1 hour 53 minutes
Welcome back to and user VPN Security Course
and welcome to Module three in reaching, Going to talk about how weepy and works.
So when we talk about how we pian works, I'm going to talk about Technology is behind the VP, and I am going to give you an example off how the whole process of communication between two points in BP and work.
So in this lesson, I'm going to focus just on the technologies behind the VPN
and when we talk about the crouches behind weepy and we're talking about networking and software things that are involved in creation of BPM.
So VPN is essentially a tunnel between two points
on the Internet,
which through VPN can communicate directly. So the data from one going from one point to another or the other way they go directly from these two points. They don't what they roam the Internet in in process of communication.
I'm not going to go into details on how is this achieved, because this is rather complex networking technology and requires a lot of knowledge on networking before you could understand it. But
I'm just going to focus on protocols that stand behind. We PM today,
and I'm not going to talk about all of them because there are
quite a few of them. But I'm going to mention four most important ones.
So the 1st 1 I'm going to talk about this people to be, which is the oldest one. It's very fast, but not so secure.
Then I'm going to talk about combination off L two tp protocol with I p sec,
which isn't that working practical by itself.
It gives you a dual encryption but provides less speed.
And when we talk about speed, we're talking about the fact that when we have a PN in being crypt data, it is going through that BP in channel.
We have to spend some time. So if we're sending some some data from pointed, we we have to spend some time during sending into encrypting them. They also take some processing power
and the stronger the encryption. ACC usually takes more time,
and then on the other side, we have to decrypt it. This data before it's transferred to wherever it's supposed to go.
So because we have dual encryption here we have
we spend essentially twice the time
in the order to decrypt it and encrypted and said we were using a single encryption to make it simple, which reduces the speed. So if you have a certain band wink of your Internet connection and it's usually the connection on the client side because on the server side we usually have much more,
then we haven't issue that it's actually spending some time during preparation of data being sending while sending it
so you cannot achieve the full speed eo off your Internet connection. Till was lower. The question is only how much lower.
I'm not going to talk in percentages, but I P sec combined middle to Teepees, usually the slowest version.
Then we have asses to STP,
which is Microsoft's proprietary protocol, which means it runs only, and those machines
it's really secure. But its downside. That is not the whale bone, any other operating system
and the last owner. I'm going to talk about his open with PN, which gives you very good encryption and the biggest advantage of open VPN is the reason implementation of this protocol on almost every important operating system with this they
so when we talk about PP to be its name, its acronym is short for point to point tunneling protocol. It was, if you have listened the history part. It was published by Microsoft in 1999 and by those standards in off 1989 it had really good encryption.
The problem is that this encryption, by today standards is really weak. On the other hand, because it's spending little time on the encryption, it reduces the speed of the link very little. So it's considered to be very fast.
It's going out of face today a lot, although I have seen some companies still using BP ins with people to be when connecting to geographically distant locations, thinking that it's less of security. Risk my advice to anybody using people to bees to get away from it as soon as possible.
So the next thing is combination of l two tp plus I P sec and the L two. TP itself is called Layer to Tunneling Protocol.
It was designed to be combination of people to Pete that we just mentioned and the Cisco's proprietor rail tohave protocol
and by itself it's really good, but it gives the best results when combined with the SEC
and combined with I P second gives you two stages of protection because the l two tp in the current version, which is version three, has its own protection. Plus, I p SEC is networking protocol automatically can encrypt. Data are that is going through a network. So we have
two levels of protection, which is always
better than one.
the problem is that as long as faras security goes, it Z really good on get supports multi level authentications, which is really important for companies that are using it to allow remote workers to connect.
But it's not really fast because it's a doing twice the some kind of encryption of data,
which gives you
it's essentially visible reduction of speed. I remember when I was working in a company that was using this kind of combination when you had a very bad Internet connection. Like, for example, when I was on holiday and I was loving from some some
It's a cafe or a restaurant, and the connection wasn't very fast When I introduced the VPN when I connected to Wi PM,
it was almost impossible to to browse the net because it was really slow,
it has its disadvantages, but it's really popular among administrators
in the companies that provide the people the ability to work remotely.
Now SST peas short for secure socket tunneling protocol. It is windows only, uh, softer. So both sides, which is,
um, client and the server. They have to run Windows operating system because it's implemented on Windows Now. For companies, this may be OK if they're using windows only,
Um uh, clients like Old PC's have to run Windows operating system. Then it's OK,
but the problem comes if they have to use ah VP. And they went collecting from their mobile phones, which is getting more and more important things security today.
Eso um, the good thing about this protocol. It doesn't use exports,
so it's easier for it to get through firewalls on the very good thing is that it's very fast. But as I said, the implementation of SST P is limited with the fact that you're using apple or android phone.
There is no way that you can establish justice the teepee connection to your server,
uh, which is really bad because there are no more with those 10 mobile phones on the market.
ATTN. Moment when Windows 10 Mobile was introduced. It was working fine. I remember I was using it at the time. But simply because Microsoft's has abandoned Windows 10 Mobile, it's not developing it anymore.
It's giving us a problem in terms of practical usability offices. DP.
And in the end, we have open VPN.
And the best thing about open VPN is the open that it's open source, so its implementation off different operating systems is easy.
Ah, like um ah assist e p. It's using guess SL's Westie Ellis
protocols for communication, which proves to be probably the best way to create the VPN today because in this way it's giving you quite a lot off.
Let's say you
features that you can use one of those. It provides different method of applications so you can have appreciate secret keys. For example, if you're using it to establish communication between two geographic locations,
he can use passwords and certificates, which also gives you
very good flexibility when you're using it for, ah, remote work and connectivity, especially if you're using mobile phones
and also because it's using us a selfie less.
It can easily bypassed firewalls, and then it is which is really usable form itin instances that want to implement the open VPN. But they don't want tohave their security structure behind their network changed in any way
because they think that allowing weepy in Togo to firewalls or establishing an exception in the firewall for VP and creates additional security risk.
So that's all about technologies off ppm. I'm not going toe talk any more details about the other
ah, protocol that are well below there, although there are.
But I'm just going to give you a short learning check. So question for you is on which operating systems is SST be working. So the possible answers are android Lennox and I. ***
number two is just Windows and dire ***, and number three is just Windows.
And let me give you a couple of seconds to think of the answer. Although it's quite WC have listened carefully.
Couple of slides back. The answer is Windows. So this is the biggest disadvantage offices to be
Okay, so in this video you have learned about most important technologies or protocols and rich we peons based, and the next lesson I'm going to give you an example off of BP in communication