Introduction to remote connections

Large enterprises often offer their traveling employees remote access to their internal network. This means that not only remote users have access within the network but, connection is encrypted to protect them against external attackers. Windows Server supports two remote connection types: dial-up and VPN connections. I’ve mentioned dial-up connections because this feature is available with Windows server 2008 although this connection type is often not used because it offers poor performance. Dial-up connections also require phone lines to connect to the Internet. VPN connections are easier  to configure, maintain and offer an increased speed. The only requisition of VPN connections is that both servers and clients must have an active Internet connection. With dial-in connections you have a secured communication channel using phone lines unlike VPN connections where you expose your VPN servers to the Internet. This means that before the encrypted channel is configured, the VPN server will accept authentication requests from external hosts.
Now let’s take a look at the advantages and disadvantages of dial-up and VPN connections:
  • offers a relatively secured connection because the public switched telephone network is more secured than the Internet. Note that dial-up connections do not offer encryption mechanisms.
  • internet connections are not required because dial-up connections use phone lines. This means  that no authentications requests are sent to your server exposing it to the Internet
  • constant speed
  • although dial-up connections offer a constant speed, the performance is often bad. The maximum bandwidth of such connections is 56 Kbps
  • because each remote user requires a dedicated phone line and modem, scaling a dial-up infrastructure is hard and expensive
  • because VPN connections use the public Internet, lower costs are required to implement this technology.
  • offers higher bandwidth than dial-up connections
  • VPN connection can sometimes suffer from latency because of the Internet connection
  • Internet connection is required on both sides (server and remote user). This poses a certain risk level because the internal network is exposed to external authentication requests.
Since dial-up connections are an outdated solution, I will not show you how to install and configure dial-in servers. Instead we will focus on VPN connections since this is the preferred remote connection method used in our days. Windows Server 2008 supports several VPN connections as follows:

L2TP or Layer Two Tunneling Protocol – offers connectivity between non-Microsoft and Microsoft products. Provides user authentication using the PPP protocol and computer authentication using IPSec. It can also enhance security providing integrity, authentication and encryption protocols. This VPN technology is also compatible with IPv6 connections.
PPTP or Point-to-Point Tunneling Protocol – Microsoft’s proprietary VPN protocol that uses PPP (Point-to-Point Protocol) for user authentication and MPPE (Microsoft Point-to-Point Encryption) for encryption.
SSTP or Secure Socket Tunneling Protocol – this VPN technology uses the PPP protocol for user authentication and SSL (Secure Sockets Layer)  for data integrity, encryption and authentication. SSTP can be implemented using AD Certificate Services and requires that VPN clients trust the CA that issued the certificate installed on the VPN server.
This was a short introduction in VPN connections, in the next article we will see how to install and configure a VPN server. I hope you’ll find this article interesting, don’t forget to rate & share. For any misunderstandings leave a comment. Enjoy your day and stay tuned for the following articles.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s