- by x32x01 ||
With growing numbers of individuals working remotely in pandemic of Covid-19, telecommuting or traveling with increasing frequency, the traditional business security model continues to evolve. With the advent of widely available high-speed Internet access coupled with VPN technologies; the secure, clearly defined perimeter many organizations like PrivacySharks once enjoyed becomes a bit less distinct.
Virtual Private Networks are implementations of cryptographic technology which is a private and secure network connection because all network traffic between these machines passes through this “virtual” tunnel.
Virtual private networks (VPN) are used by remote clients to securely connect to company networks.
See more on VPNSurfers to protect yourself from being hacked online.
In the most common implementation, a VPN allows a user to turn the Internet in private network. As you know, the Internet is anything but private. However, using the tunneling approach an individual or organization can set up tunneling points across the Internet and send encrypted data back and forth, using the IP-packet-within-an-IP-packet method to transmit data safely and securely.
A VPN can also be used to ensure the identity of the participating machines.
Virtual Private Networks are implementations of cryptographic technology which is a private and secure network connection because all network traffic between these machines passes through this “virtual” tunnel.
Virtual private networks (VPN) are used by remote clients to securely connect to company networks.
Types of VPNs
- WAN VPN – Branch Offices
- Access VPN – Roaming Offices
- Extranet VPNs – Suppliers and Customers
Why VPN
Virtual Private Network (VPN) connections can be an effective means of providing remote access to a network; however, VPN connections can be abused by an adversary to gain access to a network without relying on malware and covert communication channels.See more on VPNSurfers to protect yourself from being hacked online.
In the most common implementation, a VPN allows a user to turn the Internet in private network. As you know, the Internet is anything but private. However, using the tunneling approach an individual or organization can set up tunneling points across the Internet and send encrypted data back and forth, using the IP-packet-within-an-IP-packet method to transmit data safely and securely.
A VPN can also be used to ensure the identity of the participating machines.
VPN Security
- User accounts for VPN connections should be separate from standard user accounts.
- Multi?factor authentication should be used for VPN connections.
- Device authentication ensures that a device establishing a VPN connection is approved for such purposes.
- VPN termination points should be within a DMZ to allow for the proper inspection and auditing of unencrypted VPN traffic prior to entering and leaving a network.
- Devices accessing a network via a VPN connection should disable split tunnelling.
- To prevent unauthorized connection, a whitelist of approved MAC or IP addresses should be implemented.
- Effective logging and log analysis of VPN connections is vital to accounting for activities performed on a network.
A list of famous VPN Tunneling Protocols:
- GRE: Generic Routing Encaptulation (RFC 1701/2)
- PPTP: Point-to-point Tunneling Protocol
- L2F: Layer 2 forwarding
- L2TP: Layer 2 Tunneling protocol
- ATMP: Ascend Tunnel Management Protocol
- DLSW: Data Link Switching (SNA over IP)
- IPSec: Secure IP
- Mobile IP: For Mobile users
VPN Acronyms:
| No. | Abbreviation | Full Name |
|---|---|---|
| 1 | AAA | Authorization, Accounting, and Auditing |
| 2 | AFT | Automatic Firewall Traversal |
| 3 | AH | Authentication Header |
| 4 | ATMP | Ascend Tunnel Management Protocol |
| 5 | AVP | Attribute-Value-Pair |
| 6 | CA | Certification Authority |
| 7 | CAST | Carlisle Adams and Stafford Tavares |
| 8 | CBC | Cipher Block Chaining |
| 9 | CERT | Computer Emergency Response Team |
| 10 | CFB | Cipher feedback |
| 11 | CHAP | Challenge Handshake Authentication Protocol |
| 12 | CRC | Cyclic Redundancy Check |
| 13 | DES | Data Encryption Standard |
| 14 | DHCP | Dynamic Host Configuration Protocol |
| 15 | DLSW | Data Link Switching (SNA over IP) |
| 16 | DMZ | Demilitarized Zone |
| 17 | DNS | Domain Name Service |
| 18 | DSA | Digital Signature Authorization |
| 19 | DTS | Digital Timestamp Service |
| 20 | EAP | Extensible Authentication Protocol |
| 21 | ECB | Electronic code blocks |
| 22 | ESP | Encapsulating Security Protocol |
| 23 | GRE | Generic Routing Encaptulation |
| 24 | HTTP | Hypertext Transfer Protocol |
| 25 | IDEA | International Data Encryption Standard |
| 26 | IETF | Internet Engineering Task Force |
| 27 | IKE | Internet Key Exchange |
| 28 | IMPs | Interface Message Processor |
| 29 | IPSec | Internet Protocol Security |
| 30 | IPX | Netware IP |
| 31 | IPv4 | IP version 4 |
| 32 | ISAKMP | Association Key Management Protocol |
| 33 | ISP | Internet Service Provider |
| 34 | IVPN | IP VPN |
| 35 | JAVA | Just Another Vague Acronym |
| 36 | KMI | Key Management Infrastructure |
| 37 | L2F | Layer 2 Forwarding Protocol |
| 38 | L2TP | Layer 2 Tunneling protocol |
| 39 | LDAP | Lightweight Directory Protocol |
| 40 | MAC | Message Authentication Code |
| 41 | MD2 | Message Digest 2 |
| 42 | MD4 | Message Digest 4 |
| 43 | MD5 | Message Digest 5 |
| 44 | MPLS | Multiprotocol Label Switching |
| 45 | MPPE | Microsoft Point to Point Encryption |
| 46 | MS-CHAP | Microsoft CHAP |
| 47 | NAS | Network Access Server |
| 48 | NAT | Network Address Translation |
| 49 | NBS | National Bureau of Standards |
| 50 | NDS | Netware Directory Service |
| 51 | NIST | National Institute of Science and Technology |
| 52 | NSA | National Security Agency |
| 53 | NT5 | Windows NT 5.0 |
| 54 | OFB | Output feedback |
| 55 | OTP | One-Time Password |
| 56 | PAP | Password Authentication Protocol |
| 57 | PIX | Private Internet Exchange |
| 58 | PKI | Public key infrastructure |
| 59 | PPP | Point-to-Point protocol |
| 60 | PPTP | Point-to-point Tunneling Protocol |
| 61 | RADIUS | Remote Authentication Dial-in User Service |
| 62 | RAS | Remote Access Services |
| 63 | RC2 | Ron’s Code 2 |
| 64 | RC4 | Ron’s Code 4 |
| 65 | RC5 | Ron’s Code 5 |
| 66 | RFC | Request for Comment |
| 67 | RSVP | Resource Reservation Protocol |
| 68 | S/WAN | Secure Wide Area Network |
| 69 | SHA | Secure Hash Algorithm |
| 70 | SKIP | Simple Key Exchange Internet Protocol |
| 71 | SNA | System Network Architecture |
| 72 | SNMP | Simple Network Management Protocol |
| 73 | TACACS | Terminal Access Controller Access System |
| 74 | TCP | Transport Control Protocol |
| 75 | TLS | Transport Level Security |
| 76 | UDP | User Datagram Protocol |
| 77 | VPDN | Virtual Private Data Network |
| 78 | VPN | Virtual Private Networks |
| 79 | WAN | Wide Area Network |
| 80 | WFQ | Weighted Fair Queueing |
| 81 | WFW | Windows for Workgroup |
| 82 | WRED | Weighted Random Early Drop |
| 83 | XTACACS | Extended TACACS |
Last edited: