Information that flows over the Internet, or between any two digital devices, does so using protocols. These protocols divide the message into different parts (usually two): One containing the actual data being transmitted, and one containing information regarding the rules of the transmission. In order for a connection to be established, both sides have to understand and use the same communication protocol. A tunnelling protocol is one that encloses in its datagram another complete data packet that uses a different communications protocol. They essentially create a tunnel between two points on a network that can securely transmit any kind of data between them.
Generally, these types of protocols are used to send private network data over a public network, usually when creating a virtual private network (VPN), but can also be used to increase the security of unencrypted data when it is sent over a public network. There are a number of popular tunnelling protocols, such as Secure Socket (SSH), Point-to-Point Tunneling (PPTP) and IPsec, with each being tailored for a different specific tunnelling purpose.
Because tunnelling protocols hide a complete packet within the datagram, there is the potential for misuse. Tunnelling is often used to get past unsophisticated or poorly configured firewalls by enclosing blocked protocols within protocols that the firewall allows through. The use of tunnelling protocols also makes it difficult to complete tasks such as deep packet inspection, where network infrastructure looks at the datagram for suspicious data, or ingress/egress filtering, which sanity-checks data destination addresses to help ward off potential attacks. There are even reports of malware being transmitted using the new IPv6 technology, which has to use tunnelling to transmit to or through devices that aren't IPv6-ready.
As a potential threat, tunnelling protocols only need to be on the radar of networking or IT professionals, who have to ensure their systems can block unwanted tunnels and are configured to apply security protocols to data sent in using a known tunnel, like data sent through a VPN.
Other articles and links related to Definitions