WEBVTT 00:00.610 --> 00:08.200 Recently, more people have became aware of the existence of VPNs and have begun to use them in their 00:08.200 --> 00:09.130 personal lives. 00:10.390 --> 00:15.310 There are a number of legitimate reasons for people to do this, such as protecting their privacy when 00:15.310 --> 00:23.830 using an open network and the number of legitimate reasons, such as circumventing regional looks on 00:23.890 --> 00:24.730 streaming media. 00:25.240 --> 00:31.960 A virtual private network can be defined as a means of transparent transmitting private data securely 00:32.140 --> 00:39.430 from one network across an unsecured network to the third network here and it's up in. 00:40.480 --> 00:40.770 Oops! 00:42.200 --> 00:44.300 It's the right VPN here. 00:45.630 --> 00:48.420 This is our old ministrations VPN. 00:50.430 --> 00:50.760 Yes. 00:53.340 --> 00:58.420 So let's make it a little bit Zoom, so up. 01:00.240 --> 01:07.320 So, generally speaking, the unsecured network where we are referring to as the internet, which due 01:07.320 --> 01:11.760 to the nature of its design, has a number of potential security risks. 01:12.090 --> 01:14.880 However, this is not always going to be the case. 01:15.180 --> 01:21.990 I worked for one organization that that that required the use of the VPNs within their own infrastructure. 01:22.380 --> 01:25.710 In this case, the network being transmitted was not insecure. 01:25.950 --> 01:30.510 We just needed to ensure any data that was transmitted across. 01:30.510 --> 01:35.310 It was not visible to the others, even though they were from the same company. 01:35.760 --> 01:40.740 We often refer to the use of the VPNs as, you know, using the VPN tunnel. 01:41.310 --> 01:47.550 You may be wondering why companies would need to use a VPN, and that is a good question. 01:47.580 --> 01:54.870 First, let's look at a very common reason for doing so and that it that is when an organization is 01:54.870 --> 01:56.590 located on multiple sides. 01:57.460 --> 02:02.040 Here, let me actually write a diagram here. 02:04.650 --> 02:07.640 So this is this will be our building here. 02:10.160 --> 02:10.550 Here. 02:13.590 --> 02:18.960 So here we will have the heat of this here. 02:20.810 --> 02:21.830 The office. 02:23.320 --> 02:27.230 And then we will have another officer. 02:27.310 --> 02:28.720 This will be a branch office. 02:29.590 --> 02:35.800 So in the of, we will have two companies, for example, computer computer one. 02:37.800 --> 02:38.850 And to. 02:48.360 --> 02:48.780 Yes. 03:01.180 --> 03:04.900 OK, so this is the one to. 03:07.500 --> 03:09.810 Here so this is the. 03:11.620 --> 03:14.860 Here, let's add another writer here. 03:16.840 --> 03:17.410 That was. 03:19.870 --> 03:24.610 So, for example, let's make this rather. 03:25.810 --> 03:31.390 And then we will meet another year of here as well. 03:32.080 --> 03:33.430 And Claude. 03:36.120 --> 03:37.380 This will be internet. 03:41.870 --> 03:42.410 Cloud. 03:45.650 --> 03:46.020 Here. 03:47.190 --> 03:50.130 This is the internet into. 03:51.490 --> 03:54.940 Actually, it's right inside here. 03:56.070 --> 03:57.090 Actually not in sight. 03:57.270 --> 03:57.840 It's good. 03:58.620 --> 03:59.160 Like that. 03:59.940 --> 04:07.080 So this will be internet and we inside the internet, we will have to know, uh, which is VPN tunnel. 04:11.080 --> 04:11.440 Yes. 04:14.870 --> 04:17.280 This is the VPN I'm. 04:23.710 --> 04:26.400 Well, it's intense because here. 04:27.660 --> 04:29.880 And tunnel smells here. 04:36.540 --> 04:36.770 Yeah. 04:41.510 --> 04:41.870 So. 04:44.610 --> 04:47.010 He's feeling the heat of is here. 04:48.780 --> 04:52.080 Surely this is the end of this. 04:53.450 --> 04:54.950 It is. 04:56.480 --> 04:59.990 And this will be our branch office. 