n Operates at the network layer
n Allows multiple and simultaneous tunnels
n Encrypt and authenticate IP data
n Focuses more on Network to Network Connectivity
n Hardware and Software devices that utilize VPN Standards
n Two types: IPSec Compatible and Non-IPSec Compatible
n Installed on a networks perimeter and encrypt traffic between the two
n Because IPSec only work with IP
n Operate at Network Layer
n Two Modes:
n Tunnel Mode – entire packet is encrypted and encases in IPSec packet
n Transport Mode – Only datagram is encrypted leaving IP address visible.
n Datagram: A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination.
n Common non-IPSec compatible include SOCKS, PPTP and SSH
n SOCKS is not traditional VPN protocol but is robust and operates at Application Layer.
n PTP implemented in Win95 and NT
n Multiprotocol and uses PAP and CHAP user authentication.
n Compresses Data
n End-to-End encryption
n Secure Shell SSH-2
n Not strictly VPN but can be used as one with Terminal Session
Firewall Based VPNs
n Frequently available with Third Generation (Stateful Inspection) Firewalls
n Operate at the Application layer
n Performance degradation is often a problem
Data Networking Basics
Data Network Types:
n Local Area Network (LAN)
n Wide Area Network (WAN)
n Internet, Intranet, and Extranet
Local Area Networks – LAN
n Discrete network for limited geographical area like a building or a single floor
n Two most popular LANs are:
n CAN – Campus Area Network – connects multiple buildings with each other over switched backbone
n MAN – Metropolitan Area Network – LAN over a city wide metropolitan area.
n Both CAN and MAN can have a connection to WAN
Wide Area Networks – WAN
n Network of sub networks that interconnect LANs over large geographic areas.
n WAN is basically everything outside of LAN
n The Internet is a WAN originally funded by the DOD
n Uses TCP/IP
n Internet like logical network that uses a companies internal physical network structure
n More security and control than Internet
n Uses Internet tools like browsers.
n Extranet can be accessed by users outside of the company, (i.e. vendors and partners) but not the general public.
n Includes some type of authentication or encryption