VPN Concepts
Uploaded by
spiderrysVPN Concepts
Uploaded by
spiderrysINFORMATION SHEET AL 102
“VPN Concepts”
A virtual private network (VPN) is a framework that consists of multiple remote peers transmitting
private data securely to one another over an otherwise public infrastructure (generally a shared IP
backbone), such as the Internet. In this framework, inbound and outbound network traffic is protected
by using tunnels that encrypt all data at the IP level. The framework permits networks to extend beyond
their local topologies while providing remote users with the appearance and features of a direct
network connection.
VPN is a very useful technology for employees working remotely or employees who need to connect to
remote computer systems in a secure manner. VPN may be used on local networks or across the
Internet. Consequently, it is a very important tool.
There are two types of VPN’s:
The first is the Remote-Access type. This type of VPN is commonly used for an individual to access a
central network. We will call this a User-to LAN connection. The user connects to the Internet from any
ISP (Internet Service Provider) and then creates a secure connection to the central network. Once that
secure connection is created, he or she can access the resources on that central network.
The second type of VPN is a Site-To-Site VPN. With this VPN, an entire location (or remote network)
may be connected to a main network. An example of this would be a bank with several connected
branches. The main office would have a network and then each branch would have a secure connection
(VPN) into the man office so communications and sharing of resources between the two sites would be
secure. Both of these networks allow the user(s) in the remote location to be a full part of the internal
central network without fear of security and data breaches.
The well designed VPN is both fast and secure. It will contain as many of the following features as
possible:
Data Security:
This is the most important service that any VPN provides. All Internet traffic is routed over public
networks and is visible to all computers in it’s path. Therefore data encryption and confidentiality is
critical. Encryption is the process of taking all the data that one computer is transmitting and encoding it
into a form that only the other computer will be able to decode.
Data Integrity:
Data must not be changed while it is in transit, and the reliable VPN includes checks to ensure that data
does not change. Data changing during transmission is a sign of tampering.
Data Origin Authentication:
The VPN must verify the source of the data. The identity of the sender can be spoofed (or faked) and the
VPN server must know the true source of the data.
Anti Replay:
The VPN server must be able to detect and reject replayed (or duplicated) packets and this helps
prevent spoofing.
Data Tunneling/Traffic Flow Confidentiality:
Tunneling is the process of encapsulating (or hiding) an entire packet of data inside of another packet
while sending it over the network. Data tunneling is helpful when you may wish to hide the identity of
the sending device. Only the trusted peer (or receiving system) is able to identify the true source of data.
Most VPN’s use one of these protocols to provide encryption:
IPSec:
Internet Protocol Security Protocol (IPSec) provides enhanced security features such as stronger
encryption algorithms and more comprehensive authentication.
IPSec has two encryption modes: Tunnel and Transport.
The tunnel mode encrypts the header and the payload of each packet while the transport mode only
encrypts the payload. The payload is the data being sent, and the header is the identifying information
for each packet. Only systems that are IPsec compliant can use this protocol. All of the devices must
have a common key or certificate and must have very similar security policies setup.
PPTP/MPPE:
PPTP was created by the PPTP Forum, a consortium which includes US Robotics, Microsoft, 3COM,
Ascend, and ECI Telematics. PPTP supports multi-protocol VPNs with 40-bit and 128-bit encryption using
a protocol called Microsoft Point-to-Point Encryption (MPPE). It is important to realize that by itself,
PPTP does not provide data encryption.
Setting up a VPN on Windows using Secure Socket Tunneling Protocol
(SSTP) involves a series of steps.
Here's a step-by-step guide:
before
Step 1: Check Your Windows Version
Ensure that you are using a Windows version that supports SSTP. SSTP is supported on Windows 7 and
later versions, including Windows 10.
Step 2: Gather Information
You'll need the following information:
Server IP or Domain: The IP address or domain name of the VPN server.
VPN Username and Password: The credentials required to connect to the VPN.
VPN Server Certificate (Optional): Some setups may require a server certificate for additional security.
Step 3: Open Network Settings
1. Open the Settings menu by pressing `Win + I`.
2. Click on "Network & Internet."
Step 4: Add a VPN Connection
1. In the Network & Internet settings, select "VPN" from the left sidebar.
2. Click on "Add a VPN connection."
Step 5: Configure the VPN Connection
Fill in the VPN connection details:
VPN Provider: Windows (built-in)
Connection Name: Give your VPN connection a name. (Computer Science VPN)
Server Name or Address: Enter the IP address or domain of the VPN server.
(SSTP Hostname : [Link])
VPN Type: Select "Secure Socket Tunneling Protocol (SSTP)."
Type of Sign-in Info: Choose "Username and password."
Username and Password: Enter the credentials provided by your VPN provider. (user: VPN, Pass: VPN)
Remember my sign-in info: Optionally check this if you want Windows to remember your credentials.
Step 6: Save the Configuration
Click on "Save" to save your VPN connection settings.
Step 7: Connect to the VPN
1. Once you've saved the VPN configuration, go back to the main VPN settings.
2. Select the VPN connection you just created.
3. Click on "Connect."
4. Enter your username and password if prompted.
Step 8: Verify Connection
Check your network icon in the system tray. If the VPN connection is successful, it should show that you
are connected to the VPN.
After
