Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 04_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 02_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 04_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 06_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 09_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 07_ocred_fax_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 08_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Site-to-Site VPNs...
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Site-to-Site VPNs Site-to-site VPN is classified in two types: O Intranet-based: VPN connectivity is between sites of a single organization 0O O0O Extranet-based: VPN connectivity is between different organizations such as business partners, business, and its clients f / \ Site-to-Site VPNs QO Site-to-site VPN extends the company's network, allows access of an connection -N 1 s S - organization's network resources from e. i s} s ~.. > (pase). o different locations %.......... ,,,,,,,,,, X....o EE ainofice sinofice QO Q It connects a branch or remote office Branch Office o network to the company's headquarters T Q network Also known as LAN-to-LAN or L2L VPNs ¥&Mol el & pamn),.-. w 2 —~ —~i - K Branch Office Branch \ Site-to-Site VPNs The site-to-site VPN helps connects all the networks together. For example, the branch offices of an organization can be connected to the main campus through a site-to-site VPN. The main differentiation between a remote and a site-to-site VPN is that site-to-site VPNs do not require the need for any client software. The entire traffic is sent through a VPN gateway that encrypts the data packets passing through it. Such VPNs are also known as full tunnels. They alter IP address and DNS server options of every data packet entering and leaving the tunnel. In a site-to-site VPN, the outbound traffic is passed through a tunnel to the VPN gateway. The data packets in the outbound traffic are encrypted at the gateway and are passed to the tunnel over the Internet. The traffic is sent to the nearest gateway to the target location. The nearest gateway decrypts the data packets, and they are then forwarded to the final destination. Site-to-site connection : NAS ~ w %........---Y-".......----Y--- \L.’taii Main Office Main Internet Branch Office p. - ‘..o' : : - saan).° H B %Branch Office - Branch Office Figure 7.107: Site-to-site VPN Module 07 Page 922 EG-Council Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls There are two types of site-to-site VPNs. * Intranet-based: In this type, VPN connectivity is between the sites of a single organization. It creates an intranet VPN to connect each individual LAN to a single WAN. = Extranet-based: In this type, VPN connectivity is between different organizations such as business partners, businesses, and clients. An extranet VPN connects every single LAN of an organization. The extranet VPN configuration prevents any access to an intranet VPN. Module 07 Page 923 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls O A dedicated hardware VPN appliance is used to connect routers H ardware and gateways to ensure communication over an insecure channel VPNS QO Itis designed to serve as a VPN endpoint and can connect to multiple LANs LAN1 LAN 2 = VPN Appliance VPN Appliance - P —...................................... ;mlfl ) _‘—‘m) — - Encrypted VPN Tunnel _— —_— _ VPN appliances create secure connection between two or more LANs =m __ — Hardware VPNs Hardware-based VPNs are separate devices that consist of individual processors and hardware firewalls. They easily manage the authentication and encryption of data packets. The main advantage of using a hardware-based VPN is that they provide more protection than the software variant. LAN 1 LAN 2 - =- v, 7 — ‘_— 1l - R - Y — VPN Appliance VPN Appliance : S Tle — = [ L:_. =————=.