LANCOM Reference Manual LCOS 3.50 Chapter 14: Virtual Private Networks—VPN
328
Virtual Private Networks—
VPN
14.7.2 Alternatives to IPSecIPSec is an open standard. It is not dependent on individual manufacturers
and is being developed by the IETF with input from the interested public. The
IETF is a nonprofit organization that is open to everyone. The broad
acceptance of IPSec is the result of this open structure which unites a variety
of technical approaches.
Nevertheless, there are other approaches for the realization of VPNs. We will
only mention the two most important of these here. They are not realized at
the network level like IPSec, but at the connection and application levels.
Security at the connection level – PPTP, L2F, L2TP
Tunnels can already be set up at the connection level (level 2 of the OSI
model). Microsoft and Ascend developed the Point-to-Point Tunneling
Protocol (PPTP) early on. Cisco presented a similar protocol with Layer 2
Forwarding (L2F). Both manufacturers agreed on a joint effort and the IETF
produced the Layer 2 Tunnel Protocol (L2TP).
Their main advantage over IPSec is that any network protocol can be used
with such a network connection, especially NetBEUI and IPX.
A major disadvantage of the described protocols is the lack of security at the
packet level. What's more, these protocols were designed specifically for dial-
up connections.
Security at higher levels – SSL, S/MIME, PGP
Communications can also be secured with encryption at higher levels of the
OSI model. Well known examples of this type of protocol are SSL (Secure
Socket Layer) mainly used for web browser connections, S/MIME (Secure
Multipurpose Internet Mail Extensions) for e- mails and PGP (Pretty Good
Privacy) for e-mails and files.
In all of the above protocols, an application handles the encryption of the
data, for example the Web browser on one end and the HTTP server on the
other.
A disadvantage of these protocols in the limitation to specific applications. In
addition, a variety of keys is generally required for the different applications.
The configuration must be managed on the individual computers and can not
be administere d conveniently on the gateways only, as is the case w ith IPSec.
Security protocols at the application level tend to be more intelligent as they
know the significance of the data being transferred. They are usually much
more complex, however.