05:02.900 --> 05:04.310 Here so. 05:07.290 --> 05:10.920 Is this is the this will be the VPN. 05:11.670 --> 05:15.090 VPN concentrator, here's VPN. 05:16.850 --> 05:17.260 Home. 05:20.050 --> 05:23.230 Here it's naked, for example, 16. 05:31.220 --> 05:33.170 This is the VPN concentrator. 05:35.420 --> 05:45.710 The VPN concentrator also, so these computers connects to this VPN concentrator and also this and this 05:45.950 --> 05:50.150 connects to and this computer connects to. 05:50.990 --> 05:54.650 And this VPN concentrator connects to the VPN tunnel. 06:01.370 --> 06:05.300 So this this connects to a VPN tunnel here. 06:06.510 --> 06:06.840 So. 06:08.440 --> 06:09.630 As you can see here. 06:14.780 --> 06:23.420 In this, uh, actually in this virtual private network, you can see internet, which due to the nature 06:23.420 --> 06:29.300 of design, you may be wondering why companies will need to use a VPN, and that's a good question. 06:30.520 --> 06:33.460 So first, let's look at the very common reason for doing so. 06:33.520 --> 06:40.030 And this is when an organization located on multiple sites in this diagram, we can see a site to site 06:40.030 --> 06:40.810 VPN. 06:41.500 --> 06:44.860 So this is the office of is excellent. 06:45.820 --> 06:48.310 Its VPN and. 06:50.070 --> 06:51.900 Copy of his. 06:52.860 --> 06:54.960 Or a company building? 06:56.990 --> 06:57.290 Here. 06:58.430 --> 06:58.790 So. 07:00.520 --> 07:05.890 In this case, the organization wants to ensure that all the traffic between the sides is protected, 07:06.160 --> 07:09.880 so they routinely utilize VPNs to facilitate this. 07:10.270 --> 07:17.050 All the traffic from the branch officers passes through a device known as the VPN concentrator. 07:17.770 --> 07:27.700 Um, the VPN concentrator at each side will directly connect to the VPN concentrator here with VPN tunnel 07:28.000 --> 07:29.650 at the heat, as you can see here. 07:30.070 --> 07:36.590 So the transmission of the data across the VPN is transparent, transparent and to most users, that 07:36.610 --> 07:39.490 is, they are unaware that this takes place. 07:40.000 --> 07:46.630 So every common form of implementation is throughout the installation of a VPN client on each device, 07:46.780 --> 07:50.200 also known as the Remote Access VPN. 07:50.650 --> 07:58.180 When a user wants to connect to the heath office, they need to open the VPN client application on their 07:58.180 --> 08:04.660 device and then authenticate with the application before they can gain access to the heel of his network. 08:05.230 --> 08:12.250 So this implementation is usually reserved for telecom towers or mobile users, such as the staff or 08:12.250 --> 08:14.270 field engineers or home based users. 08:14.270 --> 08:21.430 Since the ultimate administrative overhead becomes too great to only users and they have to deploy and 08:21.430 --> 08:25.930 configure the application on each device and run the application. 08:27.270 --> 08:34.530 So you also have to rely on the user remembering their VPN credentials, which may not be the same as 08:34.530 --> 08:36.090 their looming credential. 08:36.570 --> 08:42.300 Users who are connecting remotely will be required to Typekit against some form of remote authentication 08:42.300 --> 08:45.840 server before access before access is granted. 08:45.840 --> 08:47.520 This machine is in the recording. 08:48.480 --> 08:48.900 Yes. 08:49.170 --> 08:50.550 Actually, yes. 08:51.590 --> 08:54.290 Before access is granted, they need to authenticate servers. 08:54.560 --> 09:00.410 So here, as you can see here, uh, we created a diagram here. 09:01.390 --> 09:09.200 And now what I want to show you the remote authentication server, how they, uh, how they are created. 09:10.090 --> 09:11.810 So let's copy this here. 09:12.790 --> 09:14.830 Copy and paste it. 09:16.160 --> 09:16.460 Here. 09:19.680 --> 09:27.210 Make it here, so this is the heat of this again here, let's copy this text here as well. 09:29.950 --> 09:34.900 Here this is the heat of year, and we will have a VPN. 09:35.240 --> 09:35.980 VPN. 09:37.680 --> 09:41.520 VPN, actual, not VPN, that's OK or not. 09:42.150 --> 09:44.760 This is rather. 09:50.290 --> 09:50.640 OK. 09:51.370 --> 09:59.860 This or not, this is the VPN concentrator, and we will, uh, VPN ActionScript, uh, con generator. 10:02.820 --> 10:03.870 She didn't make it to the. 10:09.390 --> 10:15.660 So this is the VPN concentrator, and we will actually in this case, we will use remote authentication 10:15.690 --> 10:17.940 server servers here. 10:18.780 --> 10:23.370 And this will be our remote authentication service. 10:24.830 --> 10:25.510 Remote. 10:28.750 --> 10:29.170 There. 10:31.360 --> 10:40.830 Yes, this is the remote authentication server and this VPN concentrator, who goes to goes to, uh, 10:40.840 --> 10:46.420 remote authentication server here and also also, uh. 10:48.030 --> 10:50.970 For example, we will use to computer. 10:53.560 --> 10:59.350 Also goes to the first computer, for example, home based. 11:00.290 --> 11:00.860 And. 11:02.130 --> 11:05.820 Here we will have the come counter, for example, field based. 11:08.980 --> 11:10.570 And then this. 11:12.340 --> 11:14.200 But a direct link goes to. 11:15.850 --> 11:19.330 Internet via VPN Tunnel and. 11:21.410 --> 11:22.370 Then this. 11:23.790 --> 11:24.510 Computers. 11:25.850 --> 11:27.260 Connects in. 11:30.260 --> 11:33.950 Here with this VPN tunnels next to the VPN. 11:37.790 --> 11:38.180 So. 11:46.000 --> 11:54.610 So a VPN may also be used with an extra net to provide limited secure communications to our infrastructure 11:54.610 --> 11:59.080 for our trusted partners in other presenting implementations. 11:59.320 --> 12:04.360 The user's device will appear as if it is on the heat of its network. 12:04.900 --> 12:10.360 VPN Tunnels provides data security through the use of encryption and authentication. 12:10.570 --> 12:17.070 So the methods that are used to me right, depending on, uh, the tunneling protocol that's used, 12:17.080 --> 12:23.660 Microsoft has used three ton of tunneling VPN protocol in recent years. 12:23.680 --> 12:25.600 Let me write these protocols here. 12:29.190 --> 12:36.570 Actually, here, so this is it first is a point to point to point to point tunneling protocol. 12:37.670 --> 12:40.310 The protocol, which, uh. 12:41.560 --> 12:44.110 Tell that popped up and. 12:47.770 --> 12:58.420 Also, we have point to point, point to point protocol, point to point protocol, uh, also referred 12:58.450 --> 13:01.000 up and we have. 13:04.190 --> 13:04.940 We have. 13:06.560 --> 13:19.470 Um, secure socket tunneling protocol to secure socket unknowing protocol referred as a step in step. 13:19.950 --> 13:20.250 Yes. 13:21.120 --> 13:31.770 So the new Oxford PPP was designed to transmit, transmit p p p point to point protocol traffic through 13:31.770 --> 13:33.660 the VPN, as you can see here. 13:35.400 --> 13:36.000 So. 13:37.720 --> 13:43.660 In this case, point to point tunneling protocol creates a communication channel to the recipient, 13:43.870 --> 13:49.390 and that channel would then be used to create generic routing encapsulation during a tunnel. 13:49.780 --> 13:55.660 Or the data to be transmitted across SALT encryption was provided by Microsoft. 13:55.840 --> 14:03.580 Point to point encryption, MPE and authentication was my password authentication protocol API challenge 14:03.820 --> 14:07.660 a handshake authentication protocol or t.he API. 14:09.030 --> 14:13.860 So is tape was implemented in Windows Vista. 