Reading 05 - theSam1998/ops-301-Reading-Notes GitHub Wiki

Reading 05

Relevance statement:

  • VPNs are a critical security tool and a vital piece of infrastructure in the cybersecurity field, so it is important to learn their ins and outs. These notes reflect knowledge gained from an article discussing the different types of VPNs, their uses, their advantages and disadvantages. Nearly every company/organization of every size uses a VPN, and it is becoming increasingly popular with individuals for personal use as well. VPNs provide a secure way to connect across multiple locations without putting your data at risk, and it will be crucial to understand how they work and how to use them in our future cybersecurity careers.

What is a site-to-site VPN?

  • A site to site VPN is a type of virtual private network often used in corporate settings. It is essentially just a connection set up between multiple remote networks that allows them to communicate securely across the internet.
  • (Additional info scraped from GPT dialogue:) This type of VPN is meant to specifically meant for connecting one entire network to another, while a remote access vpn allows individual devices to connect to a remote network in a similar way. The key difference is that site to site VPNS can be more challenging to set up, as they require a good deal of configuration and possibly dedicated hardware, like VPN gateways or routers, and generally require the hand of a more advanced user to be implemented properly. Remote VPNs often use VPN client software, which makes configuration extremely easy (I use nord, and this ease of use was absolutely the case for me)
  • To summarize, site to site vpns are used to connect multiple networks over multiple geographic locations together, establishing one singular connected system with synchronized data across all locations. A remote access VPN is generally used by an individual employee to be able to connect to those same servers in that network remotely and securely. There are also two sub categories of site to site vpn, as follows:
  • Intranet-based site to site: This type of VPN connects multiple LANs to form a WAN. This type of VPN is useful for combining resources on those different networks securely and efficiently, essentially forming one giant LAN. This allows data to stay consistently synchronized for all users across all locations.
  • Extranet-based Site to site: This type of VPN is usually used by two or more companies that want to selectively share resources with each other (e.g. "you can view our design schematics, but not the ones for our secret products."). In this situation, each entity must individually configure what data they want to allow/deny access to.

What is TCP/IP and what is it used for?

  • TCP/IP is a set of protocols (stands for Transmission Control Protocol/Internet Protocol) that establish how data is meant to be organized according to received packets and the information they contain, as well as governing how packets being sent should be configured (all packets are given a header, and the information in this header is both applied by the sending system and read by the receiving system in order to ensure the data is transmitted properly to its correct location via the correct protocol). TCP/IP also includes protocols for error detection/correction, so that lost or corrupted packets can be detected and retransmitted, ensuring accurate delivery of the complete package of data.

What are some popular reasons for using a VPN?

  • Synchronizing data across multiple locations seems to be the key motive for all 3 types of VPN. By using a VPN, multiple users across all these locations can access any information they need to at the same rate as everyone else across the entire network, whether it's an individual accessing data on remote corporate servers for their job, a company connecting multiple networks together, or several companies sharing data across an extranet-based site to site VPN, availability of data seems to be the underlying theme here. Remote access VPNs have a broad array of uses, from allowing you to connect securely to your corporate network, to masking your IP and location while browsing the internet. I use one personally on my devices when traveling to friends houses who work in tech, as I don't want my device to become a gateway into their networks. I also use it when I want a little extra privacy on the internet, or when I'm doing something that could put me at risk by exposing my true IP address (not a common situation, but it could happen!). Accessing media on streaming services that have content locked to certain locations is another popularly quoted reason to use a Remote-Access VPN for personal use. An intranet based VPN may be used by a company to establish a more secure and enclosed network, making it more difficult for data to be hijacked in the transmission process. This closes off a lot of vulnerabilities, as it makes it more difficult for attackers to hijack the transmission to transmit malicious data, while also making it more difficult for them to steal information as it is being transmitted. VPNs encrypt the traffic as it is being sent, so it would likely be useless to any would be thieves. This also explains why personal devices are one of the biggest targets for hackers attempting to gain access to a company's resources, as once the data reaches its destination it is no longer encrypted. An extranet based vpn would be useful for some of the same reasons, but would be used in a different situation. For example, if Microsoft and OpenAI wanted to collaborate on a new AI product, they could set up an extranet VPN that would make all the data relevant to that project across both companies available, without exposing sensitive data to either party. This ensures collaboration can occur smoothly, and can alleviate some protocols that would otherwise be implemented to ensure proper compliance with data access policies.

Explain the difference between the three types of VPNs.

  • See under "what is a site to site VPN"

Things I want to know more about:

  • What are some realistic situations where a set of companies would want to set up an extranet based VPN?
  • When choosing a VPN client for my personal use, I had to look at multiple paid options and decide on which one I wanted to go with based on my needs, like purchasing a subscription to any other kind of software. How does a site to site VPN differ from this? I notice the article mentions that "watertight security" is a requirement of the VPN chosen by your company, which implies that you will be "Choosing" a vpn to use. Does this simply refer to selecting which type of VPN is best for your use case, or is it a similar situation where there are multiple different companies offering third party VPN solutions to be used by companies?
  • I know pfSense can work with OpenVPN, is this a combination that would be likely to be used in a corporate setting? I attempted to experiment with OpenVPN briefly to connect to hackthebox, but could not get it figured out.