Download presentation
Presentation is loading. Please wait.
Published byDebra Marshall Modified over 9 years ago
1
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 7 VPN Fundamentals
2
© ITT Educational Services, Inc. All rights reserved.Page 2 IS3220 Information Technology Infrastructure Security Class Agenda 1 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations. Note: Submit all Assignment and labs due today.
3
© ITT Educational Services, Inc. All rights reserved.Page 3 IS3220 Information Technology Infrastructure Security Class Agenda 2 Theory: 6:00pm -8:00pm Lab: 8:15pm to 11:00pm
4
© ITT Educational Services, Inc. All rights reserved.Page 4 IS3220 Information Technology Infrastructure Security Learning Objective and Key Concepts Learning Objective Describe the foundational concepts of VPNs Key Concepts Strategies for protection of remote network access using a virtual private network (VPN) Network architecture necessary for VPN implementation Types of VPN solutions and common protocols used for connectivity and data transport Planning and selection of VPN options for best value to the organization
5
© ITT Educational Services, Inc. All rights reserved.Page 5 IS3220 Information Technology Infrastructure Security EXPLORE: CONCEPTS
6
© ITT Educational Services, Inc. All rights reserved.Page 6 IS3220 Information Technology Infrastructure Security Virtual Private Network (VPN)
7
© ITT Educational Services, Inc. All rights reserved.Page 7 IS3220 Information Technology Infrastructure Security What is a VPN? Network that uses the Public Telecom Infrastructure (Internet ) to provide remote access to secure private networks Allows organizations to privately transmit sensitive data remotely over public networks
8
© ITT Educational Services, Inc. All rights reserved.Page 8 IS3220 Information Technology Infrastructure Security What is a VPN? Secures communication between separate private networks through tunneling Protects sensitive information transiting the public network
9
© ITT Educational Services, Inc. All rights reserved.Page 9 IS3220 Information Technology Infrastructure Security What is a VPN? Low-cost alternative to leased-line infrastructure Supports Internet remote access Provide remote access and remote control
10
© ITT Educational Services, Inc. All rights reserved.Page 10 IS3220 Information Technology Infrastructure Security What is a VPN? Employs encryption and authentication for secure transmission Restrictions for mobile users that ensure a baseline level of conformity and security
11
© ITT Educational Services, Inc. All rights reserved.Page 11 IS3220 Information Technology Infrastructure Security VPN Endpoints Host Computer Systems Edge Routers Corporate Firewalls Dedicated VPN Appliances
12
© ITT Educational Services, Inc. All rights reserved.Page 12 IS3220 Information Technology Infrastructure Security VPN Encryption Modes Tunnel mode Protects packet from header to payload Transport mode Protects only the packet payload
13
© ITT Educational Services, Inc. All rights reserved.Page 13 IS3220 Information Technology Infrastructure Security VPN to Connect a LAN with Remote Mobile Users
14
© ITT Educational Services, Inc. All rights reserved.Page 14 IS3220 Information Technology Infrastructure Security Drawbacks of VPNs Congestion, latency, fragmentation, and packet loss Difficulties with compliance and troubleshooting Encrypted traffic does not compress Lacks repeating patterns More bandwidth-intensive than clear-text transmission Connectivity requires high availability
15
© ITT Educational Services, Inc. All rights reserved.Page 15 IS3220 Information Technology Infrastructure Security VPNs Bridge Distant Connections Home and satellite offices May span separate cities, states, countries, geographic territories, and international borders Provide varying levels of granular network access to separate locations VPNs maintain confidentiality and integrity for users and data (C-I-A triad)
16
© ITT Educational Services, Inc. All rights reserved.Page 16 IS3220 Information Technology Infrastructure Security VPN Used to Connect Multiple LANs
17
© ITT Educational Services, Inc. All rights reserved.Page 17 IS3220 Information Technology Infrastructure Security VPN Used to Connect Multiple LANs with Remote Mobile Users
18
© ITT Educational Services, Inc. All rights reserved.Page 18 IS3220 Information Technology Infrastructure Security VPNs Security and Privacy Issues Cannot ensure quality of service (QoS) or complete security Links depend on availability, stability, and throughput of ISP connection Not ideal connection method for dial-up modems or low-bandwidth links Infected mobile users can potentially damage or disrupt the private network Confidential data can be copied outside the boundaries of internal controls
19
© ITT Educational Services, Inc. All rights reserved.Page 19 IS3220 Information Technology Infrastructure Security VPNs Are Not a Cure-all Solution Upkeep, Updates, and Upgrades Safety and Security Software Fixes Software Patches Software Updates Hardware Upgrades Client Compliance Roaming profiles Tamper with systems Bypass restrictions Careless users Defiant users Inconsistent Security True VPN Trusted VPN Secure Hybrid VPN
20
© ITT Educational Services, Inc. All rights reserved.Page 20 IS3220 Information Technology Infrastructure Security EXPLORE: ROLES
21
© ITT Educational Services, Inc. All rights reserved.Page 21 IS3220 Information Technology Infrastructure Security Hardware-Based VPNs Dedicated Resources and Optimized Processing Advantages Designed for Routing Sustains Resources Streamlined for security Disadvantages Costs and Compatibility
22
© ITT Educational Services, Inc. All rights reserved.Page 22 IS3220 Information Technology Infrastructure Security Software-Based VPNs Platform-independent SSL/TLS VPNs to connect systems Advantages Install and Deploy Rapidly Connection Speed Portable and Efficient Disadvantages Complex to Install and Configure Server Exposed
23
© ITT Educational Services, Inc. All rights reserved.Page 23 IS3220 Information Technology Infrastructure Security Owned and Outsourced VPNs Own or operate telecommunications infrastructure and VPN endpoints Contract maintenance or management
24
© ITT Educational Services, Inc. All rights reserved.Page 24 IS3220 Information Technology Infrastructure Security EXPLORE: CONTEXT
25
© ITT Educational Services, Inc. All rights reserved.Page 25 IS3220 Information Technology Infrastructure Security VPN Tunnel Encapsulates an entire packet within another packet Encrypts payload and header (IP and UDP/TCP) to protect identities Carrier protocol used to transmit the VPN packets Encapsulating protocol packages the original data
26
© ITT Educational Services, Inc. All rights reserved.Page 26 IS3220 Information Technology Infrastructure Security VPN Transport Encapsulates only the packet payload Cannot prevent some forms of observation (eavesdropping and alteration) Does not conceal endpoint identity Ideal for direct endpoint-to-endpoint or endpoint-to-gateway communication
27
© ITT Educational Services, Inc. All rights reserved.Page 27 IS3220 Information Technology Infrastructure Security Cryptographic Protocols Ensure confidentiality and non-repudiation Require encryption algorithms, protocols, and authentication methods Endpoints must support identical cryptographic protocols and methods
28
© ITT Educational Services, Inc. All rights reserved.Page 28 IS3220 Information Technology Infrastructure Security VPN Authentication, Authorization, and Accountability Mechanisms Allow approved external entities to interconnect and interact with private network Use varying methods for authenticating users (passkeys, biometrics, etc.) Track and log user interactions to maintain user accountability
29
© ITT Educational Services, Inc. All rights reserved.Page 29 IS3220 Information Technology Infrastructure Security Network Protocols Tunneling protocols package packets within packets for secure transport Transport protocols package payloads within packets Encapsulating protocols wrap around original passenger protocols Carrier protocols carry the packaged VPN packets
30
© ITT Educational Services, Inc. All rights reserved.Page 30 IS3220 Information Technology Infrastructure Security VPN Deployment Models True, Trusted, Secure, and Hybrid Models Tailor VPN security to match organizational and data privacy needs Establish control Components (software and hardware) Conversations (endpoint connections) Communications (network infrastructure)
31
© ITT Educational Services, Inc. All rights reserved.Page 31 IS3220 Information Technology Infrastructure Security VPN Deployment Models Customers and providers may separately manage and maintain devices Customers may outsource different aspects of VPN ownership and operation to service providers Custom tailor ownership and operator responsibilities to budgetary needs
32
© ITT Educational Services, Inc. All rights reserved.Page 32 IS3220 Information Technology Infrastructure Security VPN Deployment ~ Appliances Dedicated network offload devices Specialized to handle VPN offloading from routers and host systems Can be placed outside corporate firewalls for traffic filtering Supplements existing corporate firewalls that do not support VPN services
33
© ITT Educational Services, Inc. All rights reserved.Page 33 IS3220 Information Technology Infrastructure Security VPN Deployment ~ Edge Routers Transport VPN over public networks Insures that all traffic complies with firewall Ideal for customer and supplier or business partner access Best suited for controlled access into DMZ
34
© ITT Educational Services, Inc. All rights reserved.Page 34 IS3220 Information Technology Infrastructure Security VPN Deployment ~ Corporate Firewall Pass LAN-to-LAN traffic Joined networks are treated as any other LAN route Users don’t have to re-authenticate across segments No additional firewall filtering or restriction applies
35
© ITT Educational Services, Inc. All rights reserved.Page 35 IS3220 Information Technology Infrastructure Security VPN Architectures Remote access (host-to-site) supports single connections into the LAN LAN-to-LAN and WAN (site-to-site) supports LAN-to-LAN via Internet Client-server (host-to-host) supports direct connections via Internet
36
© ITT Educational Services, Inc. All rights reserved.Page 36 IS3220 Information Technology Infrastructure Security VPN Architectures A corporation may control different aspects of the network Authentication, Authorization, and Accounting (AAA) server deployment Different technologies for different needs
37
© ITT Educational Services, Inc. All rights reserved.Page 37 IS3220 Information Technology Infrastructure Security VPN Supporting Services and Protocols Enterprise-class VPNs require enterprise- class security Authentication establishes levels of authorization and access Cryptographic transport protocols don’t “play well” together
38
© ITT Educational Services, Inc. All rights reserved.Page 38 IS3220 Information Technology Infrastructure Security Summary Strategies for protection of remote network access using a virtual private network (VPN) Network architecture necessary for VPN implementation Types of VPN solutions and common protocols used for connectivity and data transport Planning and selection of VPN options for best value to the organization
39
© ITT Educational Services, Inc. All rights reserved.Page 39 IS3220 Information Technology Infrastructure Security Assignment and Lab Discussion 7.1 Developing a VPN Policy and Enforcing VPN Best Practices Lab 7.2 Implement a VPN Tunnel for Secure Remote- Access Assignment 7.3 Create a VPN Connectivity Troubleshooting Checklist Project 7.4 Network Design
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.