Analysis of VPN Tools - Term Paper Example

VPN Tools al Affiliation) Table of contents Introduction………………………………………………………………………………………………3 0 OpenVPN………………………………………………………………………………………….....3 1.1 Screenshots ………………………………………………………………………………6 1.2 Advantages/ Disadvantages ………………………………………………………………7 2.0 Cisco VPN Client……………………………………………………………………………………..7 2.1 Screenshots………………………………………………………………………………..9 2.2 Advantages/ Disadvantages……………………………………………………………..10 3.0 LogMeIn Hamachi………………………………………………………………………………...…11 3.1 Screenshots ……………………………………………………………………………...12 3.2 Advantages/ Disadvantages…………………………………………………………..…12 4.0 Windows Built-In VPN………………………………………………………………………………12 4.1 Screenshots ……………………………………………………………………………...12 4.2 Advantages/ Disadvantages……………………………………………………………...13 Project Summary...…………….…………………………………………………………………………14 Future Implications………………………………………………………………………………………15 References………………………………………………………………………………………………..16 Introduction A VPN, virtual private network, is a network connection that is built on top of already existing publicly accessible telecommunication infrastructure like the internet and is used to provide access to the central organizational network to travelling users and remote offices. Yuan & Strayer (2007) state that VPNs create a virtual tunnel over the publicly available internet through the use of symmetric encryption. Common encryption and decryption keys which are used to encrypt all traffic in both directions are shared by both sides of the tunnel. In addition to the provision of alternative to the use of proxy server for remote access to campus resources, VPN also ensures secure methods to authenticate to the campus wireless network hence data security through the use of encryption technologies such as PPTP, L2TP, IPSec and SOCKS. For a smooth establishment and maintenance of a virtual private network, one is required to have appropriate networking software and hardware installed in their computers and the local network. VPN software enables a client to join a private network as if they are at a local computer within the network despite the physical distance the client might be away from the network. This software ensures security of the private network through the use of cryptographic tunneling protocols to ensure confidentiality and message integrity (Shnierder, 2008). In order to completely set up a virtual private network, certain software and hardware tools known as the VPN tools are necessary .This paper discusses in depth four VPN tools namely, OpenVPN, Cisco VPN Client, LogMeIn Hamachi and Windows built in VPN. OpenVPN OpenVPN is an open source software application for virtual private network implementation, meaning it can be downloaded and used for free. Its main role is to securely tunnel encrypted data from the server to the client or client to the server through a single port over an unsecure network. It popularity among VPN users comes from the fact that it’s a multi-platform application that support different platforms unlike most of the other VPN software applications. It is one of the best and definitely the least expensive VPN software applications. Besides, it is has few and easy installation, configuration and maintenance steps for windows users even for the novice users. It is a user-space SSL based VPN that demonstrates the ease of use and VPN simplicity and at the same time providing protection. OpenVPN is used to create secure site to site connections in remote access facilities and bridged configurations using SSL/TLS protocol or with pre-share keys. Its ability to transverse firewalls and network address translators is one of its biggest strength (Shnierder, 2008). OpenVPN is based on an architecture known as the client/server architecture, that is, the software application must be installed in both the client and server computers. It is a user space VPN since it does need sophisticated intertwining with the OS kernel for proper function. It operates in the ring 3 of secure OS ring architecture which enables it to control and access the virtual interface without depending on the kernel (Shnierder, 2008). It uses the most mature security protocol, the SSL/TLS protocol, which has limited weaknesses according to the greatest minds in cryptography. The protocol is believed to have strong cryptography armor (Charlie, 2009). The use of openSSL library for encryption and authentication allows OpenVPN to ensure the four main goals of information security; confidentiality, authentication, integrity and non-repudiation are achieved. OpenVPN uses a single UDP/TCP port to tunnel and encrypt data within the tunnel. Based on the official port number assignment, OpenVPN uses the default port number UDP 1194. OpenVPN ensures authentication through the use pre-share keys, certificate- based and username/password-based authentication. It depends on third party modules in order to authenticate peers using username/password authentication. Plug-ins such as the PAM authentication plug-in can be used to achieve username/password-based authentication. OpenVPN is a multi-platform software application, written by James Yonan, with the ability to work on different operating systems without complications and complexity in installation and maintenance (Yuan & Strayer, 2007). For this reason it is considered one of the best VPN tools. Its platform availability is widespread including Linux, Solaris, OpenBSD, NetBSD, Windows 2000/XP/Vista/7 and Mac OS X. Although OpenVPN is a command line utility, it works hand in hand with third party client software like; OpenVPN-AS Client, Viscosity and OpenVPN MI GUI, that provide graphical user interface (GUI) for OpenVPN server con // proxy . Advantages Easy installation and configuration. For window users the installation is pretty easy and fast even for the novice users. Portability. OpenVPN is a user space rather than kernel module making it easily portable compared to other VPN tools. It is more secure since it uses the OpenSSL encryption library which contains many security features. It has the ability to deploy VPN clients behind NAT devices using the tunnel networks over the devices. It is a multiplatform VPN software application capable of running on different OS without difficulties. It is open source software meaning cheap and easily available. Cisco VPN client Cisco VPN client is one of the most widely used VPN software application in both educational and corporate environments. According to Yuan & Strayer (2007), Cisco VPN client as a virtual private network application has a highly variable price to run, although it’s free for download to the end users in both windows and Mac operating systems. It helps maintain productivity of an organization besides improving security through secure connection of remote users, offices and business partners. An executable installer is usually distributed with the client and profile file with all the information that enables easy connection to a network. Site to site VPN architecture is used to provide a WAN infrastructure that is based on the internet while using IPSec protocol, which is compatible with all the other Cisco VPN products, the for encryption. //status //authentication Advantages Cisco VPN client can be preconfigured for mass deployment. It requires little user intervention for initial log in. The Cisco VPN client is a multiplatform application with