Analysis of existing VPN solutions for organization of secured data transmission

Abstract

The rapid development of the Internet has created a new trend for building global corporate connections of cheaper and affordable transport of public packet networks. But such an attractive and cheap solution — the transfer of corporate data over a public network, poses a great threat to the security of the enterprise network, which is especially important for banking information systems. In addition, for corporate networks, the quality of customer service, the provision of a given set of services and guarantees, which can’t always be provided in public networks, is important. For the help of the tunneling technique, the packets of data are transmitted through the globally accessible network, as if behind a great connection. Between the skin pair of the manager, that possessor becomes a kind of tunnel — a safer logical connection that allows you to encapsulate data from one protocol in packages of another. Tunneling allows you to organize the transmission of packets in one protocol in a logical middle, which is a different protocol. Authentication to ensure re-verification of access between nodes and allow or to block the data between them. Encryption guarantees that with limited access to information, nothing can be decrypted. Authentication is the procedure for bringing an individual about those who won, who they think they are. Resolve authentication based on a password and based on a certificate. On the basis of the passwords user or the administrator creates a symbolic password which is saved in the database and encrypted with the correct input of the user password, it will be recognized and allowed access. On the basis of the certificate, we do not change passwords, but in the center of the certificate, the certificate is created and transferred to the correspondent. Call the authentication on the basis of the certificate of victorious great enterprises of that corporation. Encryption - the purpose of ensuring the confidentiality of data that is stored in the computer’s memory, or is transmitted over wired and wireless networks [3]. Also, tunneling, authentication and encryption secure the transfer of data between two nodes, modulating the local network robot.

Keywords: VPN; tunneling; authentication; encryption; OpenVPN; L2TP; ІPSec; GRE; PPTP; Wireguard.

References
1. «Оптична пекарня» або як інтернет потрапляє до вас у офіс — магія прокладки волоконно-оптичних кабелів [Електронний ресурс]. URL: https://gigatrans.ua/ua/news/opticheskayapekarnya-ili-kak-internet-popadaet-k-vam-ofismagiya-prokladki-volokonno-opticheskih-kabeley
2. Технічний захист інформації. Комп’ютерні системи. Порядок створення, впровадження, супроводження та модернізації засобів технічного захисту інформації від несанкціонованого доступу [Електронний ресурс]. URL: h t t p : / / w w w . d u t . e d u . u a / u p l o a d s /l_1036_36529430.pdf
3. Комп’ютерні мережі. Принципи, технології, протоколи. СПб.: Питер, 2020. 1008 с.
4. Tools released at Defcon can crack widely used PPTP encryption in under a day [Електронний ресурс]. URL: https://www.computerworld.com/article/2505117/tools-released-at-defcon-can-crackwidely-used-pptp-encryption-in-under-a-day.html
5. Лужецький В. А., Кожухівський А. Д., Войтович О. П. Основи інформаційної безпеки: навч. посіб. Вінниця: ВНТУ, 2013. 220 с.
6. OpenVPN cryptographic layer [Електронний ресурс]. URL: https://community.openvpn.net/openvpn/wiki/SecurityOverview
7. Переваги використання IPsec та IKEv2 у сучасних VPN/FW-рішеннях [Електронний ресурс]. URL: https://elvis.ru/upload/iblock/e78/IPsec_and_IKEv2_in_modern_vpn-fw-products.pdf
8. The Cisco Learning Network [Електронний ресурс]. URL: https://learningnetwork.cisco.com/s/article/comparison-between-ikev1-and-ikev2
9. IKEv2 Mobility and Multihoming (mobike) [Електронний ресурс]. URL: https://datatracker.ietf.org/wg/mobike/about/
10. WireGuard Protocol&Cryptography [Електронний ресурс]. URL: https://www.wireguard.com/protocol/