Published June 18, 2023, 3:20 p.m. by Naomi Charles
Explain how VPNs and IPsec are used to secure site-to-site and remote access connectivity.
Explain how the IPsec framework is used to secure network traffic.
You may also like to read about:
one of the uh greatest telecommunication
subscriber telecommunication companies
in Kenya is safaricom and safaricom uh
one thing very interesting when you work
with or force of cardicom
is that
they choose to give you their own laptop
they choose to buy for your laptop
rather than you buying for yourself a
laptop and of course that's because of
security measures
and the reason why safaricom will choose
to give you their own laptop is because
those laptops come already installed
with a VPN and they can always you know
monitor the activities of your device
and you might not be able to install or
uninstall any applications without their
permission all right
and so they use
a VPN I think a safaricom
telecommunications company
uh which is one of the greatest in
Eastern Africa they use VPN from Cisco
they use a vpns from Cisco and it which
does a very good job so for this party I
will explain how vpns and we learn of a
special type of VPN called IP security
vpns and how it is used to secure side
to side and remote access connectivity
so we look at the benefit of a VPN
technology
then we'll describe the different types
of vpns and then we will finally explain
how the IP security framework or VPN is
used to secure uh
connections now
uh the VPN technology is a very
interesting topology and
one of the major things that it does is
that it creates an end-to-end private
network connections okay so a VPN just
from its name is actually a virtual
circuit and it carries information in
them very secure manner over the public
internet so it's not easy to hack into
it because of some of the encryption and
authentication and mechanisms that we
are going to talk about okay so traffic
is always encrypted and looking at the
diagram we see here looking at the
diagram we see here realize that
um we have this main site yeah main
organization this is the headquarters
here
and there is this a corporate you know
there's a firewall The Cisco adaptive
security plans firewall here
and there are guys yeah that work within
a branch here using a Cisco router
and CIS karata is normally able to be
configured by the way with a VPN there's
a regional office which is also a
firewall uh which can be configured with
a VPN
there's a Soho Network here a small
office home office Network
where this is when someone is obviously
working from home and within the Cisco
router is also installed with a VPN and
there's a remote worker here and this is
what safaricom does for its employees
when they're working offline
they are installed with the Cisco's VPN
called anyconnect application
which actually provides a VPN Services
okay
now
current or modern vpns currently support
and treatment features like in one of
those encryption features is the IP
security
and the SSL and you know SSL which means
secure socket layer
the and these are types of vpns and so
the SSL was actually a technology that
is being done away with it because it's
being replaced by What's called the TLs
the transport layer security okay and
both of these vpns either it's SSL
security I'm in SSL vpns or the IP
security vpns they are both used to
secure traffic between sites
but there does exist uh many uh
advantages or benefits of using vpns and
one of those benefits as we already seen
of course is the cost savings the cost
element
remember every organization wants to
um have some change remaining you know
you want to you you want to invest and
remain with some money for you so that
you get some profit you need profit that
is higher than the expenditure and so
organizations will always use vpns to
reduce their connectivity options while
simultaneously increasing remote
connection uh bandwidth
of course they are secure because of the
encryption and authentications for their
users
uh in terms of scalability vpns allows
organizations to use the internet
and they can add as many users as
possible within their vpns
they are very compatible with most of
the connectivity options and that's one
of advantages that you know VPN has for
us
like I had mentioned
two types of vpns Remote Access VPN
Remote Access VPN
and uh this is whereby of course we have
mobile users which must have an
application installed on your laptop or
on your phone and the other type is the
Remote Access VPN and this is a VPN that
is normally implemented within the
router okay
so long as you are connected that router
which is you are can be your default
gateway
then you can actually you're actually
protected okay
no
vpns can be created in either using IP
security or the SSL vpns
and this brings us to what we call
either a clientless VPN connection
where the connection is done using the
browser all right
so when you see SSL here you must be
thinking about https all right because
protocols like SSL and TLS they're the
ones that make https to be more secure
than http
and so the cloudless VPN is a VPN that
its connection is normally secured using
the web browser all right
then the cloud-based VPN connection
uh and by the way they and this is going
to divide either the IP security or the
SSL so the client VPN an example is the
clientless VPN an example is the SSL VPN
and then the client based VPN
client based VPN
the
the client-based VPN is actually one
that requires a client software
and an example I gave you was the Cisco
anyconnect is uh one of the uh secure
Mobility plan software which must be
installed either on your mobile phone or
on your laptop or on a desktop computer
so every time you want to use the VPN
you must actually log into using your
username and password the credentials
you must log into that VPN when using a
client based VPN connection
so looking at the
diagram we have here
uh
we realize that this is a client the
best VPN you can sit
is actually actually oh this is this is
the client-based here this is a client
based here because the laptop or the
tablet must be installed with the
application but the uh the SSL VPN the
clientless
you just need a browser and that's it
any divisor device that has a browser
and so at this point in time we want to
look at the difference between the two
of them okay the difference between the
SSL
vpns and the IP security VPS okay now do
note that the SSL VPN normal uses uh uh
pkl which is a public key infrastructure
okay
and um
it also uses digital certificates to
authenticate the peers okay
now this table is going to summarize for
the for us this uh two technologies
and um looking at the table here we are
going to make a comparison of them in
terms of the application supported in
terms of the authentication length
encryption strength connection
complexity uh even the connection uh
options okay
and so
to start us off let's look at
um
let's look at these differences and
we'll start with a application supported
okay
um
Let's uh talk about in terms of the
application supported for IP security
VPN remember this is the one that uses
um a client software
all IP based applications will actually
work so it's a bit extensive but for the
SSL vpns only devices that have a web a
web a web browser will be supported all
right
uh or a web sharing application for that
matter file sharing
then in terms of the authentication
strength
uh the IP security has a two-way
authentication with the shared keys or
digital certificates
while the SSL one has a one-way or
two-way authentication it's a bit
moderator
in terms of the encryption strength
in terms of the encryption strength
the key lines in IP security are a bit
stronger between 56 to 2 to 256 bits of
encryption okay
while that of the SSL as a moderate to
strong encryption from 40 to 56 bits of
encryption
all right
then
in terms of the connection complexity
uh the IP security vpns requires a VPN
client installed on your device
but the SSL VPN only requires a web
browser on a host
okay
then the connection options for the
connection options
we have uh
uh the ipse Securities VPN is limited
because only devices with that
particular application will be used but
for the SSL VPN it's a bit extensive
because any device with a web browser
will definitely be able to connect so
that is something that is obviously
nothing okay
now
in terms of uh the side to side clearly
you can see
decide to set VPN normally you have a
Gateway here
so
this organization has the main branch
here
and it has a a
branch location and maybe this is can be
in one city and this is in another city
and so this VPN connected to anything
it's always configured on the router and
the firewall okay and so the client
normally connecting to this network they
don't have to uh use any credentials to
log into the VPN
and that's why they have no knowledge
that they're actually using a VPN
because any traffic they generate will
go to the router then the router will
encrypt that traffic to the firewall on
the VPN Gateway okay
we already saw the site the the the the
remote access one which does the
opposite you must have the application
uh installed on your device we have what
you call the GRE over IP security
now GRE was actually one of the
protocols is actually a Cisco
proprietary protocol for configuring
non-secure vpns and there is something
for you to note
GRE the generic routing encapsulation
is normally a non-secure side-to-site
VPN tunneling protocol
but for you to secure VPN
you must combine VPN with IP security so
to encapsulate and secure the traffic
within GRE
you must add it to the IP security to be
able to make it more secure
so it will be something like this
we need to carry traffic from the branch
router to the HQ router and there's a
GRE you know configured on the two of
them on Virtual circuits so if they need
to exchange any ispf routing information
in a secure manner then
yeah
looking here of course we have the
original packet in green inside there
then in brown we have the tunnel the
Jerry tunnel is the brown one the second
one
then the blue one will be ipsecurity VPN
