1
00:00:00,610 --> 00:00:08,200
Recently, more people have became aware of the existence of VPNs and have begun to use them in their

2
00:00:08,200 --> 00:00:09,130
personal lives.

3
00:00:10,390 --> 00:00:15,310
There are a number of legitimate reasons for people to do this, such as protecting their privacy when

4
00:00:15,310 --> 00:00:23,830
using an open network and the number of legitimate reasons, such as circumventing regional looks on

5
00:00:23,890 --> 00:00:24,730
streaming media.

6
00:00:25,240 --> 00:00:31,960
A virtual private network can be defined as a means of transparent transmitting private data securely

7
00:00:32,140 --> 00:00:39,430
from one network across an unsecured network to the third network here and it's up in.

8
00:00:40,480 --> 00:00:40,770
Oops!

9
00:00:42,200 --> 00:00:44,300
It's the right VPN here.

10
00:00:45,630 --> 00:00:48,420
This is our old ministrations VPN.

11
00:00:50,430 --> 00:00:50,760
Yes.

12
00:00:53,340 --> 00:00:58,420
So let's make it a little bit Zoom, so up.

13
00:01:00,240 --> 00:01:07,320
So, generally speaking, the unsecured network where we are referring to as the internet, which due

14
00:01:07,320 --> 00:01:11,760
to the nature of its design, has a number of potential security risks.

15
00:01:12,090 --> 00:01:14,880
However, this is not always going to be the case.

16
00:01:15,180 --> 00:01:21,990
I worked for one organization that that that required the use of the VPNs within their own infrastructure.

17
00:01:22,380 --> 00:01:25,710
In this case, the network being transmitted was not insecure.

18
00:01:25,950 --> 00:01:30,510
We just needed to ensure any data that was transmitted across.

19
00:01:30,510 --> 00:01:35,310
It was not visible to the others, even though they were from the same company.

20
00:01:35,760 --> 00:01:40,740
We often refer to the use of the VPNs as, you know, using the VPN tunnel.

21
00:01:41,310 --> 00:01:47,550
You may be wondering why companies would need to use a VPN, and that is a good question.

22
00:01:47,580 --> 00:01:54,870
First, let's look at a very common reason for doing so and that it that is when an organization is

23
00:01:54,870 --> 00:01:56,590
located on multiple sides.

24
00:01:57,460 --> 00:02:02,040
Here, let me actually write a diagram here.

25
00:02:04,650 --> 00:02:07,640
So this is this will be our building here.

26
00:02:10,160 --> 00:02:10,550
Here.

27
00:02:13,590 --> 00:02:18,960
So here we will have the heat of this here.

28
00:02:20,810 --> 00:02:21,830
The office.

29
00:02:23,320 --> 00:02:27,230
And then we will have another officer.

30
00:02:27,310 --> 00:02:28,720
This will be a branch office.

31
00:02:29,590 --> 00:02:35,800
So in the of, we will have two companies, for example, computer computer one.

32
00:02:37,800 --> 00:02:38,850
And to.

33
00:02:48,360 --> 00:02:48,780
Yes.

34
00:03:01,180 --> 00:03:04,900
OK, so this is the one to.

35
00:03:07,500 --> 00:03:09,810
Here so this is the.

36
00:03:11,620 --> 00:03:14,860
Here, let's add another writer here.

37
00:03:16,840 --> 00:03:17,410
That was.

38
00:03:19,870 --> 00:03:24,610
So, for example, let's make this rather.

39
00:03:25,810 --> 00:03:31,390
And then we will meet another year of here as well.

40
00:03:32,080 --> 00:03:33,430
And Claude.

41
00:03:36,120 --> 00:03:37,380
This will be internet.

42
00:03:41,870 --> 00:03:42,410
Cloud.

43
00:03:45,650 --> 00:03:46,020
Here.

44
00:03:47,190 --> 00:03:50,130
This is the internet into.

45
00:03:51,490 --> 00:03:54,940
Actually, it's right inside here.

46
00:03:56,070 --> 00:03:57,090
Actually not in sight.

47
00:03:57,270 --> 00:03:57,840
It's good.

48
00:03:58,620 --> 00:03:59,160
Like that.

49
00:03:59,940 --> 00:04:07,080
So this will be internet and we inside the internet, we will have to know, uh, which is VPN tunnel.

50
00:04:11,080 --> 00:04:11,440
Yes.

51
00:04:14,870 --> 00:04:17,280
This is the VPN I'm.

52
00:04:23,710 --> 00:04:26,400
Well, it's intense because here.

53
00:04:27,660 --> 00:04:29,880
And tunnel smells here.

54
00:04:36,540 --> 00:04:36,770
Yeah.

55
00:04:41,510 --> 00:04:41,870
So.

