VPN as a Client

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey Cybrarians. Welcome back to
00:00
the Linux Plus course here at Cybrary.
00:00
I'm your instructor Rob Gills.
00:00
In today's lesson,
00:00
we're going to cover using VPN as a client.
00:00
Upon completion of today's lesson,
00:00
you are going to be able to understand using
00:00
VPN versus using SSH for connecting remotely.
00:00
Then we're going to differentiate between
00:00
the different security methods that are
00:00
used in VPNs to establish connectivity.
00:00
We've been using SSH a lot
00:00
during this course and while SSH is
00:00
really useful for connecting to
00:00
remote resource inside of the company,
00:00
a VPN is much better for connecting
00:00
remotely to a resource when
00:00
we're on a public network connection and
00:00
just in general to secure the network communication.
00:00
That's because VPN establishes
00:00
secure encrypted connections over public networks.
00:00
That is between us and
00:00
the resource that we're trying to access remotely.
00:00
VPN leverages PKI,
00:00
which we talked about in the last lesson.
00:00
It's leveraging PKI to
00:00
authenticate and communicate with the VPN server.
00:00
Now, there are several different types of
00:00
secure communication protocols
00:00
>> that can be used with VPN.
00:00
>> It's important for us to talk about
00:00
those and we're going to do that in this lesson.
00:00
Now, first up is the Internet
00:00
>> Protocol Security or IPSec.
00:00
>> IPSec is a Layer 3, which is a network.
00:00
Remember from network plus,
00:00
network is Layer 3.
00:00
IPSec is a Layer 3 framework and that's
00:00
at the core of most VPN applications.
00:00
There are several components that can be used by IPSec.
00:00
For authentication, we can use
00:00
Authentication headers, the AH protocol.
00:00
We can also use encapsulating security payload or ESP.
00:00
That provides authentication as well as encryption
00:00
and integrity and then optionally we can use ISAKMP.
00:00
Now that's how I've always been told to pronounce it.
00:00
I apologize if that's wrong.
00:00
ISAKMP however, you want to say it.
00:00
That's used for key management.
00:00
Now, IPSec has two modes.
00:00
There's a tunnel mode,
00:00
which is where all data and headers are protected,
00:00
the entire connection is secured or
00:00
sometimes you just use transport
00:00
because you don't care about the headers,
00:00
you just want to make sure that the data is protected,
00:00
the data inside of that VPN connection.
00:00
That actually gets secured by
00:00
the encapsulating security protocol or ESP.
00:00
Now you may not need to know about
00:00
these two modes for the Linux plus,
00:00
but I can assure you you're
00:00
going to get asked about them on
00:00
the security plus because
00:00
that is something you see a lot.
00:00
Please make sure that you understand that,
00:00
especially if you're moving forward in
00:00
your studies and going on to get that, sir.
00:00
Now, Secure Sockets Layer or SSL
00:00
was replaced by Transport Layer Security or TLS.
00:00
Now I mentioned that here because a lot of
00:00
times people talk about SSL/VPN.
00:00
Strictly speaking, that's a misnomer.
00:00
SSL is no more, there's just TLS.
00:00
When you hear SSL/VPN,
00:00
just remember that TLS replaced
00:00
it and both of these provide
00:00
asymmetric encryption to confirm
00:00
the system's identity and establish their connection.
00:00
But just like we talked about before,
00:00
asymmetric encryption is good when you're trying to
00:00
establish trust across an insecure medium.
00:00
But then after the fact what it does,
00:00
is it uses symmetric encryption to secure
00:00
that data inside of the VPN connection.
00:00
Now a VPN client that's using
00:00
TLS should be using at least TLS 1.2 because
00:00
TLS 1.1 is now insecure and TLS 1.3 is
00:00
the newest version so don't be surprised if
00:00
[LAUGHTER] in a couple of months or year,
00:00
we start using TLS 1.3 instead.
00:00
Now SSL and TLS as we
00:00
know is generally the province of the web browser.
00:00
We've seen that, HTTPS,
00:00
secured networking rights, secured web browsing.
00:00
Fittingly, when we're talking about these type of VPNs,
00:00
they can be deployed over a web browser.
00:00
Now, the last type of
00:00
communication protocol we're
00:00
>> going to talk about today is
00:00
>> the Datagram Transport Layer Security or
00:00
DTLS, secure communication protocol.
00:00
It's based upon SSL,
00:00
TLS but by comparison,
00:00
it uses the User Datagram Protocol,
00:00
UDP instead of TCP.
00:00
It's sometimes called UDP, TLS.
00:00
UDP is connectionless, we know this.
00:00
There is no handshaking,
00:00
so it doesn't need to establish
00:00
>> connection handshake like
00:00
>> TCP does and because of that, it's faster.
00:00
DTLS does have the same benefits and
00:00
security protections as TLS.
00:00
With that, we've reached the end of this lesson.
00:00
In this lesson, we covered using
00:00
a VPN versus using SSH and then how to
00:00
differentiate between the different security methods
00:00
that can be used to secure that VPN connection.
00:00
They are IPSec and remember
00:00
the two modes here, tunnel and transport.
00:00
SSL which is really TLS now and DTLS.
00:00
Thank you so much for being here.
00:00
I look forward to seeing you in the next lesson.
Up Next