VPN Server
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey Cybrarians, welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Gills, and in today's lesson,
00:00
we're going to be discussing VPN servers
00:00
and that VPN server role.
00:00
So upon completion of today's lesson,
00:00
you are going to be able to understand
00:00
the purpose of a VPN server and
00:00
explain a little bit about how
00:00
a VPN server works to protect traffic.
00:00
Now, organization's employees more often
00:00
than not need to connect remotely
00:00
>> to the company network,
00:00
>> especially with a lot of us working from home nowadays,
00:00
but when we're doing this,
00:00
we're connecting back to the company's network,
00:00
that traffic can be dangerous,
00:00
the access point that we're using,
00:00
they were sitting at a coffee shop and it's just open,
00:00
that's insecure, or where we might be trying to get to
00:00
the company network across
00:00
a public Internet connection in the company network,
00:00
the hops between that
00:00
>> one of those could be compromised.
00:00
>> In general, when you're coming
00:00
from a remote internet connection,
00:00
it provides a lot of opportunities
00:00
for bad actors and they can gain
00:00
unauthorized access to the company data
00:00
that you're trying to use,
00:00
or they can compromise the integrity
00:00
of the network traffic entirely.
00:00
The solution for all of these problems is to use
00:00
the virtual private network protocol or a VPN.
00:00
So the VPN protocol creates a secure
00:00
point-to-point tunnel between the remote client
00:00
and the VPN server,
00:00
and VPNs do this by creating
00:00
>> an encrypted traffic tunnel.
00:00
>> Now, VPNs could do this in one of two ways,
00:00
they either use a pre-shared key
00:00
and something called IPSec,
00:00
which uses symmetric encryption,
00:00
symmetric encryption means that both sides
00:00
know the key, or alternatively,
00:00
you can use SSL and TLS certificates
00:00
and asymmetric encryption,
00:00
and this is generally just to establish
00:00
a connection so that you can share a key.
00:00
If we don't know what the other side is,
00:00
we haven't already established
00:00
connectivity and
00:00
established which key we're going to use,
00:00
let's use that asymmetric encryption to verify trust,
00:00
and then we can share the key we
00:00
want to use going forward.
00:00
In Linux, the most common VPN
00:00
packet you're going to find is something
00:00
called OpenVPN,
00:00
now OpenVPN defaults to using port 1194 on UDP,
00:00
but you can configure it to use any port and
00:00
you can use TCP over UDP.
00:00
Open VPN is an example of
00:00
an application that requires a certificate authority,
00:00
which we talked about previously in the lesson.
00:00
Installing VPN is a lot complicated,
00:00
a lot, so too much to cover in this lesson,
00:00
but definitely read up on it if you're interested,
00:00
it is fascinating and very cool stuff,
00:00
very good use of cryptography
00:00
and all these other things recovering,
00:00
as we go through this course.
00:00
Let's go through a VPN connection in detail and just
00:00
at high level so we can understand how this works.
00:00
A client is going to connect to the VPN network,
00:00
and if they don't have that pre-shared key,
00:00
if they're not doing symmetrical encryption,
00:00
what we need to do is establish trust, as I said,
00:00
using asymmetric encryption with
00:00
SSL or TLS certificates, and once we've done that,
00:00
then we can go ahead and share a key between us,
00:00
and we can use that going forward to send
00:00
all traffic and protect our communication.
00:00
After that, the client is asked to
00:00
authenticate using username and password,
00:00
or they might also have to
00:00
use two-factor authentication,
00:00
I know in some VPNs that I've
00:00
seen that I've also had to enter in like
00:00
a fob or a one-time pad
00:00
from an app on
00:00
my phone or maybe a hardware token that I use,
00:00
that there's two-factor authentication
00:00
ensuring that I am who I say that I am,
00:00
and once that's established now
00:00
the traffic from the client's going
00:00
to flow through the VPN,
00:00
and I can go directly to the network or to
00:00
the company network that you are trying to access
00:00
or the network on the other side of the VPN,
00:00
and the traffic can flow differently
00:00
though depending upon the tunnel type.
00:00
Some organizations may want
00:00
all traffic flowing through the tunnel,
00:00
they might want all traffic
00:00
going through the VPN to the company network,
00:00
but other organizations might say,
00:00
"Yeah, we don't really care about that,
00:00
we don't want you to using our VPN, to stream Netflix."
00:00
So we're only going to protect
00:00
the traffic, going to the company network.
00:00
We're only going to encrypt that and
00:00
send that through the tunnel,
00:00
all other network gets
00:00
routed through the common internet,
00:00
and this is called a split tunnel.
00:00
Full tunnel, all traffic goes through
00:00
the VPN to the company network,
00:00
split tunnel only the company traffic goes through
00:00
the VPN and all their public Internet traffic
00:00
doesn't go through the VPN.
00:00
But with that, we reached the end of
00:00
the lesson, and in this lesson,
00:00
we covered the purpose of
00:00
a VPN server and securing remote access,
00:00
and then we also had a high-level overview of how
00:00
VPN server works and how a VPN connection works.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next
Instructed By
Similar Content
