Problem solve Get help with specific problems with your technologies, process and projects.

Is authentication necessary for Intranet VPNs?

I understand there are three aspects in VPN technology. Tunneling, encryption and authentication. For Intranet VPNs, is authentication necessary?
Your observation that an intranet VPN (connecting remote locations) does not require the same kind of authentication that a remote access VPN (connecting mobile users) is correct. However, each does require a form of authentication. With a remote access VPN, you have mobile users who can be connecting from almost anywhere at anytime. Therefore, you really want to be sure of who they are using strong authentication. With a site-to-site VPN, you a little less at risk since, most often, the sites are pretty static.

However, because they are static, they are also easy prey for someone actively wants to hack you. It's easy for someone to spoof the address of a remote site and gain complete access to your network. Since the addresses don't change much, you become a predictable target. Therefore, with a site-to-site VPN it is important to authenticate each location. You don't need to authenticate individual users within the locations.

Many companies use shared secrets to do site authentication. When using shared secrets, it's important to have a different secret for each connection. Site A's tunnel to site B has one shared secret. Site B's tunnel to site C has another and so on. The reason for this is to ensure that compromising one connection doesn't compromise your entire network (a big problem with WEP). It's also important to change the secrets occasionally (say every week or so) to ensure that no one has slowly determined what your secrets may be. This works pretty well in a small network, but as you scale it can get difficult to manage. If I have 100 nodes in a full meshed network I have thousands of shared secrets to manage.

For this reason, digital certificates become a great alternative. They don't require human intervention, they are unique for each connection and they're easily revoked when compromised.
Best, Mark

This was last published in November 2002

Dig Deeper on Network Access Control