Page 130 - StudyBook.pdf
P. 130

114    Chapter 3 • Communication Security: Remote Access and Messaging

             modern OSes, EAP capabilities exist. MAC-based authentication should not be used
             unless it is in conjunction with another form of authentication such as EAP.

             VPN

             A VPN provides users with a secure method of connectivity through a public inter-
             network such as the Internet. Most companies use dedicated connections to con-
             nect to remote sites, but when users want to send private data over the Internet
             they should provide additional security by encrypting the data using a VPN.
                 When a VPN is implemented properly, it provides improved wide-area security,
             reduces costs associated with traditional WANs, improves productivity, and improves
             support for users who telecommute. Cost savings are twofold. First, companies save
             money by using public networks (such as the Internet) instead of paying for dedi-
             cated circuits (such as point-to-point T1 circuits) between remote offices. Secondly,
             telecommuters do not have to pay long-distance fees to connect to RAS servers.
             They can simply dial into their local Internet Service Provider (ISP) and create a
             virtual tunnel to their office.A tunnel is created by wrapping (or encapsulating) a data
             packet inside another data packet and transmitting it over a public medium.
             Tunneling requires three different protocols:
                  ■   Carrier Protocol The protocol used by the network (IP on the
                      Internet) that the information is traveling over

                  ■   Encapsulating Protocol This term includes both the tunneling protocol
                      (PPTP, L2TP) and the encrypting protocol (IPSec, Secure Shell [SSH])
                      that is wrapped around the original data

                  ■   Passenger Protocol The original data being carried


              TEST DAY TIP

                  For the Security+ exam you need to remember the three protocols used
                  in a VPN tunnel. Think of a letter being sent through the mail: the letter
                  is the passenger, which is encapsulated in an envelope, and addressed in
                  a way that the carrier (the post office) can understand.




                 Essentially, there are two different types of VPNs: site-to-site and remote access.







          www.syngress.com
   125   126   127   128   129   130   131   132   133   134   135