VPN Concentrators PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Related
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 10_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 06_ocred_fax_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 10_ocred_fax_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 12_ocred_fax_ocred.pdf
- Cisco Firewall Configuration
- Chapter 3: Securing Network PDF
Summary
This document discusses VPN concentrators, their role in network security, and how they enhance security in VPN connections. VPN concentrators are used for remote access and site-to-site VPNs, handling multiple connections.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls...
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls VPN Concentrators 0O A VPN Concentrator is a network device used to create O It acts as a VPN router which is generally used to create a remote access or VPN O It uses tunnelling protocols to parameters, create and manage tunnels, encapsulate, transmit, or receive packets through the tunnel, and de-encapsulate them 8 e Low speed remote user : Migh speed remote user i) Public Segment (Untrusted) Public #; o............................................................................................................... U i e - Fi fae, Cisco 3000 ) o. Cisco VPN 3000 EI FTP Server ‘ Firewall e Concentrater Firewall Segment e.................................................................. File Server Mail Server Intranet Server Authentication Server VPN Concentrators VPN concentrators normally enhance the security of the connections made through a VPN. They are generally used when a single device needs to handle a large number of VPN tunnels. They are best used for developing a remote-access VPN and site-to-site VPN. VPN concentrators implement the security of tunnels using tunneling protocols. These protocols manage the following: = Flow of packets through the tunnel = Encryption and decryption of packets = Creation of tunnels A VPN concentrator works in two ways: = Receives plain packets at one end, encrypts at the other end, and forwards the packet to the final destination = Receives encrypted packets at one end, decrypts at the other end, and forwards the packet to the final destination Module 07 Page 915 Certified Cybersecurity Technician Copyright © by EC-Council EG-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Asssssssnn?® Asssssnnnn® POTTETT TN TN POTTTTT VPN Accessvia VPN Accessvia tssssssssssssssnns’ Low speed remote user High speed remote user «j) Router Public Segment (Untrusted) = : - ‘::/ Cisco VPN 3000 'fi. 4 FTP Server m Firewall » Concentrator Firewall Segment s Private Segment (Trusted) File Server Mail Server Intranet Server Authentication Server Figure 7.105: VPN concentrator In the figure, the VPN concentrator is placed in parallel with the firewall supporting two remote users who have a slow and fast Internet speed, respectively. If the VPN is placed behind the firewall, the implementation requires additional configuration changes and is vendor- dependent. VPN concentrators provide a high level of security for SSL and IPsec VPN architectures. A normal VPN tunnel requires IPsec to be implemented on the network layer of the OSI model. A major benefit of using a VPN concentrator is that the client is considered to be present outside the network and can access the network as if it is connected. Module 07 Page 916 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Functions of a VPN Concentrator O A VPN Concentrator functions as a bi-directional tunnel endpoint The VPN Concentrator functions are: Encrypts and decrypts Manages security keys data Authenticates users Establishes Tunnels Manages data transfer Assigns user addresses across the tunnel Manages inbound and Negotiates tunnel outbound data transfers parameters as a tunnel endpoint or router Functions of a VPN Concentrator A VPN Concentrator functions as a bi-directional tunnel end point. A VPN concentrator adds more security controls to the router, improving the security of the communication. The functions of a VPN concentrator are as follows. Data encryption: The VPN concentrator encrypts the data. Being bi-directional, it initially encrypts the plain packets it receives and later decrypts them at the end of the tunnel, before sending them to the destination. It manages security keys. Managing tunnels: By adding the features of advanced data and network security, a VPN concentrator has the ability to create and manage large VPN tunnels. These tunnels ensure data integrity among systems. It negotiates tunnel parameters. User authentication: A VPN concentrator authenticates users at either the computer level or the user level. Authentication at the computer level is performed using the Layer 2 Tunneling Protocol (L2TP), whereas authentication at the user level is performed using the Point-to-Point Tunneling Protocol (PPTP). Traffic handler: AA VPN concentrator routes the tunneled and non-tunneled traffic depending on the server configuration. It simultaneously handles traffic of a corporate network as well as Internet resources. It manages inbound and outbound data transfers as a tunnel end point or router. It assigns user addresses. Module 07 Page 917 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls |.w 4 VPN Types and Categories This sub-section explains different types of VPN and their categories. Module 07 Page 918 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Client-to-Site (Remote-access) VPNs O Remote-Access VPNs allow individual { VPN Architecture J hosts or clients, such as - telecommuters and mobile users to '''' e VPN Connectivity establish secure connections to a company’s network over the Internet oM VPN concentrator VPN concentrator 7/ ™,., / e Routiee, with VPN Module ROu(N,y\‘I"I 0QO Each host contains VPN client -b4 software or uses a web-based client 3 e Router Router with with Q QO The The VPN VPN encrypts encrypts the the data data packets packets R S PyN., ?? i VPN Module P g 3G/ COMA/HSDPA- that are forwarded over the Internet Mobile Broodband = & ypn "GBH yp concentrator to the VPN gateway at the edge of Tetocoplter/ / Tekbccmiiater the target network, with the software TS pop Travefapeyind installed on the client’s machine ~ S O0O A VPN Gateway receives the packets Laptop with VPN VPN Client ’/ ——— Branch Branch Office 2 i —— —— Office and then closes the connection to the PC with VPN Client VPN after transfer is complete Copyright © by EEC- All Rights Reserved. Reserved. Reproduction Reproductionis Strictly Prohibited. Client-to-Site (Remote-access) VPNs Remote-access VPNs allow individual hosts or clients such as telecommuters and mobile users to establish secure connections to a company’s network over the Internet. This allows the users to access the information provided in the private network. An older name for a remote-access VPN is a virtual private dial-network (VPDN), in which a dial-up configuration is required for the connection to a server. This type of VPN, also known as a split tunnel, provides remote access using a native IP configuration and DNS servers. Every host using a remote-access VPN must have the VPN client software installed; this software wraps and encrypts the data before the host sends any traffic over the Internet to a VPN gateway. After reaching the gateway, the data are unwrapped, decrypted, and passed over to the final destination in a private network. The gateway performs the reverse process to send data packets back to the user. Module 07 Page 919 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls { ) ’ £ pm——— i :. ] VPN Architecture Office |N i i Head Office """" ------ VPN Connectivity VPN concentrator ~ /{5 $ Module Routecwith VPN Module Rou‘t‘eayvith VPN l'/.". A s - 'l' s\‘ "I 5“ /. 7 /l. ‘\\ N /" /i. Py OF -“"“"*-—---.‘2:\_‘ 2 BNe__________ Router with Router with /i Internet "6 VPN Module "@ 3G/ CDMA/HSDPA- CDMA/HSDPA- s /i N / Broadband Mobile Broadband Mobile ""’: i....‘: Broadband Modem Brosdbarid Moder ‘% % VDN e G concaniraton ’ ’ ; ’ ’l ‘I ; I' Telecompiuter /.~ / * !/ Traveljirig persénal Travel!jfig P4p ’ / 4 Laptop with VPN Client Branch Office PC with VPN Client Figure 7.106: Remote-access VPN A remote-access VPN consists of two types of components. = Network access server (NAS) or remote-access server (RAS): NAS is required while users are accessing a VPN. A separate authentication process is involved while authenticating users accessing a VPN. = Client software: Users accessing a VPN from their own network need to install software that helps create and manage the VPN connection. VPN client software and a VPN gateway are required for the hosts supporting a remote-access VPN. Most VPN gateways support only IPsec while maintaining VPN services. Advantages = Remote-access VPNs minimize the connection cost for the users. * The encryption of data packets provides an added security layer. This hides the IP address of the packets and prevents attackers from accessing the packets. = Remote-access VPNs can handle a large number of users. The VPN provides the same service even if more users are added to the VPN network. = Remote-access VPNs allow the sharing of files from a remote location. Module 07 Page 920 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls Controls —- Technical Technical Controls Disadvantages = Computers without any antivirus installed pose a threat to the VPN connection. = |mplementing many VPN connections simultaneously may affect the bandwidth of the network. = |t|tisis time-consuming to accessing files and applications over the Internet. Module Module 07 Page 921 Certified Technician Copyright Certified Cybersecurity Technician Copyright ©© by EG-Gouncil EG-Gouneil