Microsoft develops new tunneling protocol

SSTP for secure networks, wherever you are.

By John Fontana, Network World | Network World US
Published: 10:04 GMT, 22 January 07

Microsoft is working on a new tunneling protocol for Vista and Longhorn that will provide secure network access from anywhere on the Net.

The Secure Socket Tunneling Protocol (SSTP) creates a VPN tunnel that travels over Secure-HTTP, eliminating issues associated VPN connections based on the Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP) that can be blocked by some Web proxies, firewalls and Network Address Translation (NAT) routers that sit between clients and servers.

The protocol, however, is only for remote access and will not support site-to-site VPN tunnels.

Microsoft hopes SSTP will help reduced help desk support calls associated with IPSec VPNs when those connections get blocked by firewalls or routers. The protocol will also use the same controls as previously so retraining shouldn't be needed. The SSTP-based VPN tunnel plugs directly into current interfaces for Microsoft VPN client and server software.

Microsoft plans to ship SSTP support in Vista Service Pack 1 and in Longhorn Server. The ship date for Vista SP1 has not been set, but Longhorn is expected to ship in the second half of this year. SSTP will be included in Longhorn Server Beta 3, which will available in the first half of this year.

Despite incorporating the SSL 3.0 and HTTP 1.1 with 64 -it content length encoding standards, Microsoft does not plan to seek standardisation of SSTP, according to officials. Because SSTP is only a tunneling protocol it cannot be directly compared to SSL VPNs, the company said.

"However, since SSTP provides full-network VPN access over SSL, RRAS can provide customers with a baseline SSL VPN solution or be a building block in a more comprehensive SSL VPN solution by providing a generic SSL tunnel," said Samir Jain, lead program manager for RRAS at Microsoft. "SSTP also provides support in the server to block specific IPs and subnets."

On his blog , Jain has provided a step-by-step description of how SSTP works , and how to configure it on the client side. In general, he says SSTP creates a thin layer to "allow Point-to-Point Protocol (PPP) traffic, which is datagram oriented to be encapsulated over an SSL session, which is stream oriented -- hence giving firewall traversal. The encryption is done over SSL and user authentication is done using PPP."

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Add your commentComments

Prashant Kumar | Published: 18:06 GMT, 22 March 2008

test

r.bell | Published: 21:34 GMT, 20 May 2007

great. one more headache I have to worry about when our employees create back-door vpn tunnels to their desktops, bypassing company security controls put in place to protect the entire enterprise. this is just more of the "me generation" rearing its ugly head w/o taking into account when this is not an appropriate action. why don't we just remove our corporate firewalls completely since everything is just going to be tunneled over open ports like http/s and buy into the false presumption that if it's using ssl, then it must be secure.

Related Networking news

Cisco free iPhone app grabs security feeds

Cisco SIO To Go iPhone application for IT managers on the road

20 November 2009

Queen's speech promises action on pirates

Government sticks to plans to disconnect illegal file sharers

Ombudsman faults EC's Intel antitrust ruling

European Commission accused of "maladministration"

Blue Coat unveils faster network security appliances

Web security gateways acheive 1Gbps performance

Related Networking reviews

Western Digital WD TV Live media player

Opera 10 browser

Internet Explorer 8 review

SANs tuned for virtualisation

Whether you're using virtualisation to make large applications more manageable or to consolidate many small applications, a SAN packed with features that ease the management of storage for virtual machines is a good thing.

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Service-oriented security

SOA has become an integral part of enterprise software by providing a framework to efficiently develop software as services that is easily sharable, reusable, and integrated. No where is the need more apparent than in the Identity Management space. Welcome to the age of Service-Oriented Security (SOS).

Download Whitepaper

Data protection prospective vendor checklist

Organisations need a way to map business needs against all these challenges in procuring a technical solution. To help, SANS has developed the following Prospective Vendor Checklist.

Download Whitepaper

Unlock the power of the mainframe

This whitepaper presents the notion of CICS as an integration hub based on a component-based, service-oriented architecture supporting Web services. Highlights will review the challenges and contrasted support for Web services natively in CICS.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
BMC

Ride the express lane in the journey to speed ITIL adoption

Explore the challenges in making the journey to ITIL and the criteria for selecting consulting services
By following ITIL practices, your IT organisation will become more closely integrated with the business. We recommend making the journey to ITIL in a sequence of six incremental steps, the phases of which are driven through execution of a strategic transformational roadmap.

Download white paper

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *