Virtual Private Network

11 Key excerpts on "Virtual Private Network"

• 

  eBook - PDF

  Cybersecurity Operations Handbook

  • John Rittinghouse PhD CISM, William M. Hancock PhD CISSP CISM, John Rittinghouse, PhD, CISM, William M. Hancock, PhD, CISSP, CISM(Authors)
  • 2003(Publication Date)
  • Digital Press

    (Publisher)

  S VPNs and Remote Access For many years, both voice and data services were delivered by the tele- phone companies using a technology known as the Virtual Private Network, or VPN. Phone companies still consider a software-defined network a VPN; however, today, the accepted definition of a VPN is a combination of tunneling, encryption, authentication, and access control technologies and services used to carry traffic over the Internet, a managed IP network, or a provider's backbone. The traffic reaches these backbones using any combination of access technologies, including T1, Frame Relay, ISDN, ATM, or simple dial-up access. To state this in simple terms, a VPN is a private network connected over another public network infrastructure such as the Internet. The following excerpt taken from the Web summarizes the evolution of legitimate business need for VPNs. 1 Globalization and mobility are buzzwords used today in the business world. Telecommuting has become a major trend. People have always traveled, but today's traveler needs frequent access to the corporate net- work. This means business organizations need to maintain a live con- nection with their employees who are away from the site or on the move. Decentralization of corporations is on the rise. Rather than hav- ing a corporate headquarters where the majority of employees are located, most companies today spread their operations across the coun- try or even the world to be closer to clients. Corporate headquarters need to have a conduit for data flow back and forth from their subsid- iaries and branch offices. And, last but not least, business organizations need to be tightly linked to their partners, suppliers, customers, and any other external communities of interest. The onus is on the corpora- tions to maintain all these linkages as economically and as effectively as possible.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Hands on Hacking

  • Matthew Hickey, Jennifer Arcuri(Authors)
  • 2020(Publication Date)
  • Wiley

    (Publisher)

  Chapter 8 Virtual Private Networks

  It is likely that a Virtual Private Network (VPN) server, a gateway through which employees working remotely can access the organization's internal network, will be included in the scope agreed to with your client. Ideally, this will be a well-protected part of your client's external infrastructure. If a malicious hacker is able to breach this entry point, then they may well have free reign over a large number of internal systems. In this chapter, we will take a look at common types of VPN technologies: Internet Protocol Security (IPsec) with Internet Key Exchange (IKE) and SSL VPNs (OpenVPN).

  What Is a VPN?

  Companies and organizations that are split over different geographical regions might want to connect multiple sites or offices over a network. One way to do this is to implement a leased line, which is a dedicated line between locations, leased from a telecommunications company. The cost of such an approach may well be prohibitive for the vast majority of organizations.

  An alternative to an actual physical network is to use a virtual network. In other words, companies can make use of the already existing infrastructure of the public Internet. One issue with this approach is that, unlike a dedicated or internal network, this infrastructure will be shared with the general public and subject to the same traffic congestion problems that they experience.

  A bigger concern, though, is security. Ideally, all information sent among different locations of an organization will be kept private, as it would if the organization had its own dedicated communications channels. This can be achieved by encrypting all traffic among locations. A Virtual Private Network (VPN)

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Cloud Computing Networking

  Theory, Practice, and Development

  • Lee Chao(Author)
  • 2015(Publication Date)
  • Auerbach Publications

    (Publisher)

  Usually, the public network is the Internet. When using the Internet to deliver messages, the IP packets can be easily intercepted by hackers. Various encryption mechanisms are used for confidentiality. To be able to connect to a VPN server, the client computer must have the VPN client software installed and must be configured so that it is able to communicate with the VPN server. When the client requests a connection to the VPN server, the VPN server checks the client’s authentication information. If the user is authenticated, the VPN 380 CLOUD COMPUTING NETWORKING server will establish a secure connection to link the VPN client to the VPN server. The secure connection is established with the tunneling protocol that is provided by the VPN server software. Before a data transaction begins, the data need to be encrypted and then transmitted to the receiver over the public network. Once the data are deliv-ered to the receiver, they will be decrypted. This is how the VPN delivers private data over the public network. The VPN can protect data transactions through various types of network connec-tions. The most common usage of the VPN is to access a server through the Internet. Once a client logs on to a VPN server remotely, the client is able to access the net-work where the VPN server is located. For example, by using the VPN, a student can remotely access a lab server located on campus through the Internet. After having logged on to the VPN server, the student can access the network resources such as a specific computer in the lab or the network printer. Figure 10.1 illustrates the remote access to an on-campus network with the VPN technology. A VPN can also be used to protect data transactions over a site-to-site connection in an organization’s network. The site-to-site connection links two private networks. For example, a university system may include multiple campuses.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Virtual Private Networking

  A Construction, Operation and Utilization Guide

  • Gilbert Held(Author)
  • 2005(Publication Date)
  • Wiley

    (Publisher)

  1.1 The VPN concept In commencing our initial discussion of VPNs it is probably wise to start with a definition of the technology. In doing so, let’s describe both what a VPN is and also the term Virtual Private Networking so we fully understand the difference between the two. 1.1.1 Definition We can define a Virtual Private Network as ‘a temporary physical route formed over a mesh structured public network.’ Thus, Virtual Private Networking can Virtual Private Networking G. H. Held  2004 John Wiley & Sons, Ltd ISBN: 0-470-85432-4 1 2 introduction to Virtual Private Networking be considered to represent the process of transmitting data over a VPN. These basic definitions do not consider the layer in the Open System Interconnec- tion (OSI) Reference Model at which the VPN operates nor does it describe any security requirements. As we will shortly note, the most popular type of VPNs operate at the data link layer (layer 2) or the network layer (layer 3). In addition, a less popular type of VPN, which we will briefly mention as well as a viable alternative to some layer 2 and layer 3 VPNs, operates at the transport layer (layer 4) while the key distribution protocol of a more recently standardized type of VPN operates at the session, presentation and application layers (layers 5 through 7). Because a VPN represents a temporary connection established over a public network, you more than likely want to secure your connection. Thus, the basic definitions previously presented represent a starting point or foundation for discussing VPNs. 1.1.2 Types of VPNs There are two basic types of VPNs, those that operate at layer 2 in the OSI Reference Model and those that operate at layer 3. 1.1.2.1 Layer 2 VPNs The top portion of Figure 1.1 illustrates a layer 2 VPN. In this example the layer 2 public network is a frame relay network. The frame relay network shown in Figure 1.1(a) is assumed to be a public network; however, it could also represent an organization’s private network.

  Sign up to read

  Learn more about book
• 

  No longer available |Learn more

  Learn pfSense 2.4

  Get up and running with Pfsense and all the core concepts to build firewall and routing solutions

  • David Zientara(Author)
  • 2018(Publication Date)
  • Packt Publishing

    (Publisher)

  Virtual Private Networks

  As computer networking becomes more commonplace and we begin to take network connectivity for granted, users increasingly find the need to connect to private networks from remote locations. At one point, the only way to provide such connectivity was through private WAN circuits. In some cases, private WAN circuits may still be the best option, as they provide low latency and reliability; but they also have high monthly costs, and can be prohibitively expensive for many users.

  Fortunately, they aren't the only option available to us. Virtual Private Networks (VPNs ) provide us with a means of accessing a private network over a shared public network. The public network is, more often than not, the internet. Access to the private network is provided through an encrypted tunnel and, as a result, it is as if we have a point-to-point connection between the remote system and our private network. Moreover, all of this can be done with some rather generic computer hardware, such as the type of hardware that can run pfSense. Therefore, VPNs provide us with a secure means of accessing a private network from a remote location in a manner that is cost effective.

  pfSense provides you with a means of easily implementing VPN connectivity. While we have to concede that a computer that barely meets the minimum specifications for pfSense is a poor candidate for VPN use—establishing and maintaining a VPN tunnel is rather CPU-intensive—pfSense can still enable you to set up a VPN much more cheaply than you would with most commercial equipment. Moreover, with third-party hardware add-ons, much of the encryption work can be offloaded from the CPU.

