VPN – Virtual Private Network

  1. What is a VPN?
    • It is a logical connection between two entities typically secure over an unsecure channel.
    • Virtual – Private network traffic transported over ‘public’ network
    • A sort of tunneling is created to achieve that.
    • Private – Traffic is isolated and optionally encrypted.
  2. Why do we need VPNs?
    • Cost savings
    • Compatible with any transport technology (traffic issues)
    • Security
    • In earlier 1980s they mainly focused on providing services not on security.
    • After some attacks, they came to know that security is the essential thing for shared medium.
  3. Eavesdropping attack:
    • Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, and videoconference or fax transmission.
    • The term eavesdrop derives from the practice of actually standing under the eaves of a house, listening to conversations inside.
    • The attacker is going to access the content of the packet (Man in the middle attack) using Wireshark, SPAN, RSPAN…etc.
  4. Masquerading attack:
    • A masquerade attack is an attack that uses a fake identity, such as a network identity to gain unauthorized access to personal computer information through legitimate access identification.
    • If an authorization process is not fully protected, it can become extremely vulnerable to a masquerade attack.
    • In this attack, the attacker is going to hide his own identity and pretend to become someone else
  5. Phishing attack:
    • Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.
    • It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
    • The recipient is then tricked into clicking a malicious link, which can lead to the revealing of sensitive information.
    • Now it is not allowed.
  6. VPN Examples:
    1. VLAN
    2. Frame-relay PVC (via DLCI)
    3. MPLS VPN (layer2/layer3)
    4. AToM
    5. GRE
    6. IPsec
    7. SSL
    8. MACsec
  7. What are the types of VPN?
    1. Site to Site VPN (supported by Router & ASA)
      • Between two VPN gateways (router-router/firewall-firewall)
      • Statically or dynamically assigned IPv4/IPv6 addresses
      • IPsec is the framework used to secure data
        • IKEv1 or IKEv2 are used to dynamically negotiate the tunnel
      • Some vendors, not Cisco also offer SSL VPN
    2. Remote VPN (Router & ASA)
      • Between a VPN gateway and an end-user/device
      • VPN gateway has a static IPv4/IPv6 address
      • End-user has a dynamic IPv4/IPv6 address in general
      • Client-based
        • IPsec (IKEv1 or IKEv2) and SSL VPN (TSLv1 or SSLv3)
      • Clientless, browser-based
        • SSL VPN only (TLSv1 or SSLv3)
    3. DMVPN (Router)
    4. GETVPN (Router)
    5. FIEX VPN (Router & ASA)
    6. SSL VPN (Router & ASA)
  8. Features of VPN:
    1. Confidentiality
    2. Integrity
    3. Authentication
    4. Anti-replay
  9. Confidentiality:
    • It can be achieved only by CIPHER.
    • CIPHER: It is used to convert the plain text traffic into unreadable format.
    • CIPHER types:
      1. Stream CIPHER: Bit by Bit encryption
        • This is very CPU intensive work, so it is not supported by Cisco
        • This method can be used for highly secure communication. (Military, Navy)
        • Suppose we has to send 10 bits data then it runs the algorithm 10 times for encryption & 10 times for decryption, total 20 times.

Leave a comment

Design a site like this with WordPress.com
Get started