we just talked about our VP ends a little bit our clients to sight on our site to site VP ends now R v p n's are VPN in and of itself. Isn't a protocol of our virtual private network is VPN is not a self contained protocol we need we need and we utilize other protocols
in order to form a V p. M. So there are multiple different protocols that we need to take a look at in order to understand which is the best one and to understand which protocols we can utilize in order to create a VPN in order to create a secure, encrypted tunnel over a public network.
So our first, our first couple of the peons that we're gonna talk about these are our Web browser based based VP ends Now. These air, not necessarily
VPN, is that we'll be using to connect toe work. These are more typically VP ins that will be creating when we're making a transaction or performing secure functions on the Internet.
If we go online and we go to buy something and were in the checkout and we're about to enter our credit card information, you may notice that the address at the top of the page changes from http to https and you see the airlock there. Now, what is that little lock? And what is the http to https meat?
Well, essentially, what that means is our information and transit is now secure.
That information has now been sent is now being sent through what is essentially a secure encrypted tunnel from us to the Web server or us to the perching sing server. Now, this is good for this is good for us because if we're in an open place or if we're on the Internet in general,
we don't want our credit card information or our user log ins or our personal address and our other information
to be transmitted in clear text over the Internet. We want to make sure that the only people that are getting that data on the only people that know that data are us when we enter into the keyboard and then the in client, the in server when it's receiving it for the transaction. So we need a CE. We need to create a VPN from us
to the transaction server
over the Internet that we can talk through. So
our first type of VP and that we're going to talk about is S S L V P M. This is one of this stands for secure socket layer virtual private network. And this was one of the first Web browser based V. P. M's. This was the first https. Now,
this is this is most common. This is mostly been replaced by T L s,
which we'll talk about in a second. But SSL is going to secure. Socket layer is going to utilize certificates for mutual authentication. So rather, we don't type in a password.
When we connect into that VP and from us to a secure to a secure server on the Internet, we may talk. We may type in a password to access our account. But when we're on that page where we're typing in our user name and password, we're already in the V. P. M. We've already established a connection between us and the sober because we want that data to be secure.
How do we establish that in secure encrypted tunnel
without already entering a user name and password? Well, we use something called certificates which we'll talk about. We'll talk about later, and we'll talk about in our encryption section and live in a little bit exactly what certificates are and how they work. But all you need to know for now is our certificates are like a an I. D card.
We don't have to enter a user name or password. Our certificates are just something that has been issued by someone we trust
to a server on the Internet. And that server on the Internet says, Hey, look, this is my i d. I am amazon dot com. You can trust me, You can send me your personal data and we can create an encrypted connection. So it's gonna show me a certificate which says it's amazon dot com and that it's been approved by,
some sort of organizing body, that it's been improved by a certificate issuing body that is that we're trusting and it says, Hey, I'm amazon dot com. You can enter your credit card information to me, and I'm not actually a server in Romania that is pretending. I'm amazon dot com,
we need to make sure so our SSL uses thes certificates for mutual authentication So all of this is happening very transparently behind the scenes you connect into amazon dot com, you click on Sign into my account boom amazon dot com is sending you that certificate. You're initiating a VP in session,
and now you have your inside and encrypted
S S L V P in to amazon dot com's Sinan server. So all happens in the blink of an eye.
it when it when it becomes noticeable sometimes one, sometimes in certificate negotiation does become noticeable. Sometimes you connect to a website that is trying to put you inside some sort of VP in some sort of https certificate based VPN, and you get an air that says the certificate for this Web page is not valid
or the certificate for this Web page has expired.
And maybe, and you may not. Are you sure you want to proceed? You may sometimes get this with websites that are, uh,
in America. This may happen sometimes with dot middle websites, because they use military base certificates that are on Lee that aren't typically recognized by standard public computers. You may get this certificate error when you're navigating to a website that hasn't hasn't His certificate has expired because they do expired
and they haven't updated their new certificate onto their server.
Or you may be actually visiting a website that's trying to forge a certificate. Or there may be someone performing a man in the middle attack, and they're forging their own certificate and you're not connecting to the server directly. Whatever the case may be, you may have seen at least a couple times in your Internet browsing life. Ah, a page that pops up and says this certificate is not valid.
You need to be careful when you hit those because you want to make sure that you actually are hitting the right Web page
and that that if you see that certificate error on a page that is
very well known and you've never seen a certificate air like that before. You go to amazon dot com, you go to facebook dot com and you get a certificate air. Then there's probably something going on there. You may want to check out some of your settings. You may want to check out the network that you're on again. Just in a nutshell. That certificate is the I. D card for the server, which provides for mutual authentication
that not only lets the server know that we are who we are,
but lets us know that we're connecting to the right server. It lets us know that working So both us and the server have formed a mutual authentication of each other. We both know that we are who we say we are.
So that's S S l v p In next we have t l s and T l s stands for transport layer security now transport layer security is the more common https that we see our transport layer security v p n's are what we more commonly used when we're connecting to websites over https.
this T L s security also uses certificates just like SSL. But if, for example, you see a test question that says that says what? Which of these is a con? It's a commonly used protocol for establishing https encrypted tunnel to A to a server
l l to tp and you see pop three and S s l and T L s T L s is gonna is what your choice is going to be because t L s is the most common type of connection protocol that we're using to establish a VPN connection through https.
