Page 892 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 892
systems, your voice communication is being tunneled inside a VoIP
protocol.
How many other instances of tunneling can you pinpoint that you
encounter on a weekly basis?
If the act of encapsulating a protocol involves encryption, tunneling
can provide a means to transport sensitive data across untrusted
intermediary networks without fear of losing confidentiality and
integrity.
Tunneling is not without its problems. It is generally an inefficient
means of communicating because most protocols include their own
error detection, error handling, acknowledgment, and session
management features, so using more than one protocol at a time
compounds the overhead required to communicate a single message.
Furthermore, tunneling creates either larger packets or additional
packets that in turn consume additional network bandwidth.
Tunneling can quickly saturate a network if sufficient bandwidth is not
available. In addition, tunneling is a point-to-point communication
mechanism and is not designed to handle broadcast traffic. Tunneling
also makes it difficult, if not impossible, to monitor the content of the
traffic in some circumstances, creating issues for security
practitioners.
How VPNs Work
A VPN link can be established over any other network communication
connection. This could be a typical LAN cable connection, a wireless
LAN connection, a remote access dial-up connection, a WAN link, or
even a client using an internet connection for access to an office LAN.
A VPN link acts just like a typical direct LAN cable connection; the
only possible difference would be speed based on the intermediary
network and on the connection types between the client system and
the server system. Over a VPN link, a client can perform the same
activities and access the same resources as if they were directly
connected via a LAN cable.
VPNs can connect two individual systems or two entire networks. The
