Virtual Private Network

What is VPN?

• A virtual private network, or VPN, is an encrypted connection

that secures data transmission between devices over the
Internet.

• This encrypted connection safeguards sensitive information

from potential threats and unauthorized access. In enterprise
environments, VPNs facilitate secure connectivity to corporate
resources, ensuring data integrity and confidentiality.
What does a VPN do?
• A VPN forms a secure connection called a tunnel. Data from a device using a VPN is
encrypted and sent through this tunnel. When a device uses a VPN, it appears to be
part of the VPN's local network. The virtual private network transmits and receives data
for the device via its secure link. This ensures a safe connection for remote internet
users to a business network.

• Using a VPN means data moves online via a safe tunneling protocol. This data is
encrypted to prevent unauthorized access. Common encryption protocols include
Transport Layer Security (TLS) and Internet Protocol Security (IPsec). Encryption
changes data into a code that requires a specific key to decode. The protocol packages
data with recipient details. A program then verifies the user, allows entry, and records
actions during the connection.
What does a VPN Hide?

A virtual private network hides a device's

original IP address by rerouting its traffic
through a different server. This makes the
device appear as if it is coming from the VPN's
server location, not its actual location. In doing
so, the actual connection source remains
concealed, preventing adversaries from
pinpointing the original device's location.
• A virtual private network also encrypts the data being sent
and received. This encryption ensures that even if someone
intercepts the data, they cannot easily decipher its contents.

• A VPN conceals both the origin of the connection and the

data being transmitted, offering a two-fold layer of privacy
and security.
Whats are VPN used for?

Enterprise VPNs have two primary use cases:

secure remote access and secure site-to-site
connectivity. While consumers primarily use
them for privacy or bypassing geo-restrictions,
businesses have a broader spectrum of
requirements. In the corporate domain, the
utility of virtual private networks extends to
the protection of sensitive data, compliance
with internal policies, and assurance of
consistent remote access to critical
applications.
 Secure Remote Access

• Remote access VPNs allow employees to access

corporate networks from mobile devices, home offices
and other remote locations. Remote access VPNs
provide a safe way for remote users to access internal
business applications and resources from any location.
This ensures employees and stakeholders can access
necessary resources without compromising security.
 Secure Site-to-Site Connectivity

• Site-to-site VPNs are used to create secure tunnels

between sites, or computer networks, rather than a
specific user location or device. Site-to-site VPNs perform
encryption/decryption of traffic in transit, ensuring all
inbound/outbound traffic from either site is secure. Site-
to-site VPNs are used to securely connect corporate
headquarters, branch offices, data centers, and/or
private, public, or hybrid clouds.
 How Secure Are VPNs?

• Virtual private networks are important and useful connectivity tools but do
not provide complete protection on their own. Common corporate
connection types like remote access and site-to-site are not infallible
without the added support of other security tools.

• The growing remote workforce population and cloud adoption require a

more comprehensive network security approach. Organizations should
look for network security platforms that combine virtual private network
capabilities with other cybersecurity tools when protecting devices or data
operating beyond the corporate perimeter.
 Why Do You Need a VPN?
• VPN connections are essential business tools for enabling remote work. They extend an
organization's network and provide the ability for remote employees to securely access
company data and resources. This is done by encrypting traffic and tunneling that traffic
from one location to another.

• Facilitating remote access is not only about secure connectivity but maintaining
productivity. Having the right security measures in place to protect the network and
support uninterrupted business operations is crucial.

• A virtual private network helps ensure that the remote workforce remains connected
safely to the apps and services they need to perform their duties and stay productive
while outside corporate offices.
 VPN Features

Secure remote access, Zero Trust

implementation, and support for BYOD are
critical foundational features organizations
should look for in their solution or platform of
choice.
 Authentication and Access Control

• Authentication is a critical aspect of any virtual private

network. Supporting a variety of authentication methods,
such as Kerberos, RADIUS, LDAP, and SAML 2.0, ensures
that user identities are verified before granting access.
After authentication, the user-to-IP-address mapping is
maintained. Strong multifactor authentication options can
add an extra layer of security, with cookie-based
authentication available for repeated accesses.
 Limited Host/Endpoint Information

• A host information profile can provide an inventory of

endpoint configurations. This data is then used to
enforce application policies based on the device's
security status. With this feature, VPNs can consider
various attributes of a device, such as its type, software
versions, encryption configuration, and backup status,
to ensure it meets the required security standards.
 Types of VPN

A site-to-site VPN connects two or more

distinct networks securely over the internet.
This connection allows separate networks, such
as a main office and a branch office, to share
data.
 Remote Access VPN

A remote access virtual private network

(sometimes referred to as a client-to-site VPN)
enables users who are working remotely to
securely access and use applications and data
that reside in the corporate data center and
headquarters. It encrypts all traffic users send
and receive.
 Cloud VPN

Cloud VPN, aka hosted VPN or VPN as a service

(VPNaaS), is specifically designed for the cloud.
A cloud VPN enables users to securely access a
company’s applications, data, and files in the
cloud through a website or via a desktop or
mobile application.
 SSL VPN

An SSL VPN is a virtual private network that

uses the Secure Sockets Layer (SSL) protocol or
its successor, the Transport Layer Security (TLS)
protocol, to ensure secure remote access
through a web browser. As browsers or
operating systems update, the protocol
versions are updated correspondingly. This
type of virtual private network allows devices
to connect to an organization's network
resources without requiring specialized
software.
 VPN Protocols

Internet Protocol Security (IPsec) is a suite of

protocols designed to ensure secure
connections over networks by encrypting and
authenticating IP packets.

The suite defines key protocols: Authentication

Header (AH) and Encapsulating Security
Payload (ESP), which both encrypt and validate
data. Integral to IPsec's functionality is the
Internet Key Exchange (IKE), responsible for
generating shared security keys.
Secure Socket Tunneling Protocol (SSTP) is a
protocol developed by Microsoft to establish
secure virtual private network connections.
Primarily engineered to provide enhanced
security over its predecessors, PPTP and
L2TP/IPSec, SSTP offers encryption and
authentication mechanisms grounded in
SSL/TLS certificates.
An open-source protocol, OpenVPN is known
for creating secure point-to-point or site-to-site
connections. It utilizes techniques that
accommodate both routed and bridged
configurations while also offering remote
access facilities.
 Install your own VPN

• Install OpenSSL on Windows

– https://www.youtube.com/watch?v=PgP9oGGxLG
0
– https://www.youtube.com/watch?v=coaGBdUcKi
w
– https://www.youtube.com/watch?v=cBa87N_BZ4s
PLEASE TRY GUYSSSSS