Professional Documents
Culture Documents
VPN Advantages:
4 Functionality of VPN:
Authentication
Data protection
Data Integrity
VPN tunnel encapsulates data. The encrypted link inside VPN tunnel provides secure and reliable
connection of user to outside internet. This encryption is done through security protocols such as
SSL, IPSEC.
All the WAN routing control is under service provider for Layer 3 whereas business need to
handle routing themselves for layer 2 VPN.
Layer 2 MPLS offers cost effective solution and high bandwidth whereas Layer 3 offers
relatively low bandwidth.
Layer 2 VPN are less scalable than layer 3 VPN.
IPLS, VPLS, 802.1 q tunneling etc. are the examples of layer 2 VPN. MPLS VPN, IPSEC P2P are
the examples of Layer 3 VPN [1].
VPN components:
Security Gateways: It includes firewalls, routers that is placed between public internet and private
network for preventing intrusion.
Security Policy Servers: It indicates that ACL list that security gateways uses to decide which traffic to
allow and which to deny.
Certificate Authorities: It is for validating the authenticity of shared keys and few other checks.
Seven Domains:
User Domain: It includes actual user, employee. Any user wanting to use organizational IT
infrastructure must review and sign Acceptable Use Policy (AUP) before using related IT
infrastructures.
Workstation domain: It includes end user devices. These workstations must maintain integrity of
devices by having personal firewalls, antispyware, anti-viruses, and other security countermeasures.
LAN domain:
LAN- WAN Domain: Routers, firewalls, DMZ, IDPS etc are configured and deployed in this domain.
Remote Access Domain: It represents the secure and encrypted access of remote users to company’s
IT infrastructure. SSL, VPN tunnelling for remote access to IT infrastructures.
WAN domain: This refers to service provider providing WAN connectivity to securely connect all its
sites, remote user.
System Domain: It represents all the hardware, OS software, database software, data etc. in
enterprise data centre.
http://www.divyaaradhya.com/2018/03/13/policies-for-the-seven-domains-of-a-typical-it-
infrastructure/
https://sis.binus.ac.id/2018/01/15/the-seven-domain-of-a-typical-it-infrastructure/
Business requirements:
Redundancy
High availability
Denial of service
-Encryption
-Access control
For any business or company network having remote users, there should be configuration and
deployment of VPN. For remote users, for security concerns there should be additional firewalls, or
segmenting through DMZ or additional SSL encryption.
https://www.leasedlineandmpls.co.uk/leased-line-or-vpn/
https://jumpcloud.com/blog/remote-network-access-no-vpn
https://www.giac.org/paper/gsec/215/remote-access-security-radius/100741
lecture 2:
https://www.informit.com/articles/article.aspx?p=25946&seqNum=4
VPN in terms of CIA:
Integrity: It ensures data integrity which is achieved via HMAC (Hashed Message Authentication
Code) algorithm.
Availability: The availability of data and resources is assured as every data passing through tunnel is
encapsulated and risk of intruder penetrating the internal network is less.
Authentication: VPN enhance authentication by various methods PSK (Pre-Shared Key), SSL
certificates, User authentication for remote users.
Drawbacks of VPN:
Lecture 3:
The difference between IKEv1 and IKEv2 are:
IKEv2 is more scalable as it automatically creates different policies and security associations.
IKEv1 uses symmetric authentication whereas IKEv2 uses asymmetric authentication (RSA
and pre-shared key)
IKEv2 provides more security as it supports more algorithm than IKEv1.
IKEv2 uses separate keys for each direction. IKEv2 supports EAP authentication whereas
IKEv1 does not.
https://www.kareemccie.com/2016/12/differences-between-ikev1-and-ikev2.html
Lecture 4:
Software vs hardware-based vpn
https://networkinterview.com/layer-2-vpn-vs-layer-3-vpn/
Pros:
We can create firewall rules that can be applied to our VPN traffic.
Cons:
Improper configuration of firewall rules may allow traffic from internet to get to internal network.
Pros:
There is no need for modifying firewall configurations to support VPN packets as traffic is not passing
through Firewall at all.
Scalability: If there is excess workload on VPN, we can add machines and distribute it.
Conc:
Since vpn and firewall both are directly connected to internet, they are more prone to attacks. We
need to ensure that both are well protected otherwise hacker can break in and can compromise the
internal network.
Cons:
The network performance degrades because all traffic travels through firewall as well.