Embedded Files
Assessment Statements
Assessment Statements
3.1.4 Identify the technologies required to provide a VPN.
3.1.5 Evaluate the use of a VPN.
Virtual Private Network
Virtual Private Network
Features of VPN
Features of VPN
Authentication/Authorization;
Nobody outside the VPN should be able to affect the security property of the VPN (it must be impossible for the attacker to weaken/change encryption);
Encryption;
Data intercepted will not be readable;
Tunnelling software;
Security properties of each tunnel should be agreed by the administrators of the two endpoints of the tunnel;
Multiple exit nodes;
Makes it hard to distinguish where the data was generated thus more secure (less prone to phishing);
Technology necessary for VPN
Technology necessary for VPN
SSL 3.0 (Secure socket layer 3);
IPsec with encryption;
TLS (with encryption) (Transport Layer Security);
Based on the type of VPN you may need
Based on the type of VPN you may need
Software client for each remote device
Dedicated hardware (like a VPN Gateway or a Firewall)
Network Access Server (NAS) used by service provider for remote user VPN access
Private network and policy management center.
Examples of the Uses of VPN
Examples of the Uses of VPN
Example 1:
A business can let employees work at home / employees who travel a lot/external (non-employee) users;
Accessing the data and services (at the office);
Via secure login;
Example 2:
Using VPN, address is masked;
The location of the user is not known;
May be essential in delicate situations such as political protest groups working from their own country;
Security Features of VPN
Security Features of VPN
Authorization ensures that trusted devices can access the files. If a a computer is not logged in with the VPN gateway, the connection is denied (1a). If computer provides authorization credentials, like a password and username, they are added to the list that is allowed to access (1b)
Encryption defeats interception of traffic by scrambling data. Once authorized a computer can use encryption to prevent peaking in between transfer of data.
VPN connection is a safe way to transfer and view data over the unsafe internet. Usually when things are passed through unsecure public network in unencrypted and may be tapped into. Organizations concerned with this use VPNs to guarantee safety.
VPN’s reduce network costs and removes needs of having leased lines to connect networks in various locations.
Consumers use VPN services, called VPN tunnels, to protect their online activity and identity. By using an anonymous VPN service, a user's internet traffic is encrypted and can’t be peaked on. Especially helpful in public wifi spots, since they may not be secure
There are 2 common types of VPN
There are 2 common types of VPN
Remote Access - Accessed by individual over the internet. Includes Virtual Private Dial-up Network (VPDN), this is a user-to-LAN connection used by company that has employees who need to connect to the private network from various locations.
Site to Site - Through use of dedicated equipment and large scale encryption, companies can connect multiple fixed sites over a public network like the internet. Each site only need a local connection to the same public network, thereby saving money on lines. A VPN built between offices is an intranet VPN, and a VPN to connect companies to its partners is a extranet VPN.
Remote User Access
Remote User Access
A NAS is a type of server that provides in-house or remotely connected users with a broader external network and/or internet. It centrally manages and gives connected users the ability to receive a suite of network-enabled services, while serving as the single point of access or gateway to network resources. In a remote access VPN, an organization uses and outside service provider to establish a NAS.
Remote users then receive VPN desktop software and connect to the NAS via toll free number
Difference between VLAN and VPN:
Difference between VLAN and VPN:
VLAN
VLAN
Used to group devices that aren't in the same geography into the same broadcast domain.
Exists in a Layer 2 on the network side, used to segregate networks at layer 2 inside of a network.
Slices up large networks to smaller pieces.
Group computers that may not be on same switch to work like they are on one switch.
VPN
VPN
Related to remote access to a company's network
Between layer 1 to 3 of OSI model
Allows you to connect from outside of network to inside, using VPN servers and secured access.
Virtual Local Area Network (VLAN)
Virtual Local Area Network (VLAN)
Like normal LAN, but connected devices don’t have to be physically connected. While clients and services are located elsewhere on networks, they are grouped together using VLAN technology and broadcasts are sent to devices connected on the VLAN.
Configured through software rather than hardware, making it extremely flexible.
Even if computers physical locations change, they can still be apart of the same VLAN.
Configured over WAN (usually internet) and operates at layer 2(Data-Link) of the OSI model.
A group of devices on one or more LANs that are configured to communicate like they are on one wire.
Network Segments
Network Segments
A portion of a computer network that is separated from the rest of the network by a device (repeater, hub, bridge, switch or router). Each segment can contain one or multiple computers or other hosts.
Logical group of computers that share a network resource. This can be accomplished with a router, VLAN, switch segmentation, etc. With a hub, everyone see every packets which is why they have pretty much faded. Switching is much better technology. You can segment a network either logically (through VLANs or mapping) or physically (connecting switches back to a core).
VPN vs Extranet
VPN vs Extranet
VPN authenticates the sender before (establishing the tunnel);
VPN access is always encrypted, whereas extranet has limited encryption;
VPN transmission is always encrypted;
VPN users have access to everything whereas extranet users only have access to (enabled) specific services;
Page updated
Report abuse