Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 05_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 03_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 05_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 07_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 08_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 01_ocred_fax_ocred.pdf
- Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 02_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Selecting an Appropriate VPN QO Choose the best possible VPN solution for your enterprise...
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Selecting an Appropriate VPN QO Choose the best possible VPN solution for your enterprise Choose the type of VPN solution based on Vendor Support Copyright © by All Rights Reserved. Reproduction is Strictly Prohibited. Selecting an Appropriate VPN The selection of an appropriate VPN depends on many factors such as cost, protocols, and technical issues. The following are a few factors to consider while selecting a VPN. * Compatibility: The organization should consider the compatibility of the selected VPN within the organization’s network and determine whether it is possible to adopt the selected VPN. Selecting and implementing a VPN that is not compatible will add extra expenditure and cause security issues. = Scalability: Increasing the number of employees working for an organization is a common trend. As the number of employees increases, the configured VPN needs to accommodate the new employees. The inability to handle an increasing number of users adversely affects the performance of the network. The organization must select a VPN that can handle any number of users at any time without affecting the performance of the network. = Security: Security is an important factor while selecting a VPN. The following are the two major criteria in selecting a VPN. o Authentication: Organizations need to select an appropriate authentication method depending on the type of network on which the VPN is implemented. o Encryption: Organizations should be highly alert regarding the encryption process for the selected VPN. Some VPNs do not provide direct encryption, allowing attackers to gain information from the network. = Capacity: Organizations need to foresee the number of users joining it in the future and then select the VPN accordingly. Module 07 Page 928 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls = Cost: An organization should consider cost as a factor while selecting VPNs. = Need: The need for a VPN depends on the requirements of an organization. Requirements such as the need for remote employees to access the network or encrypted traffic rules must be considered. Each organization is different, and these differences will decide the appropriate VPN choice. = Vendor support: The following are the two factors to consider in vendor support. o The first factor is the number of servers and their location. The VPN should be selected according to the location of the vendor server and the activities performed. o Does the vendor limit connections, use bandwidth throttling, or restrict service? VPNs that control bandwidth, reduce Internet speeds, or limit them in any way should not be used in an organization. Moreover, care should be taken while dealing with the protocols and services running in the network. The organization must decide whether the existing services and protocols running are actually required. Module 07 Page 929 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls VPN Core Functionality: Encapsulation O Packets over a VPN are enclosed within another packet (encapsulation) which has a different IP source and destination O Concealing the source and destination of the packets protects the integrity of the data sent O The most common VPN encapsulation protocols: = Point-to-Point Tunneling Protocol (PPTP) = Layer 2 Tunneling Protocol (L2TP) = Secure Shell (SSH) = Socket Secure (SOCKS) Encapsulated packet..... Internal LAN has router’s IP address > Source IP 192.168.50.1 ,if fi L= Original packet is ++=s+eee «++«+++=++ P|Pl Source!P10.0.50.3 SourcetP10.0.50.3 Pom- - o, encapsulated encapsulated - - = ey.~ N[ —_— — :- o, e, LT &8B) Prm— p7 sA) = f= Originating Encapsulating data to {1 6‘ 6(......... (oo O P7 Jerenaeans - computer 10.0.50.3 conceal source and - < Packet VPN router H destination information (encrypted) 192.168.50.1 Packet = —) - Copyright © by EC | Al Rights Reserved. Reproductionis Strictly Prohibited. VPN Core Functionality: Encapsulation Encapsulation is the method through which protocols have separate functions to communicate among each other by hiding the data. Data vulnerability increases if the data do not pass through a secure channel. When data are transmitted using VPN tunneling, the data are encapsulated to ensure security. Encapsulation relies on various technologies and protocols such as GRE, IPsec, L2F, PPTP, and L2TP. The packets sent over a VPN are enclosed within another packet (encapsulation), which has a different IP source and destination. Concealing the source and destination of the packets protects the integrity of the data sent. The VPN tunnel acts as a path between the source and destination. To send the encapsulated data securely, it is necessary to establish a tunnel. All the data packets travelling through the tunnel are encapsulated at the source point and de- encapsulated at the destination point. To send the data to the destination point, a tunnel data protocol is created. The information in the data packet is called a payload. The tunnel data protocol encapsulates the payload within the header containing the routing information. Once the server receives the payload, it discards the header, de-encapsulates the payload, and sends it to the destination. All data packets transmitted through a VPN network are encapsulated using a VPN base or a carrier protocol. The encapsulated data packet is then sent through the tunnel and later de- encapsulated at the receiver’s end. For example, a TCP/IP packet encapsulated with an ATM frame is hidden within the ATM frame. Upon receiving the ATM frame, the encapsulated packet is de-encapsulated to extract the TCP/IP packet. Module 07 Page 930 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Encapsulated packet Internal LAN has ro?:ter’s P :ddress ---- > Source IP 192.168.50.1 — Original packet is ***=*+**=»| Source IP 10.0.50.3 — - b encapsulated o]
