Virtual private networks provide two important network security functions to IT administrators. First, they allow the secure interconnection of remote networks, such as connecting branch offices to a corporate headquarters or each other. Second, they provide mobile workers with a mechanism to securely connect from remote locations back to the organization’s network. Learn the purpose of virtual private networks (VPNs), the IPsec protocol and the role of VPN concentrators.
- [Narrator] Virtual Private Networks, or VPNs, provide two important network security functions to IT administrators. First, they allow the secure interconnection of remote networks such as connecting branch offices to a corporate headquarters or to each other. Second, they provide mobile workers with a mechanism to securely connect from remote locations back to the organization's network. VPNs work by using encryption to create a virtual tunnel between two systems over the internet.
Everything that enters one end of the tunnel is encrypted, and then it is decrypted when it exits the other end of the tunnel. From the user's perspective, the network appears to function normally. But if an attacker gains access to traffic between the two secure endpoints, all they see is encrypted information that they can't read. VPNs require an endpoint on the remote network that accepts VPN connections. Many different devices may serve as VPN endpoints such as a firewall, router, server, or a dedicated VPN concentrator.
All of these approaches provide secure VPN connections, but organizations that have high volumes of VPN use often choose to use a dedicated VPN concentrator because these devices are very efficient at VPN connections and can manage high bandwidth traffic with ease. If you don't have a high volume of VPN traffic, you might choose to use the firewall, router, or server approach. If you do go that way, be warned that VPN traffic requires resource-intensive encryption, and unlike VPN concentrators, firewalls, routers, and servers usually don't contain specialized hardware that accelerates encryption.
Using these devices as VPN endpoints can cause performance issues. For many years, most VPNs used a protocol called IPSec, short for Internet Protocol Security, to create these encrypted tunnels. IPSec works at the network layer of the OSI model and provides robust, secure transport but it is often difficult to configure and may be blocked by firewalls. For that reason, IPSec is often used for static, site-to-site VPN tunnels but is becoming less common for remote user VPNs.
Remote user VPNs now often rely upon SSL or TLS VPNs that work at the application layer. These VPNs work on any system with a web browser and use Port 443 for communications, a network port that is typically allowed through almost every firewall. Virtual Private Networks provide administrators with the ability to secure an otherwise insecure communications mechanism and create private networks using inexpensive internet connections.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security