56
00:04:44,610 --> 00:04:47,010
He's feeling the heat of is here.

57
00:04:48,780 --> 00:04:52,080
Surely this is the end of this.

58
00:04:53,450 --> 00:04:54,950
It is.

59
00:04:56,480 --> 00:04:59,990
And this will be our branch office.

60
00:05:02,900 --> 00:05:04,310
Here so.

61
00:05:07,290 --> 00:05:10,920
Is this is the this will be the VPN.

62
00:05:11,670 --> 00:05:15,090
VPN concentrator, here's VPN.

63
00:05:16,850 --> 00:05:17,260
Home.

64
00:05:20,050 --> 00:05:23,230
Here it's naked, for example, 16.

65
00:05:31,220 --> 00:05:33,170
This is the VPN concentrator.

66
00:05:35,420 --> 00:05:45,710
The VPN concentrator also, so these computers connects to this VPN concentrator and also this and this

67
00:05:45,950 --> 00:05:50,150
connects to and this computer connects to.

68
00:05:50,990 --> 00:05:54,650
And this VPN concentrator connects to the VPN tunnel.

69
00:06:01,370 --> 00:06:05,300
So this this connects to a VPN tunnel here.

70
00:06:06,510 --> 00:06:06,840
So.

71
00:06:08,440 --> 00:06:09,630
As you can see here.

72
00:06:14,780 --> 00:06:23,420
In this, uh, actually in this virtual private network, you can see internet, which due to the nature

73
00:06:23,420 --> 00:06:29,300
of design, you may be wondering why companies will need to use a VPN, and that's a good question.

74
00:06:30,520 --> 00:06:33,460
So first, let's look at the very common reason for doing so.

75
00:06:33,520 --> 00:06:40,030
And this is when an organization located on multiple sites in this diagram, we can see a site to site

76
00:06:40,030 --> 00:06:40,810
VPN.

77
00:06:41,500 --> 00:06:44,860
So this is the office of is excellent.

78
00:06:45,820 --> 00:06:48,310
Its VPN and.

79
00:06:50,070 --> 00:06:51,900
Copy of his.

80
00:06:52,860 --> 00:06:54,960
Or a company building?

81
00:06:56,990 --> 00:06:57,290
Here.

82
00:06:58,430 --> 00:06:58,790
So.

83
00:07:00,520 --> 00:07:05,890
In this case, the organization wants to ensure that all the traffic between the sides is protected,

84
00:07:06,160 --> 00:07:09,880
so they routinely utilize VPNs to facilitate this.

85
00:07:10,270 --> 00:07:17,050
All the traffic from the branch officers passes through a device known as the VPN concentrator.

86
00:07:17,770 --> 00:07:27,700
Um, the VPN concentrator at each side will directly connect to the VPN concentrator here with VPN tunnel

87
00:07:28,000 --> 00:07:29,650
at the heat, as you can see here.

88
00:07:30,070 --> 00:07:36,590
So the transmission of the data across the VPN is transparent, transparent and to most users, that

89
00:07:36,610 --> 00:07:39,490
is, they are unaware that this takes place.

90
00:07:40,000 --> 00:07:46,630
So every common form of implementation is throughout the installation of a VPN client on each device,

91
00:07:46,780 --> 00:07:50,200
also known as the Remote Access VPN.

92
00:07:50,650 --> 00:07:58,180
When a user wants to connect to the heath office, they need to open the VPN client application on their

93
00:07:58,180 --> 00:08:04,660
device and then authenticate with the application before they can gain access to the heel of his network.

94
00:08:05,230 --> 00:08:12,250
So this implementation is usually reserved for telecom towers or mobile users, such as the staff or

95
00:08:12,250 --> 00:08:14,270
field engineers or home based users.

96
00:08:14,270 --> 00:08:21,430
Since the ultimate administrative overhead becomes too great to only users and they have to deploy and

97
00:08:21,430 --> 00:08:25,930
configure the application on each device and run the application.

98
00:08:27,270 --> 00:08:34,530
So you also have to rely on the user remembering their VPN credentials, which may not be the same as

99
00:08:34,530 --> 00:08:36,090
their looming credential.

100
00:08:36,570 --> 00:08:42,300
Users who are connecting remotely will be required to Typekit against some form of remote authentication

101
00:08:42,300 --> 00:08:45,840
server before access before access is granted.

102
00:08:45,840 --> 00:08:47,520
This machine is in the recording.

103
00:08:48,480 --> 00:08:48,900
Yes.

104
00:08:49,170 --> 00:08:50,550
Actually, yes.

105
00:08:51,590 --> 00:08:54,290
Before access is granted, they need to authenticate servers.

106
00:08:54,560 --> 00:09:00,410
So here, as you can see here, uh, we created a diagram here.

