PoPToP, a Secure and Free VPN Solution
Traditionally, remote access for employees has been through dedicated lines or a remote access server (RAS). A RAS typically consists of a collection of modems and telephone lines connected to a central machine. RAS can be quite reliable and secure, but it is expensive in its setup and long-distance-call costs. A Virtual Private Network (VPN) offers a secure, flexible and cheap solution in place of RAS and dedicated lines. PoPToP, the PPTP (point-to-point tunneling protocol) VPN solution for Linux, is a free VPN solution that businesses can take advantage of now.
A virtual private network is a private network capable of communicating over the public Internet infrastructure with a defined level of security. VPNs can exist between two or more private networks, often referred to as a server-server VPN, or between individual client machines and private networks, often referred to as a client-server VPN (see Figure 1). VPNs overcome the need for expensive dedicated lines or RAS dial in call and setup costs.
In Figure 1, the remote client is handed a real IP address from their local ISP. This remote client can log into the VPN server, and hence gain access to the private network behind the firewall. The remote client can then browse and use other network services on the private network as if it were a machine on that network.
VPNs may also exist between multiple private networks (server-server VPN). For example, suppose your company has an R&D office in Australia and a sales and marketing office in the United States. Both locations have private networks that are connected to the Internet (the method, modem, DSL or something else, is transparent to the VPN). Traditionally, if the offices wish to share files on their networks, they would either have to e-mail the files to each other, dial in to each other or have some form of dedicated link between them. VPNs offer a cost-effective solution for joining these two networks seamlessly, without compromising system security.
The most popular VPN technologies available today are PPTP and IPsec. Much debate and analysis has occurred recently between proponents of these competing VPN technologies. Both PPTP and IPsec have an important role to play in VPN solutions. But neither PPTP nor IPsec is without flaws.
PPTP is an open-documented standard published by the Internet Engineering Task Force (IETF) as RFC 2637, available at ftp.ietf.org/rfc/rfc2637.txt.
The operation of PPTP as a VPN is performed by encapsulating the point-to-point protocol (PPP) in IP and tunneling it through an IP network. All communication, authentication and encryption is handled almost exclusively by PPP, which currently supports PAP, CHAP, MSCHAP and MSCHAPv2 authentication. PPP encryption is performed through compressor modules, and available patches under Linux allow PPP to support RC4-compatible 40-128-bit encryption. Some people make the mistake of assuming that since PPTP uses PPP, you need a modem. This is not the case. In fact, the connection mechanism to the IP network is transparent to PPTP.
PPTP is widely deployed in both client and server forms due to its default existence in Microsoft Windows platforms.
IPsec is a new series of authentication and encryption security protocols that can be employed for sending data securely over IP networks. IPsec offers encryption, authentication, integrity and replay protection to network traffic. IPsec also specifies a key management protocol for establishing encryption keys. IPsec, like PPTP, is an open standard developed by the IETF.
PPTP is transparent to the authentication and encryption mechanism. Microsoft's version of PPTP was recently upgraded to include MSCHAPv2 and MPPE-enhanced (and more secure) security protocols. Patches are available for the Linux PPP daemon that allow PPTP solutions such as PoPToP to take advantage of Microsoft's enhanced VPN security.
Bruce Schneier, Chief Technical Officer of Counterpane Internet Security, Inc., and perhaps the chief guru of Internet security, recently analyzed Microsoft's MSCHAPv2 and MPPE security protocols. Schneier concluded that this release of MSCHAPv2 from Microsoft addressed the major security weaknesses found in MSCHAP.
IPsec was also recently analyzed by Schneier (with the help of Niels Ferguson). In their analysis, they concluded that IPsec's complexity effectively makes it impossible to implement a secure solution. They believe IPsec will never result in a secure operational system. They emphasize that although IPsec has its flaws, it is a more secure solution than PPTP.
IPsec remains a new technology, and future improvements are sure to enhance its security further and increase its attractiveness to business. Additionally, with its default presence in Windows 2000, IPsec will offer small to medium-sized businesses a more secure and affordable solution.
Affordable PPTP VPN (with MSCHAPv2 and 40-128-bit RC4 encryption) is available now. With the countless Windows machines already out there supporting PPTP VPN, the cost-effective solution is obvious. Windows 98 has VPN client software as an install option. Windows NT 4.0 comes with PPTP (server and client) by default. Patches (Microsoft Dial-up Networking patch) exist for upgrading Windows 95 machines to include a PPTP client. Windows 2000 has PPTP by default.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- The Firebird Project's Firebird Relational Database
- Stunnel Security for Oracle
- My +1 Sword of Productivity
- Non-Linux FOSS: Caffeine!
- SUSE LLC's SUSE Manager
- Managing Linux Using Puppet
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Parsing an RSS News Feed with a Bash Script
- Google's SwiftShader Released
- Doing for User Space What We Did for Kernel Space
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide