Tunneling is a method of transferring data from one network to another by encapsulating the packets in an additional header. The additional header provides routing information so that the encapsulating payload traverse the intermediate networks.
For a tunnel to be established, both the client and server must use the same protocol.
Tunneling and also the use of a VPN is not intended to substitute for encryption. Where high level of security is desired, the strongest possible encryption should be used.
PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol) are most popular tunneling protocols.
PPTP (Point-to-Point Tunneling Protocol):
- PPTP works at the Data Link Layer of the OSI Model.
- Designed for individual client-to-server connections. It, therefore, allows one a single point-to-point connection per session.
- Commonly used by Windows clients for asynchronous communications.
- Uses native Microsoft encryption protocol known as MPPE (Microsoft Point-to-Point Encryption).
- Usually uses port 1723 and TCP.
- Cannot use the added benefit of IPSec
- PPTP does not support TACAC+ and RADIUS
L2TP (Layer 2 Tunneling Protocol):
- L2TP works at the Data Link Layer of the OSI Model.
- L2Tp is an accepted tunneling standard for VPNs.
- Like PPTP it was designed for individual client-to-server connections.
- L2TP supports TACAC+ and RADIUS
- Usually uses port 1701 and UDP.
- L2TP requires IPSec in order to offer encryption
- L2TP/IPSec connections requires two levels of authentication: computer level authentication and user-level authentication.
To Become Certified For CISSP Please Visit This Link;