Overview of VPN in Security Context:

VPN Advantages:

 It allows remote user to securely connect to enterprise network.

 It saves cost as there will be reduction in maintenance costs.
 As VPN change the IP address, user can unblock websites and bypass filters.
 User can share encrypted files at better bandwidth.
 With VPN, small businesses can securely connect its main office with branch offices, it’s
customers, suppliers, employees, partners.

4 Functionality of VPN:

Authentication

Access control: confidentiality

Data protection

Data Integrity

a. Maintain availability of IT infrastructure.

b. Enforce Access control.
VPN technology:

VPN tunnel encapsulates data. The encrypted link inside VPN tunnel provides secure and reliable
connection of user to outside internet. This encryption is done through security protocols such as
SSL, IPSEC.

VPN works at Layer 2 or Layer 3 of OSI model layer.

 All the WAN routing control is under service provider for Layer 3 whereas business need to
handle routing themselves for layer 2 VPN.
  Layer 2 MPLS offers cost effective solution and high bandwidth whereas Layer 3 offers
relatively low bandwidth.
 Layer 2 VPN are less scalable than layer 3 VPN.
 IPLS, VPLS, 802.1 q tunneling etc. are the examples of layer 2 VPN. MPLS VPN, IPSEC P2P are
the examples of Layer 3 VPN [1].

[1] "Layer 2 vs. Layer 3 MPLS | GCOMM", GCOMM, 2020. [Online]. Available:

https://gcomm.com.au/blog/layer-2-vs-layer-3-mpls/. [Accessed: 15- Oct- 2020].

VPN components:

Vpn components are broadly categorised into 4 parts:

The internet: It refers to fundamental network.

Security Gateways: It includes firewalls, routers that is placed between public internet and private
network for preventing intrusion.

Security Policy Servers: It indicates that ACL list that security gateways uses to decide which traffic to
allow and which to deny.

Certificate Authorities: It is for validating the authenticity of shared keys and few other checks.
Seven Domains:

User Domain: It includes actual user, employee. Any user wanting to use organizational IT
infrastructure must review and sign Acceptable Use Policy (AUP) before using related IT
infrastructures.

Workstation domain: It includes end user devices. These workstations must maintain integrity of
devices by having personal firewalls, antispyware, anti-viruses, and other security countermeasures.

LAN domain:

LAN- WAN Domain: Routers, firewalls, DMZ, IDPS etc are configured and deployed in this domain.

Remote Access Domain: It represents the secure and encrypted access of remote users to company’s
IT infrastructure. SSL, VPN tunnelling for remote access to IT infrastructures.

WAN domain: This refers to service provider providing WAN connectivity to securely connect all its
sites, remote user.

System Domain: It represents all the hardware, OS software, database software, data etc. in
enterprise data centre.
https://sis.binus.ac.id/2018/01/15/the-seven-domain-of-a-typical-it-infrastructure/
Business requirements:

Availability of the network and its components

Redundancy

High availability

Single point of failure

Denial of service

Sensitivity of the data

-Encryption

-Access control

For any business or company network having remote users, there should be configuration and
deployment of VPN. For remote users, for security concerns there should be additional firewalls, or
segmenting through DMZ or additional SSL encryption.

Is VPN more costly than leased lines

https://www.leasedlineandmpls.co.uk/leased-line-or-vpn/

Is remote access possible without VPN

https://jumpcloud.com/blog/remote-network-access-no-vpn

https://www.giac.org/paper/gsec/215/remote-access-security-radius/100741

lecture 2:

https://www.informit.com/articles/article.aspx?p=25946&seqNum=4