Chapter 7 - 07 - Discuss Fundamentals of VPN and its importance in Network Security - 08_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Point-to-Point VPN Topology 1 2 Unlike the Hub-and-Spoke topology, This topology treats two end points offices at different locations can directly communicate with each 3 as two peer devices participating in communication other without any IPsec failover Point-to-point VPN Only Regular IPsec or IPsec/GRE is assigned for the tunnel, as any of the peer devices can initiate the communication Secure Tunnel Topology Site 1 Point-to-Point VPN Topology In a point-to-point topology, any two end points are considered as peer devices that can communicate with each other. Any of the devices can be used to initiate the connection. Unlike a hub-and-spoke topology, offices at different locations can directly communicate with each other without any IPsec failover. The IPsec technology assigned can be either IPsec or IPsec/GRE. Regular IPsec point-to-point VPNs are commonly configured and known as extranets. This is where a connection is established between a device in a regularly managed network and an unmanaged device in the service provider’s network. The major features of the point-to-point topology are as follows: = Easy routing of data, which need to pass through only one router = Optimal routing between customer sites = Introduces encryption and authentication to confirm the integrity of packets in transit = Uses a tunneling process to capture data packets with normal IP packets for forwarding over IP-based networks Secure Tunnel MAM Msssnsssnnns Figure 7.114: Point-to-point VPN topology Module 07 Page 944 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Full Mesh VPN Topology Q QO This topology is suitable for complicated networks where all peers communicate with one another Device to device communication in a network takes place with a unique IPsec tunnel Q A peer-to-peer connection is Q This topology is reliable and offers redundancy established between each device, preventing a bottleneck at the VPN gateway and saving encryption/decryption overhead L. All Rights Reserved. ReproductionIs Strictly Prohibited. Full Mesh VPN Topology In a fully meshed VPN network, all peers can communicate with each other, making it a complex network. This topology is suitable for complicated networks where all peers communicate with one another. This topology allows all the devices in the network to communicate directly with each other through an IPsec tunnel. A peer-to-peer connection is established between each pair of devices, preventing a bottleneck at the VPN gateway and saving encryption/decryption overhead. A fully meshed VPN can implement normal IPsec, IPsec/GRE, and GET VPN technologies. Advantages = Any failure on one of the devices does not affect the entire network. = |tis very reliable and offers redundancy. = |t prevents any kind of block at the gateway. Disadvantages = |t increases the manage. = There are chances of redundancy in network connections. Module 07 Page 945 number of devices connected to the network, making it difficult to Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Secure MMM X, Site 1 Tunnel M ressssssnssssnsnnnnnnE AW N Secure.-.-.,..Tunnel : :....'. E Secure Secure Tunnel Tunnel Site3 E :. Site4 Figure 7.115: Full mesh VPN topology Module 07 Page 946 Certified Cybersecurity Technician Copyright © by EC-Council Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Star Topology Branch office This topology allows remote branches to securely communicate with corporate headquarters Branch office "y AR = : :: : =N i il LT Interconnection between branches is not allowed _.:" Deployed in a bank network, preventing one branch from compromising another branch Corporate Head "'-.. uara > “