Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 7: Virtual Private Network (VPN) - Coggle Diagram
Chapter 7: Virtual Private Network (VPN)
Classified
Intranet VPN
Remote Access
Tunneling
Types of Tunneling
Voluntary Tunneling
Compulsory Tunneling
VPN Tunneling Protocols
Point-to-Point Tunneling Protocol (PPTP)
PPTP supports:
Validation of the information
Encryption of data
Filtering of packets
Remote access to VPN
Internetworking if LANs
Flow of data
Control messages
Data packets
PPTP Control Connection
PPTP Security & Disadvantages
PPTP Protocol assures
Authenticity of data
Encryption of the data
Packet filtering
Problem with PPTP
No single standard to both authenticate & encrypt the information
Layer Two Tunneling Protocol (L2TP)
Chiefly employed in Cisco products
Present in data link layer of the OSI model
Characteristics of L2TP
Ease of connection
IPSec is used with L2TP to provide secure connection
L2TP can be used in different modes
L2TP uses NCP (Network Control Protocol) to assign IP address
L2TP Compulsory Tunnel
Does not need an L2TP function on the PPP client
ISP has to work in compliance with LAC
ISP start the L2TP tunnel
L2TP Voluntary Tunnel
L2TP Client (LAC) initiates Tunnel to LNS
Needs no coordination by ISP
Universal routable IP address is allocated to the client
Internet Protocol Security (IPsec)
Group of various correlated protocols
Present in network layer of the OSI model
VPN Security
VPN provides
Privacy to the clients
Reliability of data
protocol used
SSH
IPSec
Connection to VPN:
SSH & PPP
Concentrator
Configuring Network Connection:
Configure the concentrator
Set up client software
To use VPN, client should use client software
Expert mechanism that allows connection from VPN peers
Validates its client
Insist on security policies of VPN
VPN Policies
Connection to VPN is only through User accounts
VPN users select the ISP to connect to the network
Client software is to be installed on the users machine to access the network through VPN
VPN Registration & Password
Registration is essential to secure the connections
example
Request only using genuine web forms
Access is granted or rejected through security groups
Client access to VPN should be guarded
Client should connect using passwords provided explicitly
System should be locked when not in use for short time
Security policy ensures that passwords are non-crack able
Passwords are encrypted using
128-bit encryption
MS-CHAP
Risk Associated with VPN
Security risk
Third-party risk
Business risk
Implementation risk
Operating risk
Pre-implementation Review - Auditing
ensure:
Specification requirements are satisfied
Deviation between actual plan and developed product is noted
Compatiblity and integration of products
Billing, auditing
Risk are analyzed
Post-Implementation Review and Reporting
Reporting:
Scope, aims, and methodologies are to be mentioned
suggestions are to be mentioned