Enhancing VPN security through security policy management

Most of the early Virtual Private Networks (VPN) connection came from the vendors of networking hardware and software to satisfy one time goal of security in communication in a remote way. The first and foremost of the solution of VPN is to introduce the security protocols like IPSec. IPSec uses cryptography in order to encrypt and authenticate the traffic flowing between point of interest. This is a large set of related protocols operating above the IP layer of the OSI stack, each represented by an RFC specification. It is required that each vendor implements these specifications exactly, in order to be able to interoperate with other vendors. The IPsec access configuration is suffered from non-standardization as the vendors have the liberty of implementing the access requirements that are not restrictive by a specific standard. This paper presents a survey of various VPN categories and some specific products. It outlines the compliance requirement as per various domain specific security policy. The paper shows a successful mechanism to incorporate the compliance requirement into the body of security protocols or firewalls of VPN enhancing the VPN security further as per standard. Such enhanced VPN security satisfies legal bindings as it satisfies the compliance rules/laws of a country. The paper also summarizes the interoperability issues that appear when configuring IPsec on different vendor devices and draws a few conclusions on the level of protocol compliance deciding which VPN solution a customer needs for his/her business.