State-of-the-art virtual private networks

Private Affair

Article from ADMIN 01/2010

By Thomas Drilling

Because Microsoft's legacy VPN protocol, PPTP, has a couple of vulnerabilities, SSTP, which routes data via an SSL connection, was introduced as the new VPN protocol with Vista, Windows Server 2008, and Windows 7.

Virtual private networks (VPNs) have established themselves as a standard solution for convenient remote access to enterprise networks. However, they can cause some issues in combination with standard tunneling protocols like PPTP if, for example, NAT routers are involved or you need to work around the local firewall. Typically, it is not in the administrator's best interest to modify the firewall, NAT, or proxy configuration to suit requirements for remote access. The Secure Socket Tunneling Protocol (SSTP), which was introduced with Microsoft Windows Server 2008, provides a solution by setting up a VPN tunnel that encapsulates PPP or L2TP traffic on a Secure Sockets Layer (SSL) channel (Figure 1).

Figure 1: The SSTP handshake is not much different from a standard SSL handshake. In contrast to IPsec, SSTP sends PPP packets (not IP packets) through the tunnel.

For administrators, this means that SSTP is a new VPN tunnel type in the Windows Server 2008 routing and RAS server role. It encapsulates PPP (point-to-point protocol) packets in HTTPS, thus supporting the VPN connection through a firewall, a NAT device, or a proxy. Like all SSL VPNs, SSTP uses TCP port 443 (HTTPS) for data transfer.

...

Use Express-Checkout link below to read the full article (PDF).