VPNs and Proxies
Why are reverse proxies needed for decryption?
1. More than half of all traffic on the Web is now encrypted, and encrypting and decrypting data is a process that can take a lot of processing power.
Example of reverse proxies is a popular website like twitter. How does reverse proxy work for this website?
1. This website receives so much traffic that there's no way a single web server could possibly handle all of it. 2. It will need many, many web servers in order to keep up with processing all incoming requests. 3. A reverse proxy, in this situation, could act as a single front-end for many web servers living behind it. 4. From the clients' perspective, it looks like they're all connected to the same server. 5. behind the scenes, this reverse proxy server is actually distributing these incoming requests to lots of different physical servers. 6. This is a form of load balancing.
The employee could use a VPN client to establish a VPN tunnel to their company network. How would this work?
1. This would provision their computer with what's known as a virtual interface, with an IP that matches the address space of the network that established a VPN connection to. 2. By sending data out of this virtual interface, the computer could access internal resources just like if it was physically connected to the private network.
reverse proxy
A device that routes incoming requests to the correct server. a service that might appear to be a single server to external clients, but actually represents many servers living behind it.
web proxy
A piece of software installed on a system that is designed to intercept all traffic between the local web browser and the web server.
site-to-site VPN
A virtual private network in which multiple sites can connect to other sites over the Internet. It's just that the router, or sometimes a specialized VPN device on one network, establishes the VPN tunnel to the router or VPN device on another network.
How would a company use a proxies to prevent employees for accessing certain websites?
By using a web proxy, they can direct all web traffic to it, allow the proxy to inspect what data is being requested, and then allow or deny this request, depending on what site is being accessed.
Businesses use various technologies to stay secure what types of things can they use?
Firewalls, NAT, the use of non-routable address space, things like that.
What would the proxy server do when it received the webpage data from the internet?
It would then cache this data. This way, if someone else requested the same webpage, it could just return the cached data instead of having to retrieve the fresh copy every time. This is something not done much today.
Tunneling protocol
The command set that allows an organization to create secure connections using public resources such as the Internet.
What is in the second set of packets that are in the transport layers payload section for VPN?
The network, the transport, and the application layers of a packet intended to traverse the remote network.
After the layers are stripped away and the payload is unencrypted what happens?
This gets encapsulated with the proper data link layer information, and sent out across the internal network.
How does business keep there networks secure when an employee works from home or a business trip?
VPN
VPN (Virtual Private Network)
a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network
virtual interface
abstract virtualized representation of a computer network interface that may or may not correspond directly to a network interface controller.
What benefits to proxies provide?
anonymity, security, content filtering, increased performance, a couple other things.
How do reverse proxies help with decryption?
are implemented in order to use hardware built specifically for cryptography, to perform the enryption and decryption work. So that the web servers are free to just serve content.
What is another way reverse proxies are used besides directing server traffic?
decryption
Most VPNs work by using the payload section of the transport layer to carry an...
encrypted payload that actually contains an entire second set of packets.
What is an example of a proxy?
gateway router
Proxies
is a server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources.
Why are web proxies not used as much today?
most organizations now have connections fast enough that caching individual webpages doesn't provide much benefit.
One of the easiest ways to keep networks secure is to use various securing technologies, so only devices ...
physically connected to their local area network, can access these resources.
two-factor authentication
requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)
It's important to call out that just like NAT, VPNs a general technology concept, not a
strictly defined protocol.
VPNs, usually requires strict authentication procedures in order to ensure ...
that they can only be connected to by computers and users authorized to do so.
The network, the transport, and the application layers of a packet intended to traverse the remote network. Then what happens?
the payload is unencrypted, leaving the VPN server with the top three layers of a new packet.
What is a more common use for proxies today?
to prevent someone from accessing sites, like Twitter, entirely.
Using a web proxy, an organization would direct all web traffic through it, allowing the proxy server...
to retrieve the webpage data from the Internet.
VPNs were one of the first technologies where what type of authentication was used?
two factor
What does site to site VPN allow?
two physically separated offices might be able to act as one network and access network resources across the tunnel.
What were web proxies used for in the past?
years ago when internet connections were much slower they were used for increased performance.