14:14.220 --> 14:22.910 I like PGP SSD was designed to securely transmit please point to point actually not point to point political, 14:22.920 --> 14:23.610 not anything. 14:24.810 --> 14:25.350 So. 14:27.320 --> 14:37.160 However, says stop using school as a secure socket layer, transportation security, so SSL dealers 14:37.940 --> 14:39.320 to provide encryption. 14:39.980 --> 14:48.740 It also utilizes the same network port as FTP is traffic, so that is the port UM is 443. 14:52.490 --> 14:54.200 Port 443. 14:57.860 --> 15:04.130 So science in sport is usually open on firewalls for secure web browsing, so this means that the network 15:04.130 --> 15:08.810 administrators didn't need to open or open another port to a lot of the traffic. 15:09.380 --> 15:16.850 So authentication of secure socket tunneling protocol protocol actually put a. 15:17.970 --> 15:25.520 Protocol authentication of the Secret Circuit Tunneling Protocol traffic was provided by Mr. Chup and 15:25.530 --> 15:31.590 Extensible Authentication Protocol tells Windows seven, so the interaction of the layer two tunneling 15:31.590 --> 15:36.290 protocol L2TP while L2TP provided the tunnel. 15:36.300 --> 15:40.410 So actually, let me right here, I'm not here for the better understanding. 15:43.350 --> 15:43.800 Here. 15:47.080 --> 15:53.740 Um, this in layers, totally political layer two on the link protocol. 15:55.710 --> 15:57.540 And he l2tp he. 15:58.620 --> 15:59.790 L2TP. 16:01.900 --> 16:07.960 So while and to tip provided the panel, it did not provide any form of encryption. 16:08.420 --> 16:13.090 It was usually deployed alongside Internet Protocol Security IP SEC. 16:13.870 --> 16:20.950 So which does uh, so authentication is conducted using the internet key exchange i key. 16:22.820 --> 16:31.550 So to try and overcome the usurious with users forgetting to start their VPN connections make Microsoft 16:31.550 --> 16:37.610 released support for direct access in Windows seven when users started up their device to direct access 16:37.610 --> 16:43.610 servers running on it will check to see if it was on the same network as a direct access server. 16:44.110 --> 16:53.000 If it is discovered it was on the same network, um, then it knew not to use direct access as a form 16:53.000 --> 16:53.740 of VPN. 16:53.750 --> 16:54.440 So how over? 16:54.450 --> 17:00.710 If it was not the same network as the data cases server, then the device will use the direct as a service 17:00.830 --> 17:03.890 to make a connection to your organization's direct access sediment. 17:04.310 --> 17:09.560 Again, this was a transparent to the user, so to the additional benefit of using direct access was 17:09.560 --> 17:15.920 the and administrators called managed to remove remote devices as if they were on the local network. 17:16.310 --> 17:22.850 With the release of Windows set, the Windows 10, Microsoft provided users with a service called Ellroy's 17:22.850 --> 17:26.900 on VPN, which which was designed to replace State of Texas. 17:27.800 --> 17:34.160 All the some VPN could be configured to create a device channel that would connect to the VPN. 17:34.310 --> 17:42.230 Once the device had but were booted up or code then configured to users and users tunnel that connects. 17:42.410 --> 17:44.030 Once a user looks in. 17:44.600 --> 17:50.840 So these two options are not mutually exclusive and but both can be implemented at the same time. 17:50.840 --> 17:56.810 However, to utilize the device tunnel, you have to use either an enterprise edition of Windows 10 17:56.810 --> 17:58.400 or Education Edition. 17:59.060 --> 18:05.720 So with this, we have finished looking at basic security features of a network in our Udemy course.