107
00:09:01,390 --> 00:09:09,200
And now what I want to show you the remote authentication server, how they, uh, how they are created.

108
00:09:10,090 --> 00:09:11,810
So let's copy this here.

109
00:09:12,790 --> 00:09:14,830
Copy and paste it.

110
00:09:16,160 --> 00:09:16,460
Here.

111
00:09:19,680 --> 00:09:27,210
Make it here, so this is the heat of this again here, let's copy this text here as well.

112
00:09:29,950 --> 00:09:34,900
Here this is the heat of year, and we will have a VPN.

113
00:09:35,240 --> 00:09:35,980
VPN.

114
00:09:37,680 --> 00:09:41,520
VPN, actual, not VPN, that's OK or not.

115
00:09:42,150 --> 00:09:44,760
This is rather.

116
00:09:50,290 --> 00:09:50,640
OK.

117
00:09:51,370 --> 00:09:59,860
This or not, this is the VPN concentrator, and we will, uh, VPN ActionScript, uh, con generator.

118
00:10:02,820 --> 00:10:03,870
She didn't make it to the.

119
00:10:09,390 --> 00:10:15,660
So this is the VPN concentrator, and we will actually in this case, we will use remote authentication

120
00:10:15,690 --> 00:10:17,940
server servers here.

121
00:10:18,780 --> 00:10:23,370
And this will be our remote authentication service.

122
00:10:24,830 --> 00:10:25,510
Remote.

123
00:10:28,750 --> 00:10:29,170
There.

124
00:10:31,360 --> 00:10:40,830
Yes, this is the remote authentication server and this VPN concentrator, who goes to goes to, uh,

125
00:10:40,840 --> 00:10:46,420
remote authentication server here and also also, uh.

126
00:10:48,030 --> 00:10:50,970
For example, we will use to computer.

127
00:10:53,560 --> 00:10:59,350
Also goes to the first computer, for example, home based.

128
00:11:00,290 --> 00:11:00,860
And.

129
00:11:02,130 --> 00:11:05,820
Here we will have the come counter, for example, field based.

130
00:11:08,980 --> 00:11:10,570
And then this.

131
00:11:12,340 --> 00:11:14,200
But a direct link goes to.

132
00:11:15,850 --> 00:11:19,330
Internet via VPN Tunnel and.

133
00:11:21,410 --> 00:11:22,370
Then this.

134
00:11:23,790 --> 00:11:24,510
Computers.

135
00:11:25,850 --> 00:11:27,260
Connects in.

136
00:11:30,260 --> 00:11:33,950
Here with this VPN tunnels next to the VPN.

137
00:11:37,790 --> 00:11:38,180
So.

138
00:11:46,000 --> 00:11:54,610
So a VPN may also be used with an extra net to provide limited secure communications to our infrastructure

139
00:11:54,610 --> 00:11:59,080
for our trusted partners in other presenting implementations.

140
00:11:59,320 --> 00:12:04,360
The user's device will appear as if it is on the heat of its network.

141
00:12:04,900 --> 00:12:10,360
VPN Tunnels provides data security through the use of encryption and authentication.

142
00:12:10,570 --> 00:12:17,070
So the methods that are used to me right, depending on, uh, the tunneling protocol that's used,

143
00:12:17,080 --> 00:12:23,660
Microsoft has used three ton of tunneling VPN protocol in recent years.

144
00:12:23,680 --> 00:12:25,600
Let me write these protocols here.

145
00:12:29,190 --> 00:12:36,570
Actually, here, so this is it first is a point to point to point to point tunneling protocol.

146
00:12:37,670 --> 00:12:40,310
The protocol, which, uh.

147
00:12:41,560 --> 00:12:44,110
Tell that popped up and.

148
00:12:47,770 --> 00:12:58,420
Also, we have point to point, point to point protocol, point to point protocol, uh, also referred

149
00:12:58,450 --> 00:13:01,000
up and we have.

150
00:13:04,190 --> 00:13:04,940
We have.

151
00:13:06,560 --> 00:13:19,470
Um, secure socket tunneling protocol to secure socket unknowing protocol referred as a step in step.

152
00:13:19,950 --> 00:13:20,250
Yes.

153
00:13:21,120 --> 00:13:31,770
So the new Oxford PPP was designed to transmit, transmit p p p point to point protocol traffic through

154
00:13:31,770 --> 00:13:33,660
the VPN, as you can see here.

155
00:13:35,400 --> 00:13:36,000
So.

156
00:13:37,720 --> 00:13:43,660
In this case, point to point tunneling protocol creates a communication channel to the recipient,

157
00:13:43,870 --> 00:13:49,390
and that channel would then be used to create generic routing encapsulation during a tunnel.

