Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 05_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Selecting an Appropriate VPN O Choose the best possible VPN solution for your enterprise Choose the type of VPN solution based on Copyright © by All Rights Reserved. Reproduction is Strictly Prohibited. Selecting an Appropriate VPN The selection of an appropriate VPN depends on many factors such as cost, protocols, and technical issues. The following are a few factors to consider while selecting a VPN. Compatibility: The organization should consider the compatibility of the selected VPN within the organization’s network and determine whether it is possible to adopt the selected VPN. Selecting and implementing a VPN that is not compatible will add extra expenditure and cause security issues. Scalability: Increasing the number of employees working common trend. As the number of employees increases, the accommodate the new employees. The inability to handle users adversely affects the performance of the network. The VPN that can handle any number of users at any time without of the network. for an organization is a configured VPN needs to an increasing number of organization must select a affecting the performance Security: Security is an important factor while selecting a VPN. The following are the two major criteria in selecting a VPN. o Authentication: Organizations need to select an appropriate authentication method o Encryption: Organizations should be highly alert regarding the encryption process for the selected VPN. Some VPNs do not provide direct encryption, allowing attackers to gain information from the network. depending on the type of network on which the VPN is implemented. Capacity: Organizations need to foresee the number of users joining it in the future and then select the VPN accordingly. Module 07 Page 928 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 = Cost: An organization should consider cost as a factor while selecting VPNs. = Need: The need for a VPN depends on the requirements of an organization. Requirements such as the need for remote employees to access the network or encrypted traffic rules must be considered. Each organization is different, and these differences will decide the appropriate VPN choice. = Vendor support: The following are the two factors to consider in vendor support. o The first factor is the number of servers and their location. The VPN should be selected according to the location of the vendor server and the activities performed. o Does the vendor VPNs that control should not be used with the protocols decide whether the Module 07 Page 929 limit connections, use bandwidth throttling, or restrict service? bandwidth, reduce Internet speeds, or limit them in any way in an organization. Moreover, care should be taken while dealing and services running in the network. The organization must existing services and protocols running are actually required. Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 VPN Core Functionality: Encapsulation O Packets over a VPN are enclosed within another packet (encapsulation) which has a different IP source and destination O Concealing the source and destination of the packets protects the integrity of the data sent O The most common VPN encapsulation protocols: = Point-to-Point Tunneling Protocol (PPTP) = Layer 2 Tunneling Protocol (L2TP) = Secure Shell (SSH) = Socket Secure (SOCKS) Encapsulated packet has router’s IP address..... > Original packet is «++«+++=++ Pl encapsulated Internal LAN Source IP 192.168.50.1 ,if Source!P10.0.50.3 ey Encapsulating data to conceal source and o, o, N LT B) Packet destination information Prm— 7 VPN router Packet 1 6(......... O (encrypted) 7 192.168.50.1 Copyright © by EC s) Jerenaeans —_— = = = : < Originating computer 10.0.50.3 H —) - | Al Rights Reserved. Reproductionis Strictly Prohibited. VPN Core Functionality: Encapsulation Encapsulation is the method through which protocols have separate functions to communicate among each other by hiding the data. Data vulnerability increases if the data do not pass through a secure channel. When data are transmitted using VPN tunneling, the data are encapsulated to ensure security. Encapsulation relies on various technologies and protocols such as GRE, IPsec, L2F, PPTP, and L2TP. The packets sent over a VPN are enclosed within another packet (encapsulation), which has a different IP source and destination. Concealing the source and destination of the packets protects the integrity of the data sent. The VPN tunnel acts as a path between the source and destination. To send the encapsulated data securely, it is necessary to establish a tunnel. All the data packets travelling through the tunnel are encapsulated at the source point and deencapsulated at the destination point. To send the data to the destination point, a tunnel data protocol is created. The information in the data packet is called a payload. The tunnel data protocol encapsulates the payload within the header containing the routing information. Once the server receives the payload, it discards the header, de-encapsulates the payload, and sends it to the destination. All data packets transmitted through a VPN network are encapsulated using a VPN base or a carrier protocol. The encapsulated encapsulated at the receiver’s end. data packet is then sent through the tunnel and later de- For example, a TCP/IP packet encapsulated with an ATM frame is hidden within the ATM frame. Upon receiving the ATM frame, the encapsulated packet is de-encapsulated to extract the TCP/IP packet. Module 07 Page 930 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Encapsulated packet has ro?:ter’s P :ddress ---- > Exam 212-82 Internal LAN Source IP 192.168.50.1 Original packet is ***=*+**=»| — — Source IP 10.0.50.3 - b encapsulated o] | 64......... Packet (encrypted) AAA A S VPN router 192.168.50.1