| & e |I et oPN SO SO S| —) p— =B -= = L':_' L_.:—J = — : Encrypted VPN Tunnel b _— : - : R— E 1l — - Y === R = VPN appliances create secure connection between two or more LANs - Yi —J —— Figure 7.108: Hardware VPN Advantages *== A hardware VPN provides load balancing, especially for large client loads. Disadvantages = |t is more expensive than a software VPN. *= |t is more useful for large business organizations than for smaller ones. = |t has low scalability. Module 07 Page 924 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Certified Cybersecurity Technician Technician Exam 212-82 Exam 212-82 Network Security Network Security Controls Controls — — Technical Technical Controls Controls VPN 3000 VPN 3000 series series concentrators, concentrators, VPN VPN 3002 3002 Cisco Systems Cisco Systems Hardware Clients, Hardware Clients, 7600 7600 series series https.//www.cisco.com https://www.cisco.com routers, and routers, and Web Web VPN VPN Services Module Services Module SonicWALL SonicWALL PRO SonicWALL PRO ] https://www.sonicwall.com SonicWALL 5060,4060,3060,2040,1260 https://www.sonicwall.com 5060,4060,3060,2040,1260 NetScreen 5000, NetScreen 5000, 500,200, 500,200, and and Networks Juniper Networks G savies Y6 e https://www.juniper.net https.//www.juniper.net WatchGuard WatchGuard Firebox X series https://www.watchguard.com Hardware VPN Hardware VPN Products Products Manufacturer Product Name Web Site VPN 3000 series concentrators, VPN 3002 Cisco Systems Hardware Clients, 7600 series routers, and https://www.cisco.com Web VPN Services Module SonicWALL SonicWALL PRO 5060,4060,3060,2040,1260 https://www.sonicwall.com Juniper Networks | NetScreen 5000, 500,200, and ISG series https://www.juniper.net https://www.juniper.net WatchGuard WatchGuard Firebox X series https://www.watchguard.com https://www.watchguard.com Table Table 7.5: 7.5: Hardware Hardware VPN VPN products products Module Module 0707 Page Page 925 925 Certified Technician Copyright Cybersecurity Technician Certified Cybersecurity EG-Council Copyright ©© byby EG-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Software VPNs 4 and configured on routers, servers and firewalls firewallsor as a gateway 5a VPN ‘asa O No extra devices need to be installed OQ Itis an easy and low-cost way to deploy a VPN and does not change the target network Advantages g! % QO Extra processing burden to devices on which it is installed Disadvantages QO Itis less secure and prone to attacks Copyright Copyright ©© by by Al Rights All Rights Reserved, Reserved. ReproductionIsIs Strictly Reproduction Strictly Prohibited, Prohibited. Software VPNs VPN software is installed and configured on routers, servers, and firewalls or as a gateway that functions as a VPN. Software-based VPNs are best suited for network traffic management and when the same party does not manage the VPN end points. Traffic management is performed using a tunneling process depending on the protocol and address of the traffic. Hardware encryption accelerators are used to improve the performance of the network. Advantages = AAsoftware software VPN minimizes the cost of additional hardware purchases. = |tis easy and inexpensive to deploy and does not change the target network. * |t has high scalability. Disadvantages = |t causes increased processing tasks for devices implementing the VPN. = Security is an issue; a software VPN is prone to attacks as they need to share the server with other servers and OSes. Module 07 Page 926 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Software VPN Products i T aw G o | Manufacturer | ProductName | WebSite | CheckPoint VPN-1 VSX,VPN-1 YSX,VPN-l Pro, VPN-1 CheckPoint Edge https://www.checkpoint.com Edge,, Fire wall-1 Firewall-1 NETGEAR NETGEAR ProS ProSafe afe VPN https://www.netgear.com Cisco AnyConnect Secure Cisco Systems https://www.cisco.com CEEIRIIE MobilityA onm Chog Mobility Clientect Seors Client............... ooooooooooooooo Copyright © by | I. All Rights Reserved. Reproductions Strictly Prohibited Software VPN Products Manufacturer Product Name Web Site VPN-1 VSX,VPN-1 Pro, VPN-1 heckPoi CheckPoint https.//www.checkpoint.com https://www.checkpoint.com RiICEKEQME Edge, Firewall-1 NETGEAR ProSafe VPN https.//www.netgear.com https://www.netgear.com Cisco AnyConnect Secure Cisco Systems https.//www.cisco.com https://www.cisco.com Cisco Systems | robility Mobility Client Client Table 7.6: Software VPN products Module 07 Page 927 Certified Cybersecurity Technician Copyright © by EG-Council