T. L s again also uses certificates. So we provide that mutual authentication
so we know who the server is, and we know that they are who they say they are, and the servant knows who we are, and we and the server knows that we are who we say we are.
is an enhanced security version of our state. A T l s. This t l s 1.2 uses tighter eases, tighter security secrets and hashing checks when it's verifying our certificates. So it's essentially just a little bit of a tighter version of T. L s security. So we do need to be aware of that
most of our most of our Web browsers pretty much all of our web browsers now support T. L s one point to, but sometimes you may need to force a certain level. You may need to force a certain T. L s encryption in order to allow a connection to a Web server, depending on the type of the type of server you're connecting to
the type of Internet page you're connecting to.
But whatever the case may be whether it's s s l v p e N t l s v p N R t l s 1.2.
The main things to remember is that with all of these, these are our major web based VP in connections off which t l S t l s until less 1.2 are going to be our most common that we use for https connections.
Next, we have our P p. T. P r a peer to peer tunneling protocol, and this is going to be typically more used for older, up our older dial up connection protocol.
So this is essentially going to be our connection where we're going to connect into our we're going to connect over the public Internet to a work connection. We're gonna dial into the work connection, and we're going to somehow authenticate with them. And we add our client as a virtual node
on that connection on the network that we're connecting to. So this would be sort of like that client,
the client, to cite connective ity. They were connecting back to work using our peer to peer tunneling protocol. And we have a server set up at work that accepts these connections and allows us to connect in tow work from home.
So that would be This is like a peer to peer timely protocol.
Now appear to be a tunneling protocol we say is an older type of connection because we don't want to. We want to avoid using. This is pretty much all costs in our network because it has weak encryption and hashing hashing algorithms. We'll talk about hashing algorithms later, so don't worry too much about that word if you weren't sure what it means.
But hopefully you do. You do know what encryption means. Encryption is
taking our data and making it so people can't just read it out. Read it straight through it, scrambles up. It scrambles all the data up. Then we take it on the other side, and we unscramble it like like a secret code.
So peer to peer tunneling protocol, the encryption and the hashing is weak in that protocol so it could potentially be broken. Even though we have a secure connection from us to the end point, someone could take those packets and could break that encryption and could essentially break into and listening to our connection.
So we want to try to avoid this
protocol in favor of El to tp this is layer to tunneling protocol. And it's essentially our step up over a peer to peer tunneling protocol. And this allows us to carry layer to traffic over a Layer three network connection.
Now, remember, our layer three network connections are our i P based network connections. These are our row double I P packets. These are our packets that we're sending using an I P address. And our laywer, too, is going to be our data that we're sending on the MCA. Just level. They're gonna meet some of our broadcast packets before we have an I P address.
So layer to tunneling protocol
actually allows us to transmit that data. It allows us to transmit layer to traffic over our layer. Three are later. Three transport layer weaken. Send later to traffic by encapsulating it over addressing, we can send it over the Internet. Essentially,
if you want to take a look at some, if you want a roof fresher
of our late off our later to traffic versus our later three traffic. Make take a look at our module, one of the network of our network plus segment. We go into that we go until the layers a lot, a lot more heavily than I just did about the difference between our layer to traffic and later, three traffic. But essentially
later to tunneling protocol is gonna let us carry that layer to traffic on a layer three network.
we have no encryption by itself for layer to tunneling protocol. Well, then you may ask, How is this secure? How are we? How is this any better than peer to peer tunneling protocol if we don't have any encryption by itself? Well, Leia to tunneling Protocol that this protocol by itself does not include any encryption.
But what it does is it actually utilizes
other protocols to encrypt it. So it sort of outsources its job to another poet, sort of outsources part of its job to another protocol. It can use I p sec radius or attack us plus which are all additional encryption and authentication protocols in order to make sure that that packet is encrypted and make sure that that packet is authenticated.
For example, I P sec
is a layer three encryption protocol.
So what we're doing is we're taking our layer. So if we're transmitting data overlay a two tunneling protocol with I p second Crip Shin, we're taking our layer three packet
are we're taking our layer to pack it. We're taking our layer to data traffic that we're sending to the remote network were encapsulating it with layer to tunneling protocol so that we can send it over the internet. But before we send it, we encrypt it on that layer three with I p sec
because I P sec is going to encrypt all of our layer three traffic
so we can we can send out our layer three traffic weaken, equipped all of our traffic to a remote site with I P sec and just in the actual data packets that we're sending are going to be transmitting via layer to tunneling protocol. So our layer to tunneling protocol is our transport mechanism
is our encryption and authentication mechanism, and they're working together in order to provide us with a encrypted
tunneled connection to a remote network.
The definition of a VPN.
make sure that we know these, especially if you're taking a look at taking the network plus exam. We want to know the acronyms as well as what their what weaknesses and what we use each of these different protocols for and will be ableto better understand how RV peons work
and which particular protocols we need to use if we're setting up our own VPN.