VPN Concentrators 2.1 Flashcards
Virtual Private Network
An encrypted tunnel. There are hardware and software based VPN options. Sometimes client software will have the VPN built into the OS.
VPN Concentrator
An encryption/decryption device. Often integrated into a firewall. Designed to secure multiple, conversations into one channel.
Remote Access VPN
Has on-demand access from a remote device. Software connects to a VPN concentrator. Some software can be configured as always on.
TLS VPN (Transport Layer Security)
Uses TLS protocol (TCP/443) Very common use, most networks allow this to flow freely.
Full VPN Tunnel
Full VPN tunnels route all traffic through the VPN.
Site to Site VPN
Always, or almost always on. Firewalls act as VPN concentrators.
IPSec (Internet Protocol Security)
Security for OSI Layer 3. Authentication and encryption for every packet. Confidentiality and integrity/anti-replay. Very standardized and common. Different firewall brands should have no problem communicating together. Two core IPSec protocols. Authentication Header (AH), Encapsulation Security Payload (ESP). Can do both AH and ESP simultaneously or individually.
Modes of IPSec
Transport mode and Tunnel mode.
Authentication Header (AH)
Hash of the packet and a shared key. MD5, SHA-1, or SHA-2 are common. Adds AH to the packet header.
(IPSec Datagram in Tunnel Mode)
New IP Header || AH Header || IP Header || Data
Encapsulation Security Payload (ESP)
Encrypts the packet. MD5, SHA-1, or SHA-2 for hash and 3DES or AES for encryption. Adds a header, a trailer, and an Integrity Check Value.
(IPSec Datagram with ESP in Tunnel Mode)
New IP Header || ESP Header || IP Header || Data || ESP Trailer || Integrity Check Value
TLS
Transport Sockets Layer - the successor to SSL
Split VPN Tunnel
Split VPN tunnel, remote user will connect to third party site w/o use of VPN tunnel, while still being able to route through the VPN to necessary locations.
