Advanced Networking Concepts
The transport mechanism usually consists of one-to-one communication among
computers on the same network. Transport encrypts the data, not the header, and
creates a hash of the packet. Using the transport method does not allow you to use
NAT, thereby making external communications difficult. The reason lies in the
method: transport creates a hash of the packet; when it hashes the packet, it rewrites
part of the header, making the header value mismatch the rest of the packet, thereby
rendering the packet invalid.
You may ask yourself, “How does it encrypt the data?” That is a very good question.
First, the adapters create a trusted relationship by importing a digital certificate into
each network adapter. When the adapter connects to the network, possibly via a
VPN tunneling server or Active Directory domain controller, it verifies the digital cer-
tificate, trades private and public keys that are associated with the certificate, and
verifies the machine (MAC) address of the network adapter. The adapter creates a
hash value for each packet transmitted to the adapter, including a timestamp, allevi-
ating replay attacks against the adapter.
If you are a traveler and you work in a corporate environment, you have probably
used a VPN connection to connect to your corporate network on the road, in order
to check your email, or possibly to update sales orders and the like. VPN makes con-
necting to remote networks secure and easy.
VPN allows remote users to connect to a network confidentially over a public net-
work. VPN uses standard protocols (TCP/IP, SSL) to traverse the public network,
making it very easy to use. VPN consists of two types: Secure VPN and Trusted VPN.
Each type uses different processes to gain connectivity to a remote network.
Secure VPN uses cryptographic tunneling protocols to gain private access to the
remote network. Secure VPN can use IPSec to encrypt the data traversing the VPN
connection. Secure VPN also supports SSL to encrypt the data, essentially creating a
web proxy, not really a VPN connection. Point-to-Point Tunneling Protocol (PPTP),
the original VPN protocol, has aged and does not secure data as well as Layer 2 Tun-
neling Protocol (L2TP). In addition, Layer 2 Tunneling Protocol Version 3 (L2TPv3)
also works in Windows Vista.
Trusted VPN does not use a cryptographic set to allow tunneling. Instead, it uses the
provider’s network to encrypt data. Usually, Multi-Protocol Label Switching (MPLS)
makes up the trusted VPN tunnel, but this type of VPN also supports use of the
Layer 2 Forwarding (L2F) protocol.
Most networks supporting VPN give you access to a VPN client, which you install. If
you use Routing and Remote Access Service (RRAS) on your network, you can use the
Connect to a Workplace option in the Connect to a Network window. You have the