VPN Security and Performance


Introduction.  VPN Security has three main components.  Together these ensure the private aspect VPN.
  • Authentication
    • need to verify the VPN client
      • identity of the machine
      • identity of the user
    • can be implemented using a variety of methods
      • EAP - Extensible Authentication Protocol
      • CHAP - Challenge Handshake Authentication Protocol
      • MS - CHAP - Microsoft CHAP
      • PAP - Password Authentication Protocol
      • SPAP - Shiva PAP
  • Authorization
    • which users are granted VPN access
    • which users are granted particular types of access
  • Encryption
    • variety of encryption methods as seen in the previous webpage
    • many implementations let the user choose the encryption method

Performance.  VPN Performance issues can be classified as those which apply to all VPNs and those that apply to specific implementations.

Issues about its availability are always a concern, considering some of the instabilities inherent in the Internet itself.  This is also true at the level of ISPs.  Heavy traffic can also greatly impact performance, considering the extra connectedness and encryption involved in the processing.

The overhead involved in VPNs can result in overall diminishment of performance.  Establishing circuits requires more effort and committal of resources.

VPN Types.  VPNs can be implemented based more on hardware or software, though both will be involved to some extent in all implementations.

Software based implementations include the use of tunneling protocols like we have previously mentioned.  Many third party systems work directly off of established server operating systems.  Some of these products are listed below.

  • Safeguard VPN
  • Checkpoint SVN - Secure Virtual Network
  • NetMAX VPN Suite for Linux

Hardware based implementations are developed by a number of companies such as the following.

  • Shiva
  • 3Com
  • VPNet Technologies
  • Raptor Systems
  • Cisco

VPN support is built into Cisco routers as well as those of other companies.

Hardware based VPNs can generally be categorized into two types.

  • Router Based
    • routers with encryption capabilities
    • generally give the best performance and ease of configuration
  • Firewall Based
    • provide extra security measures
      • strong authentication
      • detailed logging
    • can perform address translation
    • performance can be an issue but in some implementations encryption is done by hardware based processors