158
00:13:49,780 --> 00:13:55,660
Or the data to be transmitted across SALT encryption was provided by Microsoft.

159
00:13:55,840 --> 00:14:03,580
Point to point encryption, MPE and authentication was my password authentication protocol API challenge

160
00:14:03,820 --> 00:14:07,660
a handshake authentication protocol or t.he API.

161
00:14:09,030 --> 00:14:13,860
So is tape was implemented in Windows Vista.

162
00:14:14,220 --> 00:14:22,910
I like PGP SSD was designed to securely transmit please point to point actually not point to point political,

163
00:14:22,920 --> 00:14:23,610
not anything.

164
00:14:24,810 --> 00:14:25,350
So.

165
00:14:27,320 --> 00:14:37,160
However, says stop using school as a secure socket layer, transportation security, so SSL dealers

166
00:14:37,940 --> 00:14:39,320
to provide encryption.

167
00:14:39,980 --> 00:14:48,740
It also utilizes the same network port as FTP is traffic, so that is the port UM is 443.

168
00:14:52,490 --> 00:14:54,200
Port 443.

169
00:14:57,860 --> 00:15:04,130
So science in sport is usually open on firewalls for secure web browsing, so this means that the network

170
00:15:04,130 --> 00:15:08,810
administrators didn't need to open or open another port to a lot of the traffic.

171
00:15:09,380 --> 00:15:16,850
So authentication of secure socket tunneling protocol protocol actually put a.

172
00:15:17,970 --> 00:15:25,520
Protocol authentication of the Secret Circuit Tunneling Protocol traffic was provided by Mr. Chup and

173
00:15:25,530 --> 00:15:31,590
Extensible Authentication Protocol tells Windows seven, so the interaction of the layer two tunneling

174
00:15:31,590 --> 00:15:36,290
protocol L2TP while L2TP provided the tunnel.

175
00:15:36,300 --> 00:15:40,410
So actually, let me right here, I'm not here for the better understanding.

176
00:15:43,350 --> 00:15:43,800
Here.

177
00:15:47,080 --> 00:15:53,740
Um, this in layers, totally political layer two on the link protocol.

178
00:15:55,710 --> 00:15:57,540
And he l2tp he.

179
00:15:58,620 --> 00:15:59,790
L2TP.

180
00:16:01,900 --> 00:16:07,960
So while and to tip provided the panel, it did not provide any form of encryption.

181
00:16:08,420 --> 00:16:13,090
It was usually deployed alongside Internet Protocol Security IP SEC.

182
00:16:13,870 --> 00:16:20,950
So which does uh, so authentication is conducted using the internet key exchange i key.

183
00:16:22,820 --> 00:16:31,550
So to try and overcome the usurious with users forgetting to start their VPN connections make Microsoft

184
00:16:31,550 --> 00:16:37,610
released support for direct access in Windows seven when users started up their device to direct access

185
00:16:37,610 --> 00:16:43,610
servers running on it will check to see if it was on the same network as a direct access server.

186
00:16:44,110 --> 00:16:53,000
If it is discovered it was on the same network, um, then it knew not to use direct access as a form

187
00:16:53,000 --> 00:16:53,740
of VPN.

188
00:16:53,750 --> 00:16:54,440
So how over?

189
00:16:54,450 --> 00:17:00,710
If it was not the same network as the data cases server, then the device will use the direct as a service

190
00:17:00,830 --> 00:17:03,890
to make a connection to your organization's direct access sediment.

191
00:17:04,310 --> 00:17:09,560
Again, this was a transparent to the user, so to the additional benefit of using direct access was

192
00:17:09,560 --> 00:17:15,920
the and administrators called managed to remove remote devices as if they were on the local network.

193
00:17:16,310 --> 00:17:22,850
With the release of Windows set, the Windows 10, Microsoft provided users with a service called Ellroy's

194
00:17:22,850 --> 00:17:26,900
on VPN, which which was designed to replace State of Texas.

195
00:17:27,800 --> 00:17:34,160
All the some VPN could be configured to create a device channel that would connect to the VPN.

196
00:17:34,310 --> 00:17:42,230
Once the device had but were booted up or code then configured to users and users tunnel that connects.

197
00:17:42,410 --> 00:17:44,030
Once a user looks in.

198
00:17:44,600 --> 00:17:50,840
So these two options are not mutually exclusive and but both can be implemented at the same time.

199
00:17:50,840 --> 00:17:56,810
However, to utilize the device tunnel, you have to use either an enterprise edition of Windows 10

200
00:17:56,810 --> 00:17:58,400
or Education Edition.

201
00:17:59,060 --> 00:18:05,720
So with this, we have finished looking at basic security features of a network in our Udemy course.