ability to work on different operating systems such as Windows XP/Vista/7, Linux, Solaris Ultras ARC and Mac OS X 10.4, 10.5. It has a simplified provisions and reduced operation task for network designs It has integrated advanced routing and network intelligence for wide range of networks designs. It has the ability to achieve a high quality and reliable transport of mission critical and complex traffic like voice and client server applications. Disadvantages Cisco VPN client is highly expensive to run and maintain as compared to other virtual private network software applications. It is not free and has to be obtained under corporate licenses. Some version of Cisco VPN client like version 4.9.01.0180 which is believed to be the stable version, does not support platforms such as Mac 0S X later than 10.5 It has security vulnerability. Cisco VPN client uses profile files to store password which can easily be decoded hence putting the virtual private network at risk. LogMeIn Hamachi LogMeIn Hamachi is one of the few virtual private networks that require little configuration with the ability to connect two or more computers behind a NAT firewall over the internet as though the computers are connected over a LAN. It support different platforms mostly Windows, Mac OS X and beta versions of Linux. Hamachi is VPN system which is centrally managed and consists of server cluster and client software. The server cluster is managed by the system vendor while the client software is installed at the end user’s computer. The client software is used to add virtual network interface to the end user’s computer besides intercepting and injecting traffic (Yuan & Strayer, 2007). Client goes through a log in authentication once a connection to the server cluster has been established. (Viega & Messier, 2010). Instructions to either tear down or establish tunnels are sent to network peers once a client has gone either online or offline. Hamachi achieves this through the use of a server-assisted NAT transversal technique. Hamachi used industry standard algorithms to secure and authenticate data. It is mostly used for remote administration and gamming. Advantages It is easy to install and configure. It provides a user interface that is simple and fun to use. It operates in different operating system platforms such as Windows XP/Vista/7, Mac OS X and Linux. It provides a full LAN like access to all the peers in the network. Disadvantages A mediation server is required for the system to operate. It has security risks since its services are vulnerable on the remote machine. There are a lot of errors in its client server protocol documentation. Windows Built-in VPN This is a virtual private network application that is built within Microsoft operating systems from win 98 to win7. It comes preinstalled along with the operating system hence reduced hustle in installation. Configuration process involves only a few simple steps of typing in the IP address of the remote IPSec peer then a connection is established. The use of Windows built in VPN is not encouraged since its connection is not secure. The Windows built-in VPN implements the IKEv2 key exchange challenge handshake authentication protocol (CHAP), and Microsoft CHAP protocol in data tunneling to ensure data security over the public internet in windows 7 version. Advantages Since it is in built in Microsoft windows, it free and easily available for the window users. It has simple and easy installation and configuration processes. Disadvantages The Windows built in VPN is highly insecure for versions lower than windows vista since they do not use secure protocols in tunneling their data. It supports only one platform: windows. It is only available to windows user. Linux and Mac OS X are incapable of using it. It only supports the IKEv2 gateway which is provided only by SonicWall. It also requires the windows 2008 R2 server which has not yet been adopted by most companies. Project summary Virtual private network is cost effective as compared to wide area network connection since it eliminates the need to install physical leased lines in addition to reducing long distance telephone charges and expensive and hard to secure modem banks and access servers. Furthermore, internet based VPNs reduces the scalability problem in rapidly growing organizations by enabling them to simply tap into the public networks which are readily available as compared to physically installing dedicated lines to all their branch offices. On the other hand VPN technology come with certain limitations that should be considered by any organization planning on using VPN before making a decision to settle for the technology. Careful installation and thorough understanding of network security are required for proper installation of VPN. In addition, an organization does not have the direct control of performance and reliability of internet based VPN. Moreover, there exist incompatibility issues among VPN products from different vendors. This project has helped me gain more knowledge on virtual private networks, its benefits and short coming, the set up process, security that come a long with VPNs and mostly importantly the best VPN tool. Choosing and managing a VPN system can sometimes be a daunting task to system administrators and also to end users since different VPN tools come with different advantages and short coming. However, determination of the best tool out of the four depend on a number of factors such data security, availability, price, maintenance cost, installation complexity, usability and platform support among others. Favorite\Least Favorite VPN Tool Considering the above factors OpenVPN stands out as the best VPN tools with Windows built in VPN tool as the worst among the other virtual private network tools reviewed in this paper. OpenVPN provides industry tested security alongside tremendous ease of use (Viega & Messier, 2010). Its availability in most modern operating platforms is an added advantage to the fact that it offers flexibility of working in variety of modes that are easily understandable and hardly insecure. In a nutshell, OpenVPN is more flexible, fast and fun to use as compared to the other tools. Windows built in VPN on the other hand has a poor security to data tunneling. This alone goes against one of the primary roles of a VPN tool to protect the users’ data over the public infrastructure like the internet. Future Implications Reliability, privacy and security of data are some of the key component considered essential with critical data and information being exchanged within an organization’s network (Viega & Messier, 2010). Data insecurity has been a major problem for IT professionals operating in organizations that still use WAN instead of VPN. Virtual private network eliminates the data security threat since it employs tunneling and security procedures with protocols that encrypt data and decrypt it at the receiving end. References Charlie, H. et al. (2009). OpenVPN and the SSL VPN Revolution. New York: Random House. Shnierder, B. (2008).Applied Cryptography: Protocol, Algorithms and Source codes. New York. Wiley and Sons. Viega, J., Messier, M. (2010). Network Security with OpenSSL. London: O’Rielly. Yuan, R., & Strayer, W. T. (2007). Virtual private networks: technologies and solutions. Boston: Addison-Wesley. Top of Form Bottom of Form Read More