Join Lisa Bock for an in-depth discussion in this video Using virtual private networks, part of IT Security Foundations: Core Concepts.
- When the internet became public in 1992 corporate network boundaries became blurred. Remote workers and sales staff sought ways to communicate with the internal network but had to do so over an insecure public network. Thus the birth of the Virtual Private Network. Virtual private networks connect two or more devices and protect data while in transit over the internet much like a leased line from an ISP without the monthly cost. From a user's perspective the network resource are accessed in the same way they would be within the private network, but by using cryptographic tunneling protocols such as layer two tunneling protocol.
To set up a VPN connection I'm simply going to go to: Network and Sharing Center. And I would select set up a new connection or network. And here I would say connect to a workplace. And then I would fill in the rest according to what my network administrator told me to fill in so I could make that connection. VPNs can increase privacy and security and provide confidentiality by encrypting the data, authentication to ensure only authorized entities are communicating, and integrity by detecting any message modification.
Some of the VPN benefits include providing remote access for employees to the corporate network, allowing employees in physically separate offices to share one virtual network, and interconnect IP version four and IP version six networks. The reason this is important is IP version four and IP version six have two entirely different headers. They cannot coexist on the same network without some type of tunneling protocol such as a VPN. There are choices in the way that you create a VPN.
One is IPsec. Or, Internet Protocol Security. An IPSec VPN works by creating a secure channel using the internet key exchange protocol, or IKE, to first authenticate the secure connection. Then symmetric encryption such as AES or triple DES is used to secure the data between the points. IPSec can run into trouble with Network Address Translation and firewall rules. Secure Shell.
SSH offers VPN tunneling and built-in user name and password authentication to establish a connection. It uses port 22 to authenicate the process. PuTTY is something that you can use to create that connection for Secure Shell. I'm at the PuTTY download page and you would be able to download the appropriate version for your system. And as you can see there's the interface for your PuTTY configuration. It's pretty well straight forward in where you put the Host Name or IP address and there it is defaulted at port 22.
SSL or TLS based VPNs have been around since the early 1990s and were first developed by Netscape and eventually adopted by nearly everyone to create tunnels between specific applications, primarily in web browsers. It is most often implemented for transmitting sensitive information such as banking or credit card information to a server. Businesses will most likely use an SLL certificate to reassure clients. Unlike SSH it does not require any authentication and typically uses port 443 to make a connection.
In some cases you might simply want or need a browser-created VPN and you can go online to select a couple of them such as HTTPS Everywhere or ZenMate. Here I'm at HTTPS Everywhere where you can see, you can download and install it so that it will work with your browser. Or ZenMate is another option as you can see so that you can browse anonymously when a secure connection is not available.
Note: This course maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals 98-367 certification exam and is recommended test prep viewing.
- Differentiate between risks, threats, and vulnerabilities.
- Explain how to avoid worms and viruses.
- Define cookies, and explain how they preserve user information.
- Describe the WPA2 wireless security method.
- Cite the differences between public and private key encryption.
- Summarize how to use a virtual private network.
- Identify ways to minimize the attack surface.