three way handshake method like CHAP.MS CHAP works by ensuring that the server stores a digital signature of the user instead of their password. This allows for greater level of security.

MS-CHAPv2. v2 RFC 2759 Microsoft developed an enhanced version of MS-CHAP. The encryption authentication process was revised, where each network device has to authenticate to each other. This method creates two unidirectional data pipes. Through these pipes a different encryption key is used for each connection between the devices.

(Kory Hamzeh,Gurdeep Singh Pall,William Verthein,Jeff Taarud,W. Andrew Little,Glen Zorn, 1999-07) (Gurdeep Singh Pall and Glen Zorn, 2001-03)

Encryption

There is no encryption with PPTP as it only establishes the tunnel. The encryption technology used by PPTP is Microsoft Point to Point Encryption (MPPE) protocol RFC 3078.MPPE uses the RSA RC4 algorithm and at the present time supports 40-bit, 56-bit and 128-bit session keys.

Introduction

This report will outline the reasons why tunnelling is used and describe two of the most commonly used tunnelling protocols. This report aims to inform why they have been developed and why one might be preferred over the other.

In this report, I will be mainly focusing on

Explain network tunnelling

Briefly describe the reasons for tunnelling

Explain two tunnelling protocols

Compare the strengths and weaknesses of the two tunnelling protocols

Network Tunneling

Tunnelling allows one network to send its data through another network's connections; for example the internet. Tunnels are used to create a safe and secure network connection between a private network and a remote host. This enables a remote user to gain access to resources on their private network.

inbe02

It does this by using tunnelling protocols; this is where a packet based on one protocol is encapsulated in a second packet based on whatever protocol is required to allow it to propagate through the intermediary network. In effect the, the second wrapper ‘insulates’ the original packet and gives the illusion of a tunnel. Tunnelling technology can be implemented using a Layer 2 or Layer 3 tunnelling protocol.

In real life term, tunnelling is compared to ‘encapsulating’ a present (original packet) in a box (second wrapper) for delivery through the postal service.

Reasons for Tunneling

There are many reasons why an organization may choose to implement a network tunnel. A few examples are listed below.

Lower communications cost: as it eradicates the need for expensive leased lines because tunnels can operate on Public switched telephone network (PSTN) lines .It will significantly reduce the number of national and international calls.

Lower administration: network administrators need only manage and secure their remote access servers. They only have to manage only user accounts and don’t need to worry about supporting complex hardware configurations

Improves organization efficiency: many employees are field based or work from home. Having the ability to access the company’s server for resources is a great convenience and productivity improvement.

Improves Security: The use of authentication and encryption protocols helps to protect the data that is transmitted through the tunnel.

.

Tunneling Protocols

Point To Point Tunneling Protocol

The Point to Point Tunneling Protocol (PPTP) is a protocol that is used to tunnel Point to Point Protocol (PPP) connections through an IP network, creating a Virtual Private Network (VPN)

PPTP was developed by PPTP Forum, This was a group of companies that included Microsoft; Ascend, US Robotics and. 3Com.PPTP is one of the most commonly implemented tunnelling protocols. This is mainly due to the fact that it’s supported by windows clients and it’s fairly simple to configure and maintain. PPTP has the capacity to provide on demand, multi protocol for VPNs utilizing public networks for instance, the Internet.

Cc751470.xns_k03(en-us,TechNet.10).gif

(King, 27/2/2013)

Authentication protocols

PPTP is an expansion of the Point-to-Point protocol (PPP) RFC 1661. PPTP works at the datalink layer of the OSI model. The authentication process used by PPTP is identical to PPP. PPP has four main authentication protocols which are:

Password Authentication Protocol (PAP) RFC1334 this allows for clear text authentication of a username and password. It is not a secure protocol due to the fact that if PAP packets are captured by a between server and remote clients, it would be possible to figure out remote user’s password. It also vulnerable to reply attacks.

Challenge Handshake Authentication Protocol (CHAP) RFC1994 is a more secure authentication protocol than PAP. It works by ensuring that both the server and user know the plain text of the secret, even though it’s never sent over the link. The process is carried out when the initial link is created and at regular intervals during the connection to verify the identity of the remote user. It’s also known as a three way handshake.

Microsoft Challenge Handshake Authentication Protocol (MS CHAP) RFC 2433. This is a Microsoft extension of CHAP. It follows the three way handshake method like CHAP.MS CHAP works by ensuring that the server stores a digital signature of the user instead of their password. This allows for greater level of security.

MS-CHAPv2. v2 RFC 2759 Microsoft developed an enhanced version of MS-CHAP. The encryption authentication process was revised, where each network device has to authenticate to each other. This method creates two unidirectional data pipes. Through these pipes a different encryption key is used for each connection between the devices.

(Kory Hamzeh,Gurdeep Singh Pall,William Verthein,Jeff Taarud,W. Andrew Little,Glen Zorn, 1999-07) (Gurdeep Singh Pall and Glen Zorn, 2001-03)

Encryption

There is no encryption with PPTP as it only establishes the tunnel. The encryption technology used by PPTP is Microsoft Point to Point Encryption (MPPE) protocol RFC 3078.MPPE uses the RSA RC4 algorithm and at the present time supports 40-bit, 56-bit and 128-bit session keys.

Structure of a PPTP Packet Containing an IP Datagram

Structure of PPTP Packet Containing IP Datagram

The PPTP consist of 3 main parts:

Control Connection that runs over the TCP (port 1723)

The main data packets which are encapsulated using GRE and routed through the IP tunnel

The main IP tunnel used for routing the packets which are encapsulated by GRE

Layer 2 Tunnelling Protocol

Layer 2 Tunneling Protocol (L2TP) RFC 2661 is a protocol used to tunnel data traffic between two points using the Internet.  L2TP was developed by Microsoft and Cisco to combine features of PPTP with that of Cisco’s Layer 2 Forwarding (L2F) protocol RFC2341.L2TP is capable of supporting non-TCP/IP clients and protocols for example Frame Relay and Asynchronous Transfer Mode (ATM). L2TP is similar to PPTP which encapsulates the data into PPP frames and transmits these across the connection.L2TP uses UDP as an encapsulation method for both tunnel maintenance and user data. 

To maintain the tunnel and user data L2TP uses UDP for encapsulationL2TP is often used in conjunction with IPSec. The use of certificates or a shared key is required when L2TP/IPSec is implemented, unlike PPTP.

Authentication protocols

L2TP also works at the datalink layer of the OSI model.L2TP does not provide any encryption or confidentiality by itself. It relies on an encryption protocol that it passes within the tunnel to provide security. L2TP has can use the same authentication protocols as