  In this chapter, we will cover the following topics:

  • VPN fundamentals
  • Configuring a VPN tunnel
  • Troubleshooting VPNs

  Passage contains an image

  Technical requirements

  This chapter will provide examples of both peer-to-peer and client-server VPN connections. As a result, to follow along with the examples in this chapter, you will need two fully functional pfSense firewalls, with at least one node behind each firewall; each of the firewalls will be serving as a peer. This can be done in either a real-world or a virtual environment. The examples provided in this chapter are not particularly resource intensive, but you may need something more than a system that meets the bare minimum requirements for pfSense.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Network Perimeter Security

  Building Defense In-Depth

  • Cliff Riggs(Author)
  • 2003(Publication Date)
  • Auerbach Publications

    (Publisher)

  Chapter 10 Virtual Private Networks This chapter addresses the role of the Virtual Private Network (VPN) as a countermeasure in your network. There are many different types of VPNs, but the public is generally sold on the definition of VPN that means “using encryption over a public IP network to make sure nobody can read my data.” This chapter discusses the types of VPNs, including those based on the public Internet and where they may be applicable as countermeasures in your network. The commonly used selling tactic for purchasing VPN equipment is that “someone” on the Internet would be able to read your data. Using a VPN will make it so that your data is safe. While this is true, let us put things into perspective a bit. Most VPNs are one of two types. The first type is the remote user of corporate resources. This is formally known as the “host to gateway” model. These are users that dial up to a service provider and then route their packets to a corporate VPN server. The data is encrypted from the host device of the remote user to the VPN server at the corporate office. Once inside the corporate network, most implementations decrypt the data and forward it throughout the internal network (see Exhibit 1). Host-to-gateway VPNs are found in two different varieties. The first is known as a voluntary tunneling. This means that users have the option of connecting to the Internet or other network resources not using the VPN. For example, home users with DSL lines are always connected to their DSL providers. When they have work that specifically requires access to the company network, they create a VPN service to the corporate site. The user is allowed to make the distinction between using or not using the VPN. This can be advantageous to the company and the user because it creates less demand on company resources. VPN connections are only being utilized when users are accessing company resources and are otherwise available

  Sign up to read

  Learn more about book
• 

  No longer available |Learn more

  Mastering pfSense,

  • David Zientara(Author)
  • 2018(Publication Date)
  • Packt Publishing

    (Publisher)

  Virtual Private Networks

  Virtual Private Networks (VPNs ) provide a means of accessing a private network over a shared public network such as the internet. Access to the private network is provided via an encrypted tunnel, and connecting to the network in such a way emulates a point-to-point link between the remote node and the network. Since the tunnel is encrypted, any packets that are intercepted are indecipherable without the encryption keys. Thus, VPNs provide a secure means of accessing a private network remotely.

  Prior to the advent of VPNs, the only way of providing remote connections to a private network was through private WAN circuits. Private WAN circuits provide low latency, and in some cases, they may still be the best solution for connecting to a private network, but they also have high monthly costs. VPN solutions have grown in popularity, in spite of the fact that they often have somewhat higher latency than private WAN circuits, because they provide the same point-to-point connectivity at a much lower cost.

  pfSense is one such means by which you can implement low-cost VPN connectivity. While establishing and maintaining a VPN tunnel is somewhat CPU-intensive—a computer that barely meets the minimum specifications for pfSense will be hard-pressed to maintain a VPN connection—with pfSense, you will be able to set up VPN connections much more cheaply than you would be able to with commercial equipment.

  In this chapter, we will cover the following topics:

  • VPN fundamentals
  • Configuring a VPN tunnel in pfSense (IPsec, L2TP, and OpenVPN)
  • Troubleshooting VPNs

  Passage contains an image

  Technical requirements

  To follow along with the examples provided in this chapter, you will need two fully functional pfSense firewalls (with one or more nodes behind each firewall), either on real physical networks or in a lab/virtualization environment. Installation and configuration of the ShrewSoft VPN client, described in the section on IPsec, requires a system running Microsoft Windows (Windows 2000, XP, Vista, 7, 8, or 10 will do). The examples presented in this chapter should not be particularly resource-intensive; however, setting up an encrypted VPN tunnel does tax the CPU somewhat. Therefore, running pfSense on hardware that barely meets the minimum specifications for pfSense is not recommended.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Hack Proofing Linux

  A Guide to Open Source Security

  • James Stanger, Patrick T. Lane(Authors)
  • 2001(Publication Date)
  • Syngress

    (Publisher)

  Creating Virtual Private Networks Solutions in this chapter: 392 Chapter 8 • Creating Virtual Private Networks Introduction In previous chapters, you have discovered how you can enhance authentication by using third-party open source software, such as Kerberos,“one-time passwords in everything” (OPIE), and the public-key cryptography methods of Open Secure Shell (OpenSSH).You also learned how to employ encryption between hosts by using the application-layer security methods of OpenSSH. In this chapter, you will go a step further to deploy secure authentication and strong encryption at the network layer to establish network security by using virtual pri-vate networks (VPNs).VPNs offer certain advantages over other network security protocols, as you will find in this chapter.You will learn about the many solutions provided by VPNs in today’s Internet workplace, such as providing secure trans-missions between two hosts, routers, or both.We explain the Internet Protocol Security Architecture (IPSec), which is quickly becoming the standard protocol for VPNs.You will finish up the chapter by creating your own VPN by using Free Secure Wide Area Network (FreeS/WAN). Secure Tunneling with VPNs A VPN provides a private data network over public telecommunication infrastruc-tures, such as the Internet. It provides both secure authentication and encryption. It creates a data “tunnel” between devices so that all data transmitted between the devices is secure, regardless of what programs the devices are running. After a secure tunnel is established, data can be transmitted securely between the hosts. Three basic types of VPN solutions exist: telecommuter, router-to-router, and host-to-host. A telecommuter VPN can be used to securely connect a host to a network from any Internet connection and is ideal for traveling workers. A router-to-router VPN is used to create a secure transmission tunnel between two networks, such as two company sites in different locations.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Cisco Security Specialists Guide to PIX Firewall

  • Syngress(Author)
  • 2002(Publication Date)
  • Syngress

    (Publisher)

  Configuring Virtual Private Networking Solutions in this chapter: ■ IPsec Concepts ■ Configuring Site-to-Site IPsec using IKE ■ Configuring Site-to-Site IPsec Without IKE (Manual IPsec) ■ Configuring Point-to-Point Tunneling Protocol ■ Configuring Layer 2 Tunneling Protocol with IPsec ■ Configuring Support for the Cisco Software VPN Client Chapter 7 333 Summary Solutions Fast Track Frequently Asked Questions 334 Chapter 7 • Configuring Virtual Private Networking Introduction Virtual Private Network (VPN) technology provides a channel for secure com-munications between internal networks over a public network (such as the Internet, for example) while providing features such as confidentiality and authentication.VPNs are commonly used to connect branch offices, mobile users, and business partners.The ability to connect private networks or hosts by securely tunneling through a public network infrastructure is very appealing. VPNs over the Internet provide solutions to various business problems, including economical connectivity between offices (using site-to-site VPNs) and the ability to provision connections quickly (simply by installing VPN hardware on an existing Internet connection instead of having to wait for a dedicated leased line or Frame Relay PVC to be installed). Remote access VPNs, on the other hand, provide connectivity for mobile workers or telecommuters, allowing them to dial into any ISP or use high-speed broadband connectivity at home or at a hotel to gain access to the corporate network. The PIX firewall supports both site-to-site and remote access VPNs using various protocols: IPsec, L2TP, and PPTP. On the technical side,VPNs can be very complicated, and a single connection might be implemented using a combi-nation of many protocols that work together to provide tunneling, encryption, authentication, access control, and auditing.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  CRC Handbook of Modern Telecommunications

  • Patricia A. Morreale, Kornel Terplan, Patricia A. Morreale, Kornel Terplan(Authors)
  • 2018(Publication Date)
  • CRC Press

    (Publisher)

  Intranets 2-31 support on-demand, multiprotocol Virtual Private Networking over public networks such as the Internet. Internet access is provided by an Internet service provider (ISP), who wishes to offer services other than traditional registered IP address–based service to dialup users of the network. This architecture is transparent to the end systems. In case of connecting two distant local area net-works (LANs) through a VPN, the users will notice no difference while their traffic is being encapsu-lated in IP packets and transmitted to the remote VPN access server, which puts them back to the remote LAN. If a remote user wants to connect to the private network of the enterprise through a VPN connec-tion, his/her computer has to support the implemented VPN protocol to be able to encapsulate the traf-fic. Although this encapsulation provides some security against intercepting the actual data, additional encryption should be implemented to provide secure communication. 2.2.1.1 Point-to-Point Tunneling Protocol (PPTP) The PPTP networking technology is defined as an extension to the remote access Point-to-Point Protocol (PPP; RFC 1171). PPTP is a network protocol that encapsulates PPP packets into IP datagrams for trans-mission over the Internet or other public TCP/IP-based networks. After the client has made the initial PPP connection to the ISP, a second dialup networking call is made over the existing PPP connection. Data sent using this second connection is in the form of IP datagrams that contain PPP packets, referred to as encapsulated PPP packets . The second call creates the VPN connection to a PPTP server on the private enterprise LAN, referred to as a tunnel .

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Cisco PIX Firewalls

  Configure / Manage / Troubleshoot

  • Umer Khan(Author)
  • 2005(Publication Date)
  • Syngress

    (Publisher)

  Configuring Virtual Private Networking Solutions in this chapter: ■ What’s New in PIX 7.0 ■ IPsec Concepts ■ Configuring a Site-to-Site VPN ■ Remote Access—Configuring Support for the Cisco Software VPN Clients Chapter 10 401 Summary Solutions Fast Track Frequently Asked Questions Introduction Virtual Private Networks (VPNs) provide secure communications between internal networks over a public network (such as the Internet, for example). Connecting private networks or hosts by securely tunneling through a public network infrastructure has both commercial and practical applications. VPNs can connect branch offices, mobile users, and business partners. VPNs ensure confidentiality and authentication. VPNs provide a number of solutions, including economical connectivity between offices (using site-to-site VPNs) and the ability to provision connections quickly (simply by installing VPN hardware on an existing Internet connection instead of having to wait for a dedicated leased line or Frame Relay PVC to be installed). Remote access VPNs provide connectivity for mobile workers or telecommuters, allowing them to securely gain access to their home network, regardless of where they are or how they connect. The PIX firewall supports both site-to-site and remote access VPNs using IPsec. VPNs can be very complicated, and a single connection might be implemented using a combina-tion of many protocols that work together to provide tunneling, encryption, authentication, access control, and auditing. A new emerging contender in the VPN world,WebVPN (also known as an SSL VPN), was not supported at the time this book was going to press. According to contacts at Cisco, the feature is being researched for incorporation into future updates of 7.0. This chapter shows how to configure VPNs on the PIX firewall.

  Sign up to read

  Learn more about book