Securing Networks

• Two main ways for orgs to connect their networks with outside partners/vendors and internal remote staff

• Dedicated leased lines

• Non-shared, physically private WAN connections - tend to be expensive and not always available as an option

• Avoids public internet,

• Shared network bandwidth with existing lines

• Non-private (public) WAN connections (ie internet)

• How do we ensure confidentiality?

VPNs

• Encrypts data before passing it through tunnel to ensure C of all sent through them

• Data I and A are also maintained before creation of tunnel

• VPN does not affect Availability

• Remote Access VPN vs Site-to-Site VPN

• "Host-to-site" VPN, best for remote employees, use VPN client to connect to corporate LAN

• "Site-to-site" VPN, connects one LAN to another LAN over internet - tunnel between two VPN gateways

• Intranet vs extranet Site-to-site

• Data is checked for integrity before and after sending, and that it comes from authentic source

• PPP (point-to-point-protocol) designed for simple links which transport packets between tow point-to-point links

• Dont use PPTP

• Use L2TP (Layer 2 Tunneling Protocol) an extension of PPP

IPSec (Internet Key Exchange)

• Before secure transmission can begin, sender and receiver need to negotiate on keys, which are defines in Security Association

• Final Thoughts: use VPN