This thesis describes different solutions for secure remote access to a corporate network. At the beginning, there is a general description of the most commonly used VPN systems. It follows with an explanation of basic principles about symmetrical encryption, asymmetrical encryption and one way hashing function. These are also fundamentals for secure remote connection between remote user or remote network and corporate network.
Next chapter talks about a practical experiment of two most widely used VPN systems, L2TP/IPsec and OpenVPN. Both VPN systems were tested on two different network routers. One router was a low cost unit intended for home and small office use, while the other one was a router intended for corporate use. For better understanding of the experiment, we first describe the used encryption algorithms and hashing functions. It is important to know which algorithms are recommended for use and which are not. The experiment was simulating two scenarios. The first scenario was simulating a remote user connecting to corporate network. In the second scenario was simulating a connection between two remote networks.
In the last part of this thesis, we discuss experiences and discoveries gathered over the years of use and support of various VPN systems. I have also described my experience regarding use of open source and commercial proprietary VPN solutions. They both have their strengths and weaknesses, but no universal solution exists. From security point of view, open source solutions have an advantage, especially after several security blunders of some prominent proprietary solutions manufacturers. Despite that, there are still reasons why most of the companies are still choosing proprietary solutions.
|
