VPN? 7. What is the most common protocol used among VPN vendors? 8. Whats the primary difference between L2TP and PPP? 9. What encryption algorithm is specified for L2TP? Answers

1. The three fundamental methods implemented by VPNs are encapsulation, authentication,

and encryption. 2. Encapsulation is embedding a complete packet within another packet at the same networking layer. 3. VPNs can be established wherever an IP connection to the Internet exists, without the necessity of coordinating with outside organizations. 4. Transport mode does not provide encapsulation, whereas tunnel mode does.

5. IKE enables cryptographic key exchange with encryption and authentication protocol

negotiation between VPN endpoints.

6. Use the same or the fewest possible ISP for all VPN endpoints.

7. The most common VPN protocol is IPSec with IKE.

8. L2TP separates the physical device used to answer a connection from the device that recreates the original stream. 9. No algorithm is specified for L2TP. Microsofts implementation uses IPSec to perform the encryption. Terms to Know • AppleTalk • Asynchronous Transfer Mode ATM • commercial Internet exchange CIX • dedicated leased lines • dial-up modem bank • encapsulation • frame relay • Internet Key Exchange IKE • Internetwork Packet Exchange IPX • Layer 2 Tunneling Protocol L2TP • local area networks LAN • NetBEUI • open source • Point-to-Point Protocol PPP • Secure Shell • Secure Socket Layer SSL • Security Associations SA • T1 leased lines • Virtual Private Networks • wide area networks WAN

Chapter 7: Securing Remote and Home Users

Overview Just as a web browser can connect from a home computer to any web server on the planet, so can any network-enabled computer connect to any other type of server over the Internet. This means that home users can technically connect from their home computers directly to servers at work, just as if they were there except slower. In the security-naïve early days of the Internet, many users did just this. Since the Internet is simply a big network, there are no inherent restrictions on any type of use. Users from home could technically have direct access to files on a file server, could print to a network printer at the office, and could connect a database client directly to a database server. But the requirement that the companys information technology assets be secured against hackers also secures them against remote home users. The firewalls that drop hackers connection attempts will also drop remote users attempts to connect to the network. By establishing a VPN, you can both secure the transmission and enforce strong authentication, thus ensuring that remote home users will have access while hackers will not. But VPNs are just the beginning of the real security problem. The Remote Security Problem There are two major problems with allowing legitimate remote users to access your network