Professional Documents
Culture Documents
VPN Advantages:
4 Functionality of VPN:
Authentication
Data protection
Data Integrity
VPN tunnel encapsulates data. The encrypted link inside VPN tunnel provides secure and reliable
connection of user to outside internet. This encryption is done through security protocols such as
SSL, IPSEC.
All the WAN routing control is under service provider for Layer 3 whereas business need to
handle routing themselves for layer 2 VPN.
Layer 2 MPLS offers cost effective solution and high bandwidth whereas Layer 3 offers
relatively low bandwidth.
Layer 2 VPN are less scalable than layer 3 VPN.
IPLS, VPLS, 802.1 q tunneling etc. are the examples of layer 2 VPN. MPLS VPN, IPSEC P2P are
the examples of Layer 3 VPN [1].
VPN components:
Security Gateways: It includes firewalls, routers that is placed between public internet and private
network for preventing intrusion.
Security Policy Servers: It indicates that ACL list that security gateways uses to decide which traffic to
allow and which to deny.
Certificate Authorities: It is for validating the authenticity of shared keys and few other checks.
Seven Domains:
User Domain: It includes actual user, employee. Any user wanting to use organizational IT
infrastructure must review and sign Acceptable Use Policy (AUP) before using related IT
infrastructures.
Workstation domain: It includes end user devices. These workstations must maintain integrity of
devices by having personal firewalls, antispyware, anti-viruses, and other security countermeasures.
LAN domain:
LAN- WAN Domain: Routers, firewalls, DMZ, IDPS etc are configured and deployed in this domain.
Remote Access Domain: It represents the secure and encrypted access of remote users to company’s
IT infrastructure. SSL, VPN tunnelling for remote access to IT infrastructures.
WAN domain: This refers to service provider providing WAN connectivity to securely connect all its
sites, remote user.
System Domain: It represents all the hardware, OS software, database software, data etc. in
enterprise data centre.
https://sis.binus.ac.id/2018/01/15/the-seven-domain-of-a-typical-it-infrastructure/
Business requirements:
Redundancy
High availability
Denial of service
-Encryption
-Access control
For any business or company network having remote users, there should be configuration and
deployment of VPN. For remote users, for security concerns there should be additional firewalls, or
segmenting through DMZ or additional SSL encryption.
https://www.leasedlineandmpls.co.uk/leased-line-or-vpn/
https://jumpcloud.com/blog/remote-network-access-no-vpn
https://www.giac.org/paper/gsec/215/remote-access-security-radius/100741
lecture 2:
https://www.informit.com/articles/article.aspx?p=25946&seqNum=4