VPN Concentrator

Ace your homework & exams now with Quizwiz!

Always on VPN

A method of VPN where the user can always access the connection without the need to periodically disconnect and reconnect. It often uses SSL/TLS for encrypted connections instead of PPTP or L2TP

VPN concentrator

A single device that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels.

Split Tunnel vs Full tunnel

Example: Imagine that Lisa connects to a company VPN server using IPsec from her home computer. The VPN is using ESP so all traffic in the tunnel is encrypted. Now, Lisa wants to do an Internet search on saxophones. Will hercomputer connect directly to the Internet for her search? Or will her computer make a connection through the VPN server first? It depends on how the VPN is configured. Split Tunnel: - VPN admin determines what traffic should use the encrypted tunnel. - Basically, the traffic can be encrypted or not depending on how admin configure the VPN. - If Lisa did an Internet search with the VPN server configured in a split tunnel configuration, her internet search traffic will not go through the encrypted tunnel. Instead, her search will go directly to Internet sites via her ISP. Full tunnel: - All traffic goes through the encrypted tunnel while the user is connected to the VPN. - Basically, All traffic will be encrpypted, data going out to user and data going in to user. - If Lisa was connected to the VPN and then tried to connect to a public web site, the traffic would first go through the encrypted tunnel and then out to the public web site from within the private network. -

IPSec

Internet Protocol Security. o Method of encrypting data in transit o IPsec supports Tunnel Mode & Transport mode o Tunnel Mode: Encrypts the entire IP packets used in the internal network. Tunnel mode is the mode to use for VPNs transmission over the internet. The benefit is that the IP addressing used within the internal network is encrypted and not visible to anyone who intercepts the traffic. If someone does intercept the Traffic, he can see the source IP address from the client and the destination address to the VPN server, but the internal IP address information remains hidden. o Transport Mode: Only encrypts the payload Transport mode is commonly used in private networks, NOT with VPNs If traffic is transmitted and used only within a private network, there isn't any need to hide the IP addresses by encrypting them. o IPsec provides security in 2 ways: Authentication • Authentication Header (AH) to allow each other hosts in the IPsec conversation to authenticate with each other before exchanging data. • AH provides authentication and integrity • AH uses protocol number 51 Encryption • Encapsulating Security Payload (ESP) encrypt the data and provide confidentiality. • ESP includes AH so it provide confidentiality, authentication, and integrity • ESP uses protocol number 50 - IPsec uses Internet Key Exchange (IKE) over port 500 to authenticate clients in the IPsec conversation

TLS

Transport Layer Security. Used to encrypt traffic on the wire. TLS is the replacement for SSL and like SSL, it uses certificates issued by CAs. PEAP-TLS uses TLS to encrypt the authentication process and PEAP-TLS requires a CA to issue certificates.

VPN

Virtual Private Network Allows a secure private connection over a public network, using an encrypted 'tunnel'. For example, a remote computer can securely connect to a LAN, as though it were physically connected.


Related study sets

PrepU - Ch.25 Assessment of Cardiovascular Function

View Set

CS271 - WEEK 8 - Summary Excersizes

View Set

Chapter 11 Additional Test Questions

View Set

Netflix Will Have To Be More Careful Raising Prices

View Set

Chapter 20: Management of Anger, Aggression, and Violence

View Set