Filter
Top Products
Network design
300 Avaya Application Solutions IP Telephony Deployment Guide
Managing IP Telephony VPN issues
This section provides information on communications security, firewall technologies, and
network management as related to VPN issues.
Communication security
The public nature of the Internet, its reach, and its shared infrastructure provide cost savings
when compared to leased lines and private network solutions. However, those factors also
contribute to make Internet access a security risk. To reduce these risks, network administrators
must use the appropriate security measures.
It is important to note that a managed service can be implemented either as a premises-based
solution or a network-based VPN service. A premises-based solution includes customer
premises equipment (CPE) that allows end-to-end security and Service Level Agreements
(SLAs) that include the local loop. These end-to-end guarantees of quality are key
differentiators. A network-based VPN, on the other hand, is provisioned mainly by equipment at
the service provider’s point-of-presence (PoP), so it does not provide equivalent guarantees
over the last mile. For a secure VPN that delivers robust, end-to-end SLAs, an enterprise must
demand a premises-based solution that is built on an integrated family of secure VPN platforms.
The “private” in virtual private networking is also a matter of separating and insulating the traffic
of each customer so that other parties cannot compromise the confidentiality or the integrity of
data. IPSec tunneling and data encryption achieves this insulation by essentially carving private
end-to-end pipes or “tunnels” out of the public bandwidth of the Internet, and then encrypting the
information within those tunnels to protect against someone else accessing the information. In
addition to IPSec, there are two standards for establishing tunnels at Layer 2. These are the
Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP), neither of
which includes the encryption capabilities of IPSec. The value of IPSec beyond these solutions
is that IPSec operates at IP Layer 3. It allows for native, end-to-end secure tunneling and, as an
IP-layer service, it also promises to be more scalable than the connection-oriented Layer 2
mechanisms.
Also, note that IPSec can be used with either L2TP or PPTP, since IPSec encrypts the payload
that contains the L2TP/PPTP data. Indeed, IPSec provides a highly robust architecture for
secure wide-area VPN and remote dial-in services. It is fully complementary to any underlying
Layer 2 network architecture, and with its addition of security services that can protect the VPN
of a company, IPSec marks the clear transition from early tunneling to full-fledged Internet VPN
services.
An issue, however, is the fact that different implementations of IPSec confer varying degrees of
security services. Products must be compliant with the latest IPSec drafts, must support
high-performance encryption, and must scale to VPNs of industrial size.
Finally, a VPN platform should support a robust system for authentication of the identity of end
users, based on industry standard approaches and protocols.