Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

 

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

VPN authentication - IPSec tutorial guide

 

 

Authentication is to prove a user or entity is allowed access, and so provides a form of access control. For example when your logging on to your Windows machine, and specifying a username and password at the logon screen, you are authenticating yourself. Your telling Windows your are a valid and authenticated user, and prove this by providing a username and password.

Two types of authentication methods used within site to site VPN gateways are a Pre-shared key and a digital signature. Pre-shared key is authenticating using a key, although this is not a scalable option in large networks. A digital Certificate is a scalable option and would have to be purchased from a CA (Certification Authority) such as Verisign, GoDaddy and others.

Another option for VPN authentication is with the use of Xauth (extended authentication) where additional user authentication is required usually through the use of LDAP or Radius authentication protocols. However this is usually used when setting up remote / mobile user VPN. This is executed at the end of phase 1 negotiation.

From a general standpoint authentication is actually part of a three phase process, identification, authentication and authorisation. In the example of Windows, identification is your username. You’re identifying yourself. Then windows would now say you have identified your self as Jo; now prove this with a password. This step is the authentication, which would also allow you to access and prove to Windows you are in fact Jo and are a valid user. When you’re authenticated, Windows will give you access to only the services you are allowed to use. This is called authorisation. For example you may be a limited user, and so you would not be able to make administrative changes, or changes to the system controls, uninstall reinstall programs, etc. But as a limited user you will be allowed / authorised to access programs, save your files and folders and browse the internet. Or if you are authenticating to a domain controller, then you may be authorised to access certain file servers depending on who you are and which groups you belong to within active directory.

Further Reading

Wikipedia's guide to Authentication