Time
1 hour 53 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
welcome back to end user BP and Security Course in this mess, Um, I will be talking about types of we peons it. These there are ways to classify them.
00:11
So first way to classify weepy ends is, by the way it's implemented that were the way they are. That's a
00:19
put their in place. So there are essentially two ways to implement the VPN, and one is to use hardware
00:27
and the other is Do suffer.
00:30
So if you're using Carver using a networking equipment made by several manufacturers today,
00:38
and not many of the make hard Rabi peons, especially the ones that are there to provide several part off VPN because what you can have is a small device that you use on your user side if you move from home, for example.
00:56
But if you want something powerful enough to service tens or hundreds of people looking at the same time to the corporate weepy end, and there are just a couple of manufacturers in the world today that can make such a harder or they think the job.
01:11
On the other hand, you can have a soft German. She's essentially self brilliance, stolen the server. It can be a physical server so we can run the bare metal. Or
01:23
it can be virtualized environment in which you can have a server farm and then you have virtual machines running on it. Then you have one dedicated
01:33
to your BPM.
01:34
So what are the differences?
01:37
Hado runs? Why are, by definition more expensive? But it doesn't have to be case. So when it's not the case, imagine Europe small business owner. And suddenly this whole Corbett 19 epidemics thing forced you to make people work from home.
01:53
And then you have you have to invest fully in the equipment. If you would need to buy a server and softer license and old infrastructure there and you have just tanning, please.
02:05
It could be more expensive than to buy just a piece of hardware that will service you from your side in the company. And then you just install some kind of client on the PC's and everything is fine. It works so sometimes it can be cheaper.
02:21
Also, these things there foster,
02:23
uh, but not necessarily. So there is, ah, question mark to this faster as well
02:29
What it means that these things work fast. They give you guaranteed speeds because the processor on the device that is handling the encryption is sized perfectly to what the guarantees be this, And if you have link, that is good enough, you will get that speed. So,
02:50
uh, it's on the other hand, if you have, ah, patrols environment
02:54
on dure running, suffer on you can just add more processing power or more cores or whatever. More memory, more more hard drive space to the server, running yourself or VPN, and then someone can become foster off course you have,
03:10
uh, what's a sequestered in a process? Huge chunk off your computing resource is.
03:17
But these things
03:21
no
03:22
just give you the faster system, so it really depends on my do me by faster.
03:28
On the other hand, if you already have the severing several environment on which you would install your software VPN, then the softer VPN can be cheaper because you have already paid for the environment. And if you have, it's a free processing time on the
03:46
server farm. Tojust add another virtual machine.
03:49
It will be cheaper. You will have to pay just the license for the software, and sometimes you can find the open source, after which is free.
03:57
On the other hand, the harbor ones are less flexible but also easier to set up. Why?
04:03
Because them, although some VPN software is our brother, simple to set up. If if you're using the hardware one, you just access it through your through its ah based interface
04:20
and just do the settings, according to somebody is advice. Usually the manufacturer. You just need to enter some things like your
04:28
internal I P addresses what you want.
04:30
The people. What is the address range that you will if I p addresses that you will give to people logging into your system and so on? It's on, and if you're actually using it to connect to geographical sides in your in your company, that's even easier to set up. You just need to set up some
04:48
protocols and stuff like that. So if you if you know how to. If you are doing this, you already know how to do these things.
04:55
So it's rather simple.
04:57
Ofcourse, they're less flexible because it's something is not there to be set up some new feature or sub something, then it's not there, so you cannot do it on the other side. If you have a softer based VPN and it simply cannot do some things you need,
05:13
you can just switch to another soccer. Okay, there is a thing about licensing and everything but
05:17
the cost being taken aside in this argument.
05:23
These things, because they're self where they're much more flexible in terms off what do what can you achieve with them?
05:30
Also, these things are much more scalable because they said, if you need more power or you need to suddenly accommodate not 50 of remote uses, but 500 to just give more processing power to a virtual machine, and then suddenly it becomes mature much more powerful, so you can scale up things easily,
05:50
while if you
05:54
are using harbor and the harder device. For example, on your service side provide you we do 100 remote connections, and then you need 120. You need to buy one more device that gives you 1 20 more, but they actually gives you 100 more. The other 80 won't be using,
06:13
so
06:14
it's much easier to scale the software we're doing compared to Hard River.
06:18
On the other side, hardware is a little bit more safer. Why is it safer? Because when you have ah server than the softer runs on the server and this is additional potential risk. So the software running a VPN kennel to be compromised. So
06:39
this this is another thing that
06:41
the the harder version is much safer because it's a harvest in there and the okay, probably cannot. They be updated, but it's much more difficult to bypass that than to do something on the server.
06:58
So these air two ways to implement European.
07:00
Then, based on usage, you have three types. 1st 1 is remote access VPN, which is set up on the server or on the harbor on the corporate side.
07:14
And then employees can access it to log into it and toe work from remote locations, which can be home, which can be hotel there on holiday
07:23
or some venue if they are on some kind of rent or on the road. Basically, they are
07:30
traveling
07:31
for sales reasons or for support reasons.
07:35
