Q

I've heard rumors that some service providers can see unencrypted VPN traffic of their customers. Is

I've heard rumors that some service providers can see unencrypted VPN traffic of their customers. Is this true?
There are many definitions of "virtual private network," and not all VPNs use end-to-end encryption. For example:

  • VPNs based on Multi-Protocol Label Switching (MPLS) carve virtual switched paths out of the provider's network to carry customer traffic between edge routers. MPLS does not provide data encryption, but can be used in conjunction with IPsec when encryption is required.

  • VPNs based on the Layer Two Tunneling Protocol (L2TP) relay dial-up (PPP) sessions terminated by an ISP's Network Access Server to an L2TP Gateway at the customer's network. L2TP does not provide data encryption, but is commonly used over IPsec transport mode to provide confidentiality (for example, within Windows XP/2000).

  • Network-based IPsec VPN services often use a carrier-class VPN switch at the provider's point of presence (POP) to initiate and terminate VPN tunnels across the provider's backbone. The "tail circuit" between the customer's premises and the provider's POP (for example, a dedicated T1 link or a Frame Relay PVC) may or may not be encrypted.

    If you require end-to-end confidentiality from your VPN service -- that is, encryption from customer premises to customer premises, without any point in the middle at which your data is cleartext -- then it's important to explicitly look for a secure VPN service that provides this. For example, most managed IPsec VPN services can deliver end-to-end encryption. But whether or not they actually do encrypt end-to-end is determined by the VPN's security policy configuration.

  • This was first published in April 2005

    Dig deeper on Managing Virtualization

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchSDN

    SearchEnterpriseWAN

    SearchUnifiedCommunications

    SearchMobileComputing

    SearchDataCenter

    SearchITChannel

    Close