SECURITY MEASURES FOR REMOTE ACCESS

Security Measures for Remote Access to Sunshine Machine Works VPN

Levi Welshans
December 8, 2014

SECURITY MEASURE FOR REMOTE ACCESS

2

Overview
Sunshine Machine Works (SMW) has seen considerable expansion to their sales outreach,
and with this expansion comes the need for secure remote access for the frequently traveling
staff. The configuration of the Virtual Private Network intranet for SMW is of great importance,
because there are many ways that security and access can be compromised. The purpose of this
report is to define Tunneling, discuss the three protocol options, and describe the Open Systems
Interconnection (OSI) layers that these processes take place on.
Tunneling
Tunneling within the VPN is the process of encapsulating data into smaller packets from
one type of protocol and configuring them to match the datagram within a different type of
protocol. (Microsoft, 2010) An easier way to say this is that the data being transferred from
SMW virtual network is broken down and encrypted when accessed by remote staff members.
The tunnel serves as a logical connection between the VPN server and the remote client. There
are two methods for creating this tunnel. The first, Voluntary, is a preexisting connection
between the VPN server and the client. This connection is then used to create a tunnel between
the two entities. The second, Compulsory, is a tunnel created when the client requires access to
the remote server. The VPN server is obligated to create a tunnel for the exchange between the
client and the server. There are many ways to go about providing this remote access for the
employees of SMW. There are numerous routers with VPN functionality and software that can
be used for connection management, but it is important that the method used by remote devices
mirrors that which is used by the VPN server.
Protocol Options

SECURITY MEASURE FOR REMOTE ACCESS

3

PPTP, or Point-to-Point Tunneling Protocol, is an extension of the Point-to-Point

Protocol. This method is ingrained within most all Windows releases, and there is client support
provided by Microsoft for this particular protocol. (Mitchell, 2014) PPTP involves creating a
connection by use of the Transmission Control Protocol. PPTP then takes data and packages it
within PPP packets. These packets are then encrypted, or encapsulated, and placed within
Internet Protocol (IP) packets so that they can be delivered safely through the tunnel.
L2TP, or Layer Two Tunneling Protocol, is a combination of Layer Two Forwarding and
PPTP. Layer Two Forwarding is a protocol method developed by Cisco Systems that is entirely
supported by PPP. L2TP takes the best of both protocol formations and combines them in a more
diverse method with options for data transport and can be used as an over the internet tunneling
option. (Tech-FAQ, 2012) L2TP, when fully integrated with IPsec, provides an extremely secure
option with a wide arrangement of features. L2TP uses a core piece of the IP suite, User
Datagram Protocol, to provide more security for encapsulation. When used with IPsec the
packet receive further encapsulation resulting in an extremely secure transport method.
IPsec, the only method of the three that operates on the third OSI layer, is a network level
security service that provides a wide range of security measures. It can be used solely as a
transport and tunneling method, or in combination with both L2TP and PPTP. With tunneling
IPsec encrypts both the header of the packet and the content of the packet. When used with
VPNs the client and server would utilize a shared key for decryption purposes. (Webopedia,
20114)
The OSI Layers

SECURITY MEASURE FOR REMOTE ACCESS

4

The two layers that these various tunneling protocols operate within are Layer 2, Data
Link, and Layer 3, Network. PPTP and L2TP both utilize the data link layer for transport of
packets. The data link layer has two sub layers within, the Media Access Control layer and the
Logical Link Control layer. These two sub layers are responsible for allowing access to the
content and the movement and synchronization of the packet frames. Layer 2 tunneling is
widely used for remote access when connecting to a VPN. IPsec exists on the network layer,
and the network layer is used for routing and forwarding as a means to transport data from node
to node. The network layer works with logical addresses that are uniquely identified within the
intranet, rather than IP address which are based upon a specific local device address. Like the
data link layer, the network layer encapsulates data from the upper levels of the OSI model. The
network layer really defines inter connected networks, like VPN intranets, and works well as a
layer to transport data between remote connections to these networks.
Conclusion
The configuration of the VPN and how members of the staff are able to access this
intranet are crucial for protecting not only members of the staff but also the private data of
Sunshine Machine Works. It is important to remember to stay singular in the methods used so as
not to cause confusion or issues with encryption, transfer, and decryption.

SECURITY MEASURE FOR REMOTE ACCESS

5

References

Appendix C: VPN Tunneling Protocols. (2010, April). Retrieved December 8, 2014, from
http://technet.microsoft.com/en-us/library/ff687723(v=WS.10).aspx
Beal, V. (2014). What is IPsec? Webopedia. Retrieved from
http://www.webopedia.com/TERM/I/IPsec.html
Crawford, S., & Tyson, J. (2011, April). Encryption and Security Protocols in a VPN HowStuffWorks. Retrieved December 8, 2014, from
http://computer.howstuffworks.com/vpn7.htm
Mitchell, B. (2014). VPN Tunnels Tutorial - Types of VPNS, Protocol & More.
Retrieved December 8, 2014, from
http://compnetworking.about.com/od/vpn/a/vpn_tunneling.htm
Tunneling. (2012, December). Retrieved December 8, 2014, from http://www.techfaq.com/tunneling.html