Lecture 12: VPN PDF

Preview

Summary

Different types of VPNs, with the features and responsibilities. With answered questions at the end of the document....

Description

Lecture 12: Virtual Private Networks VPN create end to end private network connections. A VPN is virtual in that it carries information within a private network, but that information is transported over a public network. A VPN is private as the traffic is encrypted to keep the data confidential while it is transported across the public network. VPN Benefits: Modem VPNS now support encryption features such as Internet Protocol Security (IPSec) and Secure Sockets Layer (SSL) VPNS to secure network traffic between sites. Cost Savings: Organization can use VPNs to reduce their connectivity costs while simultaneously increasing remote connection bandwidth. Security: Encryption and authentication protocols protect data from unauthorized access. Scalability: VPNs allow organizations to use the internet, making it easy to add new users without adding significant infrastructure. Compatibility: VPNs can be implemented across a wide variety of WAN link options including broadband technologies. Remote workers can use these high-speed connections to gain secure access to corporate networks.

Remote- Access VPNs: These let remote and mobile users securely connect to the enterprise. These are typically enabled dynamically by the user when required, so can be using IPsec or SSL. Two types of connections: Clientless VPN connection – The connection is secured using a web browser SSL connection. Client-based VPN connection -Client software such as Cisco must be installed on the remote user’s device.

VPNs can be managed as one of the two types: -

Enterprise VPNs – common solution for securing enterprise traffic across the internet. Site to site and remote access VPNS are created and managed by the IPsec and SSL VPNs. Service Provider VPNs – created and managed by the provider network. The provider uses multiprotocol label switching at Layer 2/3 to create secure channels between an enterprise’s sites, effectively segregating the traffic from customer traffic.

IP Security: IPsec is a standard that defines how a VPN can be secured across IP networks. IPsec protects and authenticates IP packets between source and destination. This provides essential security functions: -

Confidentiality – uses encryptions algorithms to prevent cybercriminals from reading the packet contents. Integrity – uses hashing algorithms to ensure that packets have not been altered between source and destination. Authentication – uses the Internet Key Exchange protocol to authenticate source and destination.

IPsec is not bound to specific rules, but there are many choices that can be used for the framework

IPsec Modes: IPSec operates in two different ways: transport or tunnel mode. Transport Mode: In transport mode, IPSec protects what is delivered from the transport layer to the network layer. In this mode, the IPsec header and trailer are added to the information coming from the transport layer.

Transport mode is usually used when we need a host-to-host protection of data. The sending host uses IPsec to authenticate and encrypt the payload delivered from the transport layer. The receiving host uses IPsec to check the authentication and decrypt the packet and deliver to the transport layer.

Tunnel Mode: In tunnel mode, IPsec protects the entire IP packet. It takes the IP packet, applies the IPsec to the entire packet and then adds a new IP header.

This is usually between two routers, a host, and a router.

Q1. Which two statements describe a remote access VPN? (Choose two.)

a. It connects entire networks to each other. b. It requires hosts to send TCP/IP traffic through a VPN gateway. c. It may require VPN client software on hosts. d. It is used to connect individual hosts securely to a company network over the internet.

e. It requires static configuration of the VPN tunnel.

Q2. The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?

a. confidentiality b. nonrepudiation c. authentication d. integrity e. Diffie-Hellman

Q3. Which technique is necessary to ensure a private transfer of data using a VPN?

a. virtualisation b. authorisation c. scalability d. encryption

Q4. What are two reasons a company would use a VPN? (Choose two.)

a. to increase bandwidth to the network

b. to eliminate the need of having a gateway c. to test network connections to remote users d. to connect remote users to the network e. to allow suppliers to access the network

Q5. Which solution allows workers to telecommute effectively and securely?

a. remote-access VPN b. DSL connection c. dial-up connection d. site-to-site VPN

Q6. Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality?

a. ESP b. AH c. IP protocol 50 d. DH

Q7. What algorithm is used to provide data integrity of a message through the use of a calculated hash value?

a. AES b. DH c. RSA d. HMAC

Q8. Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key?

a. The length of a key will not vary between encryption algorithms. b. The shorter the key, the harder it is to break. c. The longer the key, the more key possibilities exist. d. The length of a key does not affect the degree of security.

Q9. What is a type of VPN that is generally transparent to the end user?

a. private b. remote access c. site-to-site d. public

Q10. Which of the following describes a VPN?

a. a remote connection using a secure tunnel across the Internet b. segmenting a local network into smaller networks without subnetting c. a network that is protected from viruses d. a protocol used to encrypt L2TP traffic

Q11. Which is an advantage of SSL VPNs over Data Link layer or Network layer VPNs.

a. SSL VPNs use specialised client software for secure connections. b. SSL VPNs function at Layer 1, the Physical layer, and thus run much faster than Layer 2 or Layer 3 VPNs. c. SSL VPNs offer robust security features and therefore do not rely on other protocols or services to handle encryption. d. SSL VPNs don’t require specialised features client software but use Web browsers.

Q12. Which two encryption protocols might be used to provide secure transmissions for browser and web server communications? a. HTTP and HTTPS b. SSL and TLS c. SSL and HTTP d. TCP and UDP Q13. What is a secure private connection through a public network or the Internet called?

a. Tunneling protocol b. IPsec c. PSTN d. VPN

Q14. IPsec can be used to ensure integrity, confidentiality, and authenticity. Which of the following does IPsec provide principally through the use of the encapsulated security payload?

a. Integrity b. Confidentiality c. Authenticity d. Nonrepudiation...