Tunneling Protocols

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Now, dial-up communication with
00:00
their modems worked for a while,
00:00
but what we found it could be quite costly.
00:00
If I'm a salesperson who travels from city to city,
00:00
me making collect calls back into the office
00:00
>> would cost a lot of money over time,
00:00
>> not to mention the fact that
00:00
>> we were sending data across the public phone lines
00:00
>> and our data wasn't secure,
00:00
>> wasn't encrypted across those phone lines
00:00
in most instances,
00:00
so we needed something more
00:00
>> and that's where we started to look at tunneling.
00:00
>> What tunneling does is it provides encapsulation to
00:00
data packets to help it go
00:00
across a specific type of network,
00:00
and then often the tunneling protocols
00:00
provide authentication and encryption.
00:00
Here we're going to look
00:00
at point-to-point tunneling protocol,
00:00
Layer 2 Tunneling Protocol,
00:00
we'll look at IPsec,
00:00
and then GRE which is Generic Routing Encapsulation.
00:00
The first of the protocols or let me just mention here,
00:00
you can see from network to network,
00:00
we have created the illustration down
00:00
>> at the bottom of VPN tunnel and it's called the tunnel
00:00
>> because they really want us
00:00
>> to envision our data being totally safe
00:00
>> as if it has a pipe wrapped around it
00:00
>> that no one from the outside can see.
00:00
>> That idea comes to us from tunneling
00:00
protocols and the idea is these tunneling protocols
00:00
encapsulate the data packets so that external devices
00:00
>> or devices outside the tunnel are
00:00
>> not able to see inside the data packets.
00:00
The first of the tunneling protocols,
00:00
it's one called PPTP,
00:00
Point-to-Point Tunneling Protocol
00:00
>> and this was based on point to point protocol.
00:00
>> I'm sorry, I have so many letters for you guys,
00:00
I really am, but don't worry, there's more.
00:00
Point-to-Point Tunneling Protocol was
00:00
based on Point-to-Point Protocol.
00:00
It still use PAP, CHAP, or EAP for authentication
00:00
>> but what they added was the protocol
00:00
>> MPPE for encryption,
00:00
>> now we get encryption also.
00:00
An MPPE stands for Microsoft Point-to-Point Encryption.
00:00
Now the problem with this is that
00:00
it only worked across IP networks.
00:00
If I was going to connect across
00:00
the Internet PPTP would work for me,
00:00
but at the time
00:00
Point-to-Point Tunneling Protocol came out,
00:00
a lot of lands were connected
00:00
via ATM or frame relay links,
00:00
so it didn't serve those networks.
00:00
Cisco came out with a protocol called L2F,
00:00
which is Layer 2 Forwarding,
00:00
and it provided the means to go across any type
00:00
of network regardless of whether it was IP or not,
00:00
but Cisco likes to keep their technologies proprietary.
00:00
The IETF came out and said, look,
00:00
what if we take what's good about PPTP,
00:00
let's take what's good about L2F,
00:00
combine them and they came up
00:00
with the Layer 2 Tunneling Protocol, L2TP.
00:00
Basically it can go across any type of network,
00:00
the problem is it didn't provide security,
00:00
all it provided was encapsulation.
00:00
That seems weird, if I'm using it
00:00
>> for a VPN you usually want security,
00:00
>> that's okay because it was designed to be
00:00
used in conjunction with IPsec.
00:00
IPsec would provide
00:00
the encryption and the authentication.
00:00
L2TP would provide the actual paths of communication.
00:00
Or let me just mention,
00:00
I can just use IPsec of its own to communicate.
00:00
Remember how we talked about IPsec
00:00
>> with tunnel mode and transport mode?
00:00
>> I can create a VPN tunnel with IPsec by itself.
00:00
I really don't need L2TP unless
00:00
I'm using just a software base VPN.
00:00
Now another tunneling protocol is one called
00:00
GRE, Generic Routing Encapsulation.
00:00
It's one that used to be used fairly commonly
00:00
>> on networks that had various protocols.
00:00
>> As I mentioned before,
00:00
at one point in time we had,
00:00
IPX SPX, we had AppleTalk,
00:00
we had this protocol and the other.
00:00
AppleTalk doesn't traverse an IPX network,
00:00
an IP doesn't go across an AppleTalk network
00:00
>> or a net booking network,
00:00
>> they are different protocols.
00:00
What we needed was GRE to wrap up one protocol
00:00
>> so it could transport across another.
00:00
>> GRE acts like a ferry
00:00
when you need to cross a body of water,
00:00
your car isn't made to crossover water,
00:00
so you drive your car onto a ferry
00:00
>> and the ferry encapsulates or wraps up your car.
00:00
>> The ferry is designed to go across
00:00
the network and then on the other end,
00:00
you drive your car out and your back onto the highways.
00:00
What GRE can be used for
00:00
>> is when I have IP version four packets that
00:00
>> need to go across an IPv6 network,
00:00
GRE can provide that encapsulation
00:00
to allow the transport of those packets
00:00
>> across a different type of network.
00:00
>> What we've talked about in this section is
00:00
the ideas of encapsulation
00:00
and tunneling and their purpose.
00:00
Then we looked at some protocols
00:00
like Point-to-Point Tunneling Protocol,
00:00
Layer 2 Tunneling Protocol, IPsec,
00:00
and then GRE,
00:00
and we compared and contrasted
00:00
>> those different protocols to help us decide
00:00
>> which is most appropriate for our data transfer.
Up Next