Time
31 hours 29 minutes
Difficulty
Beginner
CEU/CPE
30

Video Description

VPN Concentrator This lesson discusses the VPN concentrator. A VPN concentrator is a network appliance that provides a connection point for remote users. The end users initiate the VPN client and connects to the public Internet. The data flows through the encrypted tunnel to the concentrator and then the concentrator authenticates. The VPN concentrator provides encryption and prevents RAS exposure and is capable of standing alone or implementing into the edge router.

Video Transcription

00:04
now our next device is going to be a BP and concentrator. Now we're talking about our VP and concentrators. This may sound a little bit like a proxy server, but do as we go through it, we won't. We want to make sure that we pay extra attention s O that were able to identify the differences between the two
00:20
now our VP and concentrator. Whereas our proxy servers essentially going to provide a man a man in the middle of the hopping point for our connection out to the public Internet ah, VP and concentrator is going to provide a connection point for remote users into an environment. It's going to provide a
00:38
point, the point encrypted tunnel over a public network.
00:43
So let's take a look at our process that we're going to use when we're connecting to the RR VPN.
00:48
So first
00:49
are in users. Our client computer, the computer that we're using as a remote user, is going to initiate our VPN client whichever service that we're using, if we're using a program or if we're just using built in Windows ex sensibility in order to set up our VP and client. Now remember our VP and stands for a virtual private network. Next
01:07
R M user is going to connect
01:10
to the public Internet, so they're going to connect to the Internet to allow them to connect to our in point.
01:15
And then the client is going to initiate an encrypted tunnel to the VP and concentrator. So the VPN concentrator is going to be what receives this encrypted connection
01:26
and is going to begin to try to authenticate it.
01:29
Next, our concentrator is going. Either are concentrator is going to authenticate or is going to pass on the authentication to a say, an author authentication server, maybe a
01:41
some sort of radius server that's going to authenticate us or authenticate. It's just based on simply a password for that BP and concentrator and then off the VP and concentrators going Thio essentially somehow authenticate us and then decide whether or not it's gonna pass us through and then after it passes us through, then it's gonna provide encryption
02:00
and
02:01
point to point connective ity between us and our end point.
02:05
So before we move on to our other two here, let's take a look at our diagram here to make a little bit more sense of this.
02:14
So what's the BPM?
02:15
Well, VPN stands for virtual private network,
02:19
which means
02:21
we're essentially providing what? See what looks like a Internet
02:25
private network connection on a public service.
02:30
So over here on the left, we have our little coffee shop
02:34
generic brand
02:36
coffee shop
02:38
with a picture
02:40
of a coffee mug on the roof,
02:44
and we're at the coffee shop trying to get some work done, and we realized that we need to connect in
02:50
to get a file off of a server at work.
02:54
Now we're not at work. So how do we connect them?
02:59
Well,
03:00
the people who set up our network at work
03:02
Or maybe that was even us had the foresight to set up a VPN connection, set up a VPN concentrator.
03:09
So what we do
03:13
is our computer right here
03:15
fires up.
03:17
It's V P and client
03:20
initiates an encrypted tunnel to this public router here,
03:24
encrypted connection over the Internet
03:29
and then an encrypted connection over to our office.
03:34
So what's with this encrypted connection? Why do we need to initiate a point? The point encrypted connection over the Internet?
03:40
Well, we were passing information over the public Internet. There are plenty of places between connection a point A and point B
03:50
where someone could be listening in.
03:53
This is a coffee. This is a public coffee shop with open part public wireless access point. So because it's an open public wireless access point,
04:00
any of these other computers in the coffee shop could be listening into the data that we're sending
04:06
this remote. While this wireless router could be listening into the data that we're sending,
04:12
someone between our coffee shop and our office building could be listening into the data that we're sending.
04:19
And if we're sending data that is apartment to our job,
04:24
our job does not want us to be sitting that data in the clear. It doesn't want us to be sending that unencrypted,
04:30
so it wants us to initiate an encrypted connection.
04:33
Now, something on the other end needs to be there in order to receive that encrypted connection, and that's gonna be our VP and concentrator.
04:41
So
04:42
we have a encrypt what's called an encrypted tunnel over a public network with our blue line here.
04:49
So are in client computer needs to have some way in order to initiate that connection needs to have some sort of authentication method in order to connect to that VP and concentrator, which we have right here.
05:03
So
05:04
what? What else does this VP and concentrator do for us? Well,
05:09
our client computer
05:11
initiates a BP and tunnel over to our office, and now all of the connections that we send all of the data that we send is going to go through this tunnel before it goes anywhere else. And because it's encrypted, no one can listen in. And no one can see what's being sent on this data
05:29
as it goes to the other side. If it was in the clear, someone could easily sniffin on that traffic and see what we're sending, See what type of packets and see what date is going on there.
05:38
So
05:40
onto our other two things Here,
05:43
rvp and concentrators provide us with encryption and prevent exposing a remote access server.
05:48
Now, other than a VPN concentrator, we could just have a server provide remote access
05:54
we could say Okay, well, why do I need a VPN concentrator walking? And I just stand up a server inside my environment and use that as remote access server
06:01
Well, what you're doing now. If you stand up a remote access server,
06:04
is your exposing one of your internal servers to everyone out here on the Internet?
06:14
Let's take a look at this logically rather than physically now. So what?
06:17
Our network
06:19
and remember, we're connecting to our office here. The very first device that the Internet is going to hit, as is coming into our office, is going to be our router.
06:29
That's what's going to be be transmitting that data between our internal network to our external public network.
06:38
After that, it's whatever we set it up as
06:41
now, if we just directly connect
06:44
the public network to our internal network
06:47
and then have a remote access server,
06:49
that remote access server is essentially
06:53
directly connected to the Internet.
06:56
Anyone from anywhere out on the Internet can try and hit that server and try any number of exploits or try any number of, uh,
07:04
cracks or any number of essentially, they can try lots of different things. In order to try toe crack into that server, they can try different picking through different passwords and usernames at it. They can try anything they want, and if they hit that they could just hit that server and keep hitting it over and over and over again.
07:19
But if we have a VPN concentrator, essentially what we're doing
07:25
is we're creating a demilitarized zone.
07:27
So we throw in our VP and concentrator here,
07:30
connected to our edge router. And then our VP and concentrator is connected to a second router which is then connected to our internal devices. So anyone coming in from the outside isn't hitting any of our servers? They're not hitting any of our in client computers.
07:45
If anything, they're only trying to get to this VP and concentrator. And this VP and concentrator really doesn't have any pertinent information on It's not a server. It's not what may be a server, but it doesn't. We're not gonna have it hosting other files or user accounts or anything like that. All it is, it's an in point for our VP in connection into our network,
08:05
so it provides us with additional additional security. Ah, VPN concentrator prevents us from having to expose a remote access server to our public to a public network, and it could be stand alone or can be implemented in tow, on edge router so we can have our V p. M. Concentrator being a standalone device.
08:22
Well, we can implement our VP and concentrator as an edge router. A lot of routers
08:28
come with a lot of business class. Routers now come with the ability to act as a VPN concentrator. We connect into that ed router using its public I p address, and then we authenticate ourselves and boom, we have a VPN connection.
08:43
So VPN connection. We have encryption.
08:46
We prevented our internal network from being exposed to the Internet by just having having no demilitarized zone
08:54
and
08:56
where we have a good, secure connection were able to access. Our internal resource is we're able to work from the coffee shop. Essentially.
09:03
So
09:05
So what's the deal with having
09:09
with having are encrypted connection just to our office? Why don't we just connect in and then have it send us the file that we need? And then we're done
09:18
Well,
09:20
now, don't think of this so much as an office. But just think of this as our home environment.
09:28
Let's say maybe we're doing some mobile banking from the coffee shop. Maybe we're working on something that we don't necessarily want the other people in the coffee shop to see
09:37
Well, we can set up a VPN concentrator. We could set up a cheap BB in concentrator in our home environment and then connect back to that
09:43
no matter what, whenever we're out in public. And so now all of our data is encrypted because as we're connecting to the Internet,
09:52
all of our data goes through our VP and tunnel first.
09:56
So the first thing we do when we sit down in the coffee shop and turn on our Internet is connect to our VP and network.
10:01
And then once we've connected to our VPN,
10:03
all of the data that we're sending is first going to go down this VP and tunnel
10:09
encrypted,
10:13
and then it's gonna go back out to the Internet,
10:16
then go back to the VPN encrypted back to us
10:22
so it takes a little bit longer. We have a little bit more Leighton see, but because it's being encrypted the entire way, we're not exposing ourselves to the other people in this coffee shop. At no point is our traffic unencrypted when it's going in and out of the coffee shop because remember, say
10:39
this person right here is listening in to all of the traffic that's going on. So you want all of our traffic to be to be secure.
10:46
So whether you are working from home or working from a coffee shop and you want to be able to connect in securely and get files from a file server in your office, or whether you're connecting just back to your home office in order to secure whatever Internet connection you have when you're working from when you're working on documents from a coffee shop
11:05
or if you are a, say, a business that's handing out laptops to people
11:09
and you want all of their data to be encrypted and you want all of their data to be content filtered and you don't want them accessing certain websites on this work computer, then you can mandate that before they're even able to log in. They have to have that VPN connection connected. So if they have that VP and connected,
11:26
if they had that VPN connection connected,
11:30
then it's gonna make sure that all of their traffic is filtered through your office to your office Internet by being connected to that VP and concentrator
11:37
so it's a little bit of a that's a pretty deep. It's a pretty big topic VP and concentrators, but
11:45
just just know that they're going to provide us with a connection point for remote users. They're gonna provide us with encryption and is gonna help prevent us from exposing our internal network by setting up a device that all it does is provided in point for that V p. M. And doesn't doesn't expose our internal service to the external networks.
12:05
So thank you for joining us here today on cyber today we talked about the purpose and features of a couple different network appliances. We talked about our load balancers or content filters are VPN, concentrators and our proxy servers. So hopefully you'll have a better a little bit better on understanding of these different types of devices and what they do and how they work
12:24
on you
12:26
necessary. Maybe consider that implementing them in your own environment. So study up on them. And we're glad you joined us here today as we had our nice conversation about them. And we hope to see here next time on cyber Dad, I take

Up Next

CompTIA Network+

This CompTIA Network+ certification training provides you with the knowledge to begin a career in network administration. This online course teaches the skills needed to create, configure, manage, and troubleshoot wireless and wired networks.

Instructed By

Instructor Profile Image
Anthony Harris
Systems Analyst and Administrator at SAIC
Instructor