Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Module Flow Discuss Security Benefits of Network Segmentation Discuss Fundamentals of VPN and its importance in Network Security ® Understand Different Types of Proxy Servers and their Benefits 2o Discuss Essential Network Security Protocols Understand Different Types of Firewalls and their Role Discuss Other Network Security Controls Understand Different Types of IDS/IPS and their Role Discuss Importance of Load Balancing in Network Security Understand Different Types of Honeypots Understand Various Antivirus/Anti-malware Software Discuss Fundamentals of VPN and its importance in Network Security VPN technology private networks helps organizations spread across the protect public the communication Internet. It provides between privacy their corporate and secures the communication between these networks through encrypted tunnels that transmit data between a remote user and corporate network. This section explains the fundamentals of VPN and its importance in securing networks. Module 07 Page 904 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 O VPNs are used to securely communicate with different computers over insecure channels O ) Traveling personal I, A VPN use the Internet and ensures secure communication to distant offices or users within the enterprise’s network A : El Soutog el VN1 Clond i soudbanamodem i @ L upw concentrtor g} m Home Al Rights Reserved, What is A Reproductionis Strictly Prohibited a VPN? Most organizations have offices at different locations around the world. Consequently, there is a need for establishing a remote connection between these offices. Previously, remote access was established through leased lines with the help of dial-up telephone links such as ISDN, DSL, cable modem, satellite, and mobile broadband. However, establishing remote connections with these leased lines is quite expensive, and the costs increase as the distance between the offices increases. To overcome adopting the drawbacks virtual private of conventional networks (VPNs) remote access technologies, organizations are to provide remote access to their employees and distant offices. A VPN offers an attractive solution for security professionals to connect their organization’s network securely over the Internet. VPN is used to connect distant offices or individual users to their organization’s network over a secure channel. VPN uses a tunneling process to transport encrypted data over the Internet. IPsec is the most common protocol used in VPN at the IP level. VPN ensures data integrity by using a message digest and protects data transmission from being tampered with. VPN guarantees service (QoS) through service-level agreements (SLAs) with the service provider. Module 07 Page 905 quality of Certified Cybersecurity Technician Copyright © by EC-Council Exam 212-82 PR VPN Architecture |— ’ Certified Cybersecurity Technician Network Security Controls — Technical Controls Head Office s \ ;I ===+ VPN Connectivity Ld 3G/ COMA/HSDPAMobile Broadband Telecommuter / Travelling personal @ ~ +* * P - S " K B P I'fii"Router with VPNJylodule.................. lf Internet 'o,. P s » Boardbrand Modem - Laptop with VPN Client Router with VPN Module VPN concentrator Branch Office PC with VPN Client Figure 7.102: VPN architecture = Typical Features of VPN o VPN establishes a connection between o VPNs allow cheap long-distance connections over the Internet because both end points require a local Internet link, which serves as a free long-distance carrier. o VPN uses tunneling or encapsulation protocols. o VPNs use encryption to provide a secure connection to a remote network over the intermediary network such as the Internet. a remote system and a LAN across an Internet and protects the communication. o = VPNs provide virtual access to the physical network, and the experience is similar to the case where the user is physically located in the office. Advantages of VPNs o VPNs are inexpensive. o They provide a framework for corporate intranets and extranets. o VPN ensures secured data transfer. o VPN allows the user to access both web applications and websites in complete anonymity. Module 07 Page 906 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls = = Exam 212-82 Disadvantages of VPNs o Designing and configuration. implementing a VPN is a complex o Reliability depends on the chosen service provider. issue that requires experts for VPN Architecture A certain set of protocols and standards must be followed while establishing a architecture. Security professionals should decide the scope, implementation, deployment of the VPN and perform continuous network monitoring to ensure security of a VPN. They should be continuously aware of the overall architecture scope of the VPN. = VPN and the and Protocols Used in Deploying a VPN To deploy VPNs, there are two primary options: IPsec and SSL. Each protocol has its own unique advantages and is utilized organization’s IT processes. = depending on the requirement of the user or the |Psec VPN IPsec-based VPN is the deployment solution most commonly used by organizations. It is a set of protocols and standards developed by the Internet Engineering Task Force (IETF) for secure communication communication by on the IP layer. It ensures the security of each packet in encrypting and authenticating them. IPsec connections are established using pre-installed VPN client software, which mainly focuses on companymanaged desktops. o Advantages e |Psec VPNs can support all IP-based applications through an IPsec VPN product. e They offer tremendous versatility and customizability through the modification of the VPN client software. e Organizations can control the VPN client functions by using the APIs in IPsec client software. e They ensure the secure exchange of IP packets between hosts and network. an IPsec gateway located at the edge remote networks or of the organization’s private The three basic applications of IPsec VPNs (associated with business requirements) are as follows. o Remote-access VPNs: These allow individual users, such connect to a corporate network. This application creates as telecommuters, to an L2TP/PPTP session protected by IPsec encryption. o Intranet VPNs: These help in connecting branch offices to the corporate headquarters, creating a transparent intranet. Module 07 Page 907 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls o Exam 212-82 Extranet VPNs: These allow companies to connect with their business partners (for example, suppliers, customers, and joint ventures). = SSL VPN (Web-based) SSL-based VPNs provide remote-access connectivity using a web browser and its native SSL encryption, irrespective of the location. SSL does not require any special client software to be pre-installed and is capable of any type of connectivity. The connectivity ranges from company-managed desktops to non-company-managed desktops, such as employee-owned PCs, contractor-owned PCs, or business partner desktops. It helps in reducing desktop software maintenance as it downloads software dynamically whenever needed. o Advantages e It offers additional features such as easy connectivity from non-company- managed desktops and requires little or no desktop software maintenance. e |t provides accessibility to the SSL library and access to TCP port 443. e |t works wherever the user can gain access to HTTPS websites such as Internet banking, secure webmail, or intranet sites. Module 07 Page 908 Certified Cybersecurity Technician Copyright © by EC-Council