Tuesday, August 23, 2016

Cyber Security: Firewall - VPN

Cisco Security and Virtual Private Network (VPN) courses

VPN basics
In some ways, our local networks resemble forts sitting in the Wild West of a Hollywood movie. Inside strong walls, life goes on as normal, with data being exchanged freely between trusted machines. Meanwhile, beyond the firewall there is the lawless frontier of the internet; traffic crossing the internet must make a risky journey largely unprotected.

The problem of secure data transmission is especially acute for organisations based in several physical locations, such as those who need to exchange information with sub-contractors or those with a dispersed workforce such as sales teams or home workers.
Traditionally, companies invested in private communications links (usually called leased lines) whose cost might run to thousands of pounds per month. Most organisations cannot justify such an investment and in any case, leased lines cannot serve a mobile or highly dispersed workforce. So the lawless frontier of the internet is our only choice – this is where VPNs come to the rescue!

A VPN, as the name implies, is a means of creating a private network across an untrusted network such as the internet. VPNs can be used for a number of different purposes such as:
  • to securely connect isolated Local Area Networks (LANs) across the internet
  • to allow mobile users remote access to a corporate network using the internet
  • to control access within an intranet environment.
Implementing Cisco Network Security (IINS) v3.0 e-learning course
VPN concepts
VPNs are typically implemented using dedicated network devices (sometimes this might be a firewall), and software. There are two parts to the software; the first, called a VPN client, is installed on the computer of anyone who wants to be part of the VPN. The client is responsible for connecting users to the VPN so that it can send and receive information in a secure manner with, in this example, a corporate network. The second part is the VPN server which is part of a dedicated network device, usually located on the perimeter of an organisation’s network. The server software typically performs the authentication of users and route traffic to the corporate network.

The VPN software creates a path known as a ‘tunnel’ between the VPN client and the VPN server. It can establish this ‘tunnel’ by using any third party or untrusted network such as the internet. Unlike other paths through the internet, information which passes through this ‘tunnel’ can be encrypted to protect it from inspection or modification. So we can use these tunnels to protect our data while it crosses the lawless frontier of the internet back to the safety of our forts!

Securing the tunnels
The VPN path or tunnel between the VPN client and the VPN server relies on encryption to protect the data from interception or modification as it travels across the internet.

Cisco CCIE Lab Builder Cisco Expert Level Training for CCIE Routing and Switching v5.0

Encryption
In a VPN, encryption and decryption is typically performed by the client and server software. Early VPN solutions used proprietary encryption techniques, but shortcomings in many of these methods has forced a switch to public encryption standards.

Authenticity and integrity
It is vital to ensure that information can be trusted – that it is coming from an authenticated user and that it has not been altered in transit. VPNs use a number of methods to ensure authenticity:
  • hashes (see Week 5)
  • digital signatures (see Week 5)
  • message authentication codes (MACs).
MACs are appended to messages and act as an authenticator. They are similar in principle to digital signatures, but the hash is encrypted and decrypted using the same secret key, (symmetric encryption).

VPN protocols
There are three main forms of VPN protocol currently in use, these are:

  • PPTP (Point to Point Tunnelling Protocol)
PPTP was designed in a consortium led by Microsoft, which included an implementation of the protocol as a standard component of Windows NT 4. Microsoft also released PPTP as a free add-on to Windows 95 and Windows 98, allowing users of (at the time) the most popular version of Windows to access corporate networks.

Cisco E-Learning for ICND1 v2.0 180-day subscription

PPTP proved unsuited to large companies (being limited to 255 connections per server), but more seriously, the PPTP standard did not settle on a single form of user authentication or encryption; therefore two companies could offer software supporting PPTP, yet each product would be incompatible with the other! From Windows 2000 onwards, Microsoft replaced PPTP with L2TP (see below).

  • L2TP (Layer 2 Tunnelling Protocol)
This is an adaptation of a VPN protocol known as L2F originally developed by Cisco to compete with PPTP. In an attempt to improve L2F, a successor was devised by a group composed of the PPTP Forum, Cisco and the Internet Engineering Task Force (IETF). L2TP combines features of both PPTP and L2F.

  • IPSec (Internet Protocol Security)
IPSec was designed by an international committee (The Internet Engineering Task Force (IETF)) between 1992 with a first draft standard published in 1995, the revised standard was published in 1998. IPSec is now the most widely supported protocol with backing from Intel, IBM, HP/Compaq and Microsoft (among others).

Implementing Cisco Threat Control Solutions (SITCS) v1.0 e-learning course          Cisco Security and Virtual Private Network (VPN) courses            Cisco CCNA Collaboration Courses            Cisco E-Learning for CCNP SWITCH v2.0 180-day Subscription

IPSec has gained a reputation for security thanks to its use of well-known and trusted technologies. Rather than invent new techniques for encryption, the designers of the protocol built their system on top of existing encryption technologies, which had, in themselves been subjected to intense scrutiny.   
at
Labels: , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)