to be able to encapsulate and secure
that particular communication so that is
uh what's called the GRE over IP
security okay
uh we also have What's called the DM
dmvpn dmvpn the dynamic multi-point vpns
this is another side to side IP security
VPN and GRE of Ip security and
um
the the the this particular uh protocol
which is also a Cisco proprietary
solution provides multiple vpns in very
easy Dynamic and scalable Manner and so
it simplifies the implementation of uh
VPN tunnels and provides a very flexible
option to connect Central sites to its
branches okay
now if you remember the Harvard spoke
topology it's normally used by the dmvpn
and it uses also the full mesh topology
okay
this one is very secure and each site is
normally uh configured using multi-point
uh GRE the MGR the mgre
which is basically a tunnel interface
which allows single GRE interfaces to
support multiple IP security channels so
that is a dmvpn
now talking about IP security uh and
this is the last thing we talk about and
then we get going
uh IP security Technologies uh is an
ietf internet engineering task force
standard which defines how vpns can be
secured across a public IP network okay
so it will normally uh protect and
authenticate packets between a source
device and a destination device and that
is providing security
so four elements here we have
confidentiality which we have talked
about before
confidentiality is normally ensured
using encryption algorithms okay and
this is to prevent cyber criminals from
accessing or reading any packets as they
are being transmitted over the Internet
okay
okay
so confidentiality please mark
confidentiality confidentiality is
always ensured using
encryption algorithms inclusion
algorithms and encryption is the process
of you know uh uh and encryption ensures
that only
um I mean confidentiality shows that
only authorized users can have access to
information
then we have integrity Integrity which
is always ensured using hashing
algorithms and our integrity is
basically ensuring that uh information
passing from a social destination is not
changed or it's not altered in any
manner
and then we have origin Authentication
origin authentication uses a a key I
mean an internet key exchange Ike
protocol to authenticate the source and
the destination so what you want to do
is that you want to guarantee that the
information comes from where it says it
comes from we have to authenticate the
origin that it's the sender is actually
the person that we are told is sending
or the what the packet says it's sending
but in terms of the digital key
exchanges we have the death Hellman I
think we did talk about DH previously in
our security topic so the DH or the Devi
Hillman is majorly useful exchange of
the keys the public and key exchanges
and so an IP security uh VPN
are
must be bound by some of these uh rules
and it integrates confidentiality
integrity
authentication and the diff element key
exchanges okay
and so like we said
for the IP security protocol we need the
the ah which is the authentication
errors the ESP and the ESP plus the ah
for to provide the
um Hyper Security protocols to ensure
confidentiality
within the VPN we must have this
encryption algorithms and we are talking
about uh data and preference standards
the days we are talking about tripoders
and we talk about the the AES the
advanced encryption standards and of
course the the scl as well when you talk
about integrity to make sure that no one
Alters our messages and they are being
transmitted over the internet
we have
hashing algorithms like the md5 the
message digest five we have the Shah the
secure hashing algorithm as encryption
as a hashing algorithms to ensure
integrity
then in terms of the authentication to
authenticate uh when you want to log
into you use your VPN application
we have the pre-shared key uh as a
protocol and we also have the RSC which
is we also learned RSA in SSH when we
say uh crypto key generate RSA you know
we always generate those authentication
keys so RSA basically uh refers to the
letters refer to the names of three guys
who actually invented this algorithm and
so that refers to the revised the Sharma
and Adelman
and this is uh our authentication
protocols again then for the death
Helman for key exchanges between the
source and the destination devices
um to ensure security within the key
exchange
we have the the field Man 2 all the way
all the way so this is the structure of
our the framework of the IP security
looks like and it needs to have all
these uh elements so that it's
considered as secure you know for secure
and remote access so I think
this brings us to the end of this
particular uh uh concept here
um
I don't know if uh
we don't have any questions then you
know we could meet during the next uh
chapter which will be uh
2CUTURL
Created in 2013, 2CUTURL has been on the forefront of entertainment and breaking news. Our editorial staff delivers high quality articles, video, documentary and live along with multi-platform content.
© 2CUTURL. All Rights Reserved.