Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 7 VPN Fundamentals.

Similar presentations


Presentation on theme: "© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 7 VPN Fundamentals."— Presentation transcript:

1 © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 7 VPN Fundamentals

2 © ITT Educational Services, Inc. All rights reserved.Page 2 IS3220 Information Technology Infrastructure Security Class Agenda 1  Learning Objectives  Lesson Presentation and Discussions.  Discussion on Assignments.  Discussion on Lab Activities.  Break Times as per School Regulations.  Note: Submit all Assignment and labs due today.

3 © ITT Educational Services, Inc. All rights reserved.Page 3 IS3220 Information Technology Infrastructure Security Class Agenda 2  Theory: 6:00pm -8:00pm  Lab: 8:15pm to 11:00pm

4 © ITT Educational Services, Inc. All rights reserved.Page 4 IS3220 Information Technology Infrastructure Security Learning Objective and Key Concepts Learning Objective  Describe the foundational concepts of VPNs Key Concepts  Strategies for protection of remote network access using a virtual private network (VPN)  Network architecture necessary for VPN implementation  Types of VPN solutions and common protocols used for connectivity and data transport  Planning and selection of VPN options for best value to the organization

5 © ITT Educational Services, Inc. All rights reserved.Page 5 IS3220 Information Technology Infrastructure Security EXPLORE: CONCEPTS

6 © ITT Educational Services, Inc. All rights reserved.Page 6 IS3220 Information Technology Infrastructure Security Virtual Private Network (VPN)

7 © ITT Educational Services, Inc. All rights reserved.Page 7 IS3220 Information Technology Infrastructure Security What is a VPN?  Network that uses the Public Telecom Infrastructure (Internet ) to provide remote access to secure private networks  Allows organizations to privately transmit sensitive data remotely over public networks

8 © ITT Educational Services, Inc. All rights reserved.Page 8 IS3220 Information Technology Infrastructure Security What is a VPN?  Secures communication between separate private networks through tunneling  Protects sensitive information transiting the public network

9 © ITT Educational Services, Inc. All rights reserved.Page 9 IS3220 Information Technology Infrastructure Security What is a VPN?  Low-cost alternative to leased-line infrastructure  Supports Internet remote access  Provide remote access and remote control

10 © ITT Educational Services, Inc. All rights reserved.Page 10 IS3220 Information Technology Infrastructure Security What is a VPN?  Employs encryption and authentication for secure transmission  Restrictions for mobile users that ensure a baseline level of conformity and security

11 © ITT Educational Services, Inc. All rights reserved.Page 11 IS3220 Information Technology Infrastructure Security VPN Endpoints  Host Computer Systems  Edge Routers  Corporate Firewalls  Dedicated VPN Appliances

12 © ITT Educational Services, Inc. All rights reserved.Page 12 IS3220 Information Technology Infrastructure Security VPN Encryption Modes  Tunnel mode Protects packet from header to payload  Transport mode Protects only the packet payload

13 © ITT Educational Services, Inc. All rights reserved.Page 13 IS3220 Information Technology Infrastructure Security VPN to Connect a LAN with Remote Mobile Users

14 © ITT Educational Services, Inc. All rights reserved.Page 14 IS3220 Information Technology Infrastructure Security Drawbacks of VPNs  Congestion, latency, fragmentation, and packet loss  Difficulties with compliance and troubleshooting  Encrypted traffic does not compress  Lacks repeating patterns  More bandwidth-intensive than clear-text transmission  Connectivity requires high availability

15 © ITT Educational Services, Inc. All rights reserved.Page 15 IS3220 Information Technology Infrastructure Security VPNs Bridge Distant Connections  Home and satellite offices  May span separate cities, states, countries, geographic territories, and international borders  Provide varying levels of granular network access to separate locations  VPNs maintain confidentiality and integrity for users and data (C-I-A triad)

16 © ITT Educational Services, Inc. All rights reserved.Page 16 IS3220 Information Technology Infrastructure Security VPN Used to Connect Multiple LANs

17 © ITT Educational Services, Inc. All rights reserved.Page 17 IS3220 Information Technology Infrastructure Security VPN Used to Connect Multiple LANs with Remote Mobile Users

18 © ITT Educational Services, Inc. All rights reserved.Page 18 IS3220 Information Technology Infrastructure Security VPNs Security and Privacy Issues  Cannot ensure quality of service (QoS) or complete security  Links depend on availability, stability, and throughput of ISP connection  Not ideal connection method for dial-up modems or low-bandwidth links  Infected mobile users can potentially damage or disrupt the private network  Confidential data can be copied outside the boundaries of internal controls

19 © ITT Educational Services, Inc. All rights reserved.Page 19 IS3220 Information Technology Infrastructure Security VPNs Are Not a Cure-all Solution Upkeep, Updates, and Upgrades Safety and Security Software Fixes Software Patches Software Updates Hardware Upgrades Client Compliance Roaming profiles Tamper with systems Bypass restrictions Careless users Defiant users Inconsistent Security True VPN Trusted VPN Secure Hybrid VPN

20 © ITT Educational Services, Inc. All rights reserved.Page 20 IS3220 Information Technology Infrastructure Security EXPLORE: ROLES

21 © ITT Educational Services, Inc. All rights reserved.Page 21 IS3220 Information Technology Infrastructure Security Hardware-Based VPNs Dedicated Resources and Optimized Processing Advantages Designed for Routing Sustains Resources Streamlined for security Disadvantages Costs and Compatibility

