6.3 VPN and IPSec
According to the video, Secure Sockets Layer (SSL) uses the Transmission Control Protocol (TCP), which is port number
443
there are two primary Internet Protocol Security (IPSec) protocols, Authentication Header (AH) and
Encapsulation Security Payload (ESP)
The Point-to-Point Tunneling Protocol (PPTP) creates a tunnel using
Generic Routing Encapsulation (GRE)
Site-to-site VPN has two different types: Intranet-based and Extranet based
Intranet-based VPN is used when several offices within the same organization establish site-to-site connections. However, extranet VPN is used when offices from different companies establish a site-to-site connection.
the Point-to-Point Tunneling Protocol (PPTP) uses this authentication type.
MS-CHAPv2
A site-to-site VPN is used primarily on enterprise networks within large companies.
Organizations with multiple branches or office locations in different locations would use a site-to-site VPN to connect one office location to another office location. Site-to-site VPN establishes an imaginary bridge between offices separated by a large geographical distance to create a secure and private connection from one office to another. Site-to-site VPN is sometimes referred to as router-to-router VPN because there are two routers involved. One of the routers is used as a VPN client. The other router is used as the VPN server; once the connection is authenticated between the two routers, the VPN communication begins.
Point-to-Point Tunneling Protocol
Point-to-Point Tunneling Protocol (PPTP) is one of the oldest protocols used on VPN networks. It is also extremely fast and is known as one of the most rapid VPN protocols. However, PPTP is not very secure and has a very weak encryption standard. PPTP creates a tunnel and is used to encrypt the data between connections. PPTP is also very easy to configure and set up and is well-suited for most operating systems.
There are two primary categories of VPN:
Remote Access and Site to Site. Remote Access VPN allows a client to connect to a private network and remotely use its resources and services. The link between the remote client and the private network is established over the Internet and creates a secure connection or tunnel to transmit data. Remote Access VPN is often used by teleworkers and users who work remotely. Remote Access VPN can also be used for home use as an extra layer of security.
Internet Protocol Security, known as IPSec, is used to protect Internet messages across an IP network. IPSec fortifies IP messages by validating the session and encrypts each data packet throughout the connection. IPSec runs in two modes: Transport mode and Tunneling mode.
The job of transport mode is to encrypt the message in the data packet. However, the job of tunneling mode encrypts the entire data packet. IPSec is also used with other security protocols to enhance network security.
VPNs are becoming a lot more commonplace when browsing the Internet.
They are used in corporate network environments and home environments. A VPN allows the user to be somewhat untraceable and unrecognizable while online. Because such an increasing part of our lives takes place online, a VPN is undoubtedly a useful security option. Most people shop online, bank, and check medical records online. This information needs to remain secure and free from the threat of cybercriminals. Without a VPN, you run the risk that hackers, your Internet service provider (ISP), and government agencies find the specific information you may want to keep private. However, a VPN protects these parties from accessing your Internet activity. A VPN also offers more anonymity because your IP address is shielded from your ISP and potential security threats. When a client establishes a VPN connection, the client's IP addresses appear as the VPN server's IP address, therefore concealing its public IP address. Most VPN providers won't monitor or disclose what websites you visit while connected to their servers; therefore, you are somewhat anonymous and untraceable via your public IP address.
TLS and SSL
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) create a VPN connection using the web browser as a client. These VPN types are used to prohibit user access to specific applications as opposed to the entire network. These protocols are often used when accessing online shopping websites. An easy way to identify whether your browser connection is using SSL is to see whether the URL contains "HTTPS" instead of "HTTP." A browser using SSL will display "HTTPS" to secure and establish an encrypted connection.
A typical network solution used to
establish remote connectivity is a VPN. To understand what a VPN is, it's essential to understand the term "virtual network." A virtual network does not appear physically; however, it seems to exist physically. Because the network is virtual, the clients connected to that network are not limited to a physical location and can connect from anywhere. A VPN is used to send data and ensure it is secured from one private network to another private network using the Internet. A VPN creates a secure tunnel and uses encryption to make sure the information remains confidential. A practical way to describe a VPN is a secure encrypted connection between private networks using a public network. A VPN has several advantages, including keeping data safe while traversing the public network, ensuring the data's integrity, and preventing hackers from changing data as it traverses the network. A VPN is often referred to as a tunnel or secure channel between two network nodes. The VPN client node encrypts the IP packet; if a hacker intercepts the data, the information will not be understood. The VPN client nodes also attach headers to the packet with specific instructions.
Internet Protocol Security (IPSec) is used to secure data packets at this layer of the Open Systems Interconnection (OSI) model
layer 3
L2TP
or Layer 2 Tunneling Protocol is often used with an additional VPN protocol such as IPSec to establish a very secure VPN connection. L2TP does not provide encryption by itself. LT2P creates a tunnel between two L2TP network devices, and IPSec is used to secure communication and encrypt the data. One of the reasons L2TP is such a popular protocol is that there are no known weaknesses or vulnerabilities.