Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 02_ocred.pdf
Document Details
Uploaded by barrejamesteacher
EC-Council
Tags
Related
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 04_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 06_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 09_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 07_ocred_fax_ocred.pdf
- Network Security & Management Unit 4 PDF
- Firewalls Chapter 8 Document
Full Transcript
Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 How VPN Works VPN uses authorization and encryption to connect external host securely. work en, ng to connect to a company’s initially connects to the Internet. i e UnauthorizedHost the client initiates a V...
Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 How VPN Works VPN uses authorization and encryption to connect external host securely. work en, ng to connect to a company’s initially connects to the Internet. i e UnauthorizedHost the client initiates a VPN connection ‘A\ "+, 7" 57 """"" Authorized Most with VPN client cmodmonted sncrypton ishing a connection, end points nticated through passwords, nection is established, the curely Y access the company's oy roduction is Strictly Prohibited, How VPN Works A VPN enables a secured connection over the Internet from a public network to a private network placed at a distant site. All the network traffic in a VPN is encrypted and passes through a virtual secure tunnel placed between the client and VPN server. All the packets passing through a VPN are encrypted or decrypted with respect to inbound or outbound traffic. The packets are encrypted at the client side and decrypted at the VPN server. A client willing to connect to a company’s network initially connects to the Internet. Then, the client initiates a VPN connection with the company’s server. Before establishing a connection, end points must be authenticated through passwords, biometrics, personal data, or any combination of these. Once the connection is established, the client can securely access the company's network. For example, when a client with a VPN connection enabled browses Youtube.com, the outbound traffic is encrypted at the client side. The encrypted data are then sent to the nearest VPN server, which passes the data to the gateway server. At the gateway server, the data are decrypted and sent to the server hosting Youtube.com. When Youtube.com sends a reply request, the VPN server performs the reverse process on the outbound traffic. A VPN closely monitors any insecure networks. It creates a new IP address for an encrypted packet, concealing the real IP address; this prevents attackers from finding the real IP address from which the packets were sent. Module 07 Page 909 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 VPN uses authorization and encryption to connect external host securely o.-.... Unauthorized Host. '°'.. * Firewall with VPN option. " Authorized Host with VPN client software, which handles authorization and encryption 2= Zopsues ry B --u----.-----..-a.--—c-a-.-----’.:-------. =i =l Internal Network Figure 7.103: Working of VPN Module 07 Page 910 Certified Cybersecurity Technician Copyright © by EG-Gouncil Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Why Establish VPN? A well-designed VPN provides the following benefits: Extend geographic connectivity Reduce operational costs versus traditional WANs Reduce transit times and traveling costs for remote users ' Improve productivity Simplify network topology } Provide global networking opportunities Why Establish VPN? The easy accessibility of sensitive data over the Internet poses a serious security threat to organizations. Attackers easily exploit and gain access to sensitive information sent over an unsecured public network such as the Internet. A VPN ensures reliable communication through an encrypted tunnel, preventing attackers from gaining access to the organization’s information. A well-designed and well-implemented VPN can provide the following benefits: * Itenables a secured connection across multiple geographical locations. * It saves time and expenditure for employees as it allows the sharing of information between a corporate office and regional offices. = |t enhances the level of output for remote users. * Itimproves the security of data by concealing the IP address from attackers. * It handles multiple connections simultaneously and provides the same quality of service for each connection. * It has the ability to provide a secure connection to large enterprises. = The implementation of a VPN increases the bandwidth and efficiency of the network. = Maintenance costs are low. * It reduces transit times and traveling costs for remote users. * Itimproves productivity and simplifies network topology. * It provides global networking opportunities and telecommuter support. * It has a faster return on investment (ROI) than a conventional WAN. Module 07 Page 911 Certified Cybersecurity Technician Copyright © by E@-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 This encrypted traffic proves beneficial when a user connects their system to Wi-Fi networks in public places. The encryption makes it difficult for eavesdroppers in the network to identify the encrypted data. A VPN allows users to access servers across the world, making types of content. With a VPN, users need it easy for them to access all not face restrictions such as geo-blocking while browsing. A VPN allows the user to stay anonymous without sharing their device information in the network. By hiding such data, a VPN prevents websites from spying on or monitoring the user. To avoid excessive monitoring from third-party websites or attackers, users should install a VPN for safe browsing. Module 07 Page 912 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 VPN Components VPN Components v" VPN client v Network access server (NAS) v’ Tunnel Terminating Device (or VPN server) v" VPN protocol VPN Client = Q $ ° o 0 Q i 15p......... o[ ] PSTN " P : ; i Network Access VPNServer Server VPN Client ' Remote Network Layer 3 Protocol i : Corporate Network Layer3 Protocol VPN b Copyright © by EC- 1. Al Rights Reserved. Reproductions Strictly Prohibited. VPN Components The VPN architecture consists of four main components. = VPN client: It is a computer that initiates a secure remote connection to a VPN server. = Network access server (NAS): Also called a media gateway or a remote-access server (RAS), the NAS is responsible for setting up and maintaining each tunnel in a remoteaccess VPN. Users need to connect to the NAS to use a VPN. * Tunnel terminating device (or VPN server): It is a computer that accepts VPN connections from VPN clients. = VPN protocol: It includes VPN-specific protocols used to manage tunnels and encapsulate private data. It includes the use of PPTP and L2TP protocols, along with IPsec. Module 07 Page 913 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 The following diagram shows the use of various VPN components in a remote-access VPN: i VPN Client Q Remote Network ISP : % VPN Client Network Access VPN Server Server Layer 3 > °.IIII o I-III. §.< - : i : Corporate Network Layer3 Protocol Protocol Figure 7.104: VPN components in a remote access VPN A typical remote-access VPN connection is established as follows: * The remote user propagates a PPP connection with an ISP’s NAS through a PSTN. * The packets sent by the user are sent to the tunnel connecting the NAS and VPN server after authenticating the user. * The packet is encrypted before placing it in the tunnel. = The location of the VPN server depends on the model used for the VPN implementation. = The VPN server accepts the packet from the tunnel, decrypts it, and sends it to the final destination. Module 07 Page 914 Certified Cybersecurity Technician Copyright © by EC-Council