22 © ITT Educational Services, Inc. All rights reserved.Page 22 IS3220 Information Technology Infrastructure Security Software-Based VPNs Platform-independent SSL/TLS VPNs to connect systems Advantages Install and Deploy Rapidly Connection Speed Portable and Efficient Disadvantages Complex to Install and Configure Server Exposed

23 © ITT Educational Services, Inc. All rights reserved.Page 23 IS3220 Information Technology Infrastructure Security Owned and Outsourced VPNs  Own or operate telecommunications infrastructure and VPN endpoints  Contract maintenance or management

24 © ITT Educational Services, Inc. All rights reserved.Page 24 IS3220 Information Technology Infrastructure Security EXPLORE: CONTEXT

25 © ITT Educational Services, Inc. All rights reserved.Page 25 IS3220 Information Technology Infrastructure Security VPN Tunnel  Encapsulates an entire packet within another packet  Encrypts payload and header (IP and UDP/TCP) to protect identities  Carrier protocol used to transmit the VPN packets  Encapsulating protocol packages the original data

26 © ITT Educational Services, Inc. All rights reserved.Page 26 IS3220 Information Technology Infrastructure Security VPN Transport  Encapsulates only the packet payload  Cannot prevent some forms of observation (eavesdropping and alteration)  Does not conceal endpoint identity  Ideal for direct endpoint-to-endpoint or endpoint-to-gateway communication

27 © ITT Educational Services, Inc. All rights reserved.Page 27 IS3220 Information Technology Infrastructure Security Cryptographic Protocols  Ensure confidentiality and non-repudiation  Require encryption algorithms, protocols, and authentication methods  Endpoints must support identical cryptographic protocols and methods

28 © ITT Educational Services, Inc. All rights reserved.Page 28 IS3220 Information Technology Infrastructure Security VPN Authentication, Authorization, and Accountability Mechanisms  Allow approved external entities to interconnect and interact with private network  Use varying methods for authenticating users (passkeys, biometrics, etc.)  Track and log user interactions to maintain user accountability

29 © ITT Educational Services, Inc. All rights reserved.Page 29 IS3220 Information Technology Infrastructure Security Network Protocols  Tunneling protocols package packets within packets for secure transport  Transport protocols package payloads within packets  Encapsulating protocols wrap around original passenger protocols  Carrier protocols carry the packaged VPN packets

30 © ITT Educational Services, Inc. All rights reserved.Page 30 IS3220 Information Technology Infrastructure Security VPN Deployment Models  True, Trusted, Secure, and Hybrid Models  Tailor VPN security to match organizational and data privacy needs  Establish control Components (software and hardware) Conversations (endpoint connections) Communications (network infrastructure)

31 © ITT Educational Services, Inc. All rights reserved.Page 31 IS3220 Information Technology Infrastructure Security VPN Deployment Models  Customers and providers may separately manage and maintain devices  Customers may outsource different aspects of VPN ownership and operation to service providers  Custom tailor ownership and operator responsibilities to budgetary needs

32 © ITT Educational Services, Inc. All rights reserved.Page 32 IS3220 Information Technology Infrastructure Security VPN Deployment ~ Appliances  Dedicated network offload devices  Specialized to handle VPN offloading from routers and host systems  Can be placed outside corporate firewalls for traffic filtering  Supplements existing corporate firewalls that do not support VPN services

33 © ITT Educational Services, Inc. All rights reserved.Page 33 IS3220 Information Technology Infrastructure Security VPN Deployment ~ Edge Routers  Transport VPN over public networks  Insures that all traffic complies with firewall  Ideal for customer and supplier or business partner access  Best suited for controlled access into DMZ

34 © ITT Educational Services, Inc. All rights reserved.Page 34 IS3220 Information Technology Infrastructure Security VPN Deployment ~ Corporate Firewall  Pass LAN-to-LAN traffic  Joined networks are treated as any other LAN route  Users don’t have to re-authenticate across segments  No additional firewall filtering or restriction applies

35 © ITT Educational Services, Inc. All rights reserved.Page 35 IS3220 Information Technology Infrastructure Security VPN Architectures  Remote access (host-to-site) supports single connections into the LAN  LAN-to-LAN and WAN (site-to-site) supports LAN-to-LAN via Internet  Client-server (host-to-host) supports direct connections via Internet

36 © ITT Educational Services, Inc. All rights reserved.Page 36 IS3220 Information Technology Infrastructure Security VPN Architectures  A corporation may control different aspects of the network  Authentication, Authorization, and Accounting (AAA) server deployment  Different technologies for different needs

37 © ITT Educational Services, Inc. All rights reserved.Page 37 IS3220 Information Technology Infrastructure Security VPN Supporting Services and Protocols  Enterprise-class VPNs require enterprise- class security  Authentication establishes levels of authorization and access  Cryptographic transport protocols don’t “play well” together

38 © ITT Educational Services, Inc. All rights reserved.Page 38 IS3220 Information Technology Infrastructure Security Summary  Strategies for protection of remote network access using a virtual private network (VPN)  Network architecture necessary for VPN implementation  Types of VPN solutions and common protocols used for connectivity and data transport  Planning and selection of VPN options for best value to the organization

39 © ITT Educational Services, Inc. All rights reserved.Page 39 IS3220 Information Technology Infrastructure Security Assignment and Lab  Discussion 7.1 Developing a VPN Policy and Enforcing VPN Best Practices  Lab 7.2 Implement a VPN Tunnel for Secure Remote- Access  Assignment 7.3 Create a VPN Connectivity Troubleshooting Checklist  Project 7.4 Network Design


Download ppt "© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 7 VPN Fundamentals."

Similar presentations


Ads by Google