They can log in from whatever by five they find, and they then switch on the VPN and they have a safe connection to your system. So in this case, you usually have some kind of agent on a PC, and you have, AH, software or hardware in the company.
07:54
Freddie can serve multiple connections, so this is remote access VPN.
07:59
Then you have a site to site weepy in, which allows you to connect to different locations toe, say one network
08:11
using Internet connection on both sides in a way that it's safe.
08:16
And then you have mobile VPN, which is quite similar to the,
08:22
uh, remote access VPN, and I will explain the differences in a couple off sides.
08:31
So when we talk about remote, creepy and you're just going to a little bit of money, it'll service early there for remote workers
08:37
on and users connect a weepy in Gabriel VPN server in the company. Now what is very important is that there is a process off identity authentication, Um uh, in which,
08:52
uh, essentially you have to make sure that whoever is logging into your corporate
09:00
system has or company system has the rights to do it.
09:05
So you it's usually not just password that they said, so it can be.
09:09
It can be smart card, plus
09:13
being cold, or it can be password plus fingerprint or some kind of the kind of education it's most common today. Spark card. What's been
09:24
because these systems are essentially very, very safe. Also, it cannot. It doesn't have to be physical. Smart car. You can have a virtual smartcard suffer inst older on every client PC,
09:39
which during installation has the pro goto process of authentication by itself. So
09:45
you cannot install these things while your remote. You have to be physically present in the corporate environment connected to the network, usually by wire, not wirelessly.
09:56
And then you get everything set up for the first time, and then when you go out, then you have this kind of virtual smartcard.
10:05
It usually uses l two TP plus I t sick or SSL or some kind of protocol that is essentially based on This is so.
10:15
And it is Theo nly practical Safeway for employees to logging and to browse the Internet and to do anything them while they are not in the office. And it is highly recommended for anybody who has influence in making such decisions to make
10:35
VPN connection mandatory so you can log even from unsafe
10:39
Ah, place like I don't know, some kind of, you know, Internet Cafe, or just the bar or restaurant, which offers free by five. And even if that free by flies, maybe being monitored or something. You want to establish weeping connections
10:58
quite safe.
11:01
So the next one is site to site VPN, and it's there to connect physical sites so it can be
11:09
that you have to connect to offices of the same company, which is then called Internet, because then they are sharing the same address space everything. Or it can be extra net. For example, if you have a outside company, which is working as a subcontractor on some deal
11:28
with you. So you have to put these people in in a way that they can share information
11:33
much faster than with some.
11:35
What's the sharing services, which are like to change files of things or send emails or whatever, but they're not your company, so they will not get the same address range. Then it's called extra.
11:48
They're not easy to implement, although if you're using harder pieces than it's much easier because you have to harbor devices of each and then basically they provide you anything, you just need to set them up
12:01
and the focus off the site to site weapons. Not to be flexible, the focus is to provide guaranteed speed link. So if you having Internet on both sides, I don't know 100 megabits per second
12:16
and you say Okay, I know I'm going to get some laws, but I need to provide at least 80 megabits per second between those two locations.
12:24
Then what? The design construction of Cyprus I creepy in always is that speed that has to be available to people on both sides of old times.
12:37
And then you have mobile we peons, which is very similar to weepy in the remote weepy end. The only substantial difference is that when you have a classical removed, 3 p.m.
12:48
If person is, for example, working from home and then disconnect from the Internet on that location and goes, I don't know, switches toe mobile connections over the mobile phone,
13:01
BBN gets disconnected. And if it's done properly, then the whole thing drops down,
13:07
so you have to reconnect if you're having the mobile weepy. And what happens is, for example, using it from your mobile phone and you are in your car and it works So you're connected to repeat and you can receive your mail. You're going for example, to a meeting.
13:22
You don't want to miss anything. And then you you exit the car and go to a meeting and you go to the office off what's a customer or partner company?
13:33
And then you connect to their by fire, and it immediately switches to the
13:39
to that location without breaking your BPM
13:43
so you don't have one physical I p address.
13:46
What you have is one logical I p address that your device has.
13:50
And then there is one layer that basically translates the physical. I'd be addressed that you have at this moment to this logical I p address which Europeans using
14:00
So we pian remains connected while you roam from one connection to another, which is really, really important cases. So these are the three types of weepy, and when it comes to how they are set up in what they're used for
14:16
and now with the end, there is a short question for you which says, What is the main difference between the remote and mobile weepy end? So it was mentioned just before the possible incident. Mobile weeping more secure mobile VPN loves roaming or mobile We peons foster.
14:35
And the correct answer is small by weepy in the loves roaming.
14:39
So
14:39
I didn't give you any time and he pause So you can think of the answer because I spoke to it like less than a minute
14:46
ago.
14:50
In this video, I have talked about heartburn software, every peons how they different basically implementation. And then I spoke about three different VP and types based on usage so remote mobile and side to side will be and
15:05
and in next lesson, I will be taking talking about infrastructure you need in order to make weepy in work.

Up Next

End User VPN Security

In this course, students will learn the history of VPNs (Virtual Private Network) and who needs to use a VPN. This course will also teach students about the different types of VPNs and the hardware that is needed to implement VPNs.

Instructed By

Instructor Profile Image
Milan Cetic
IT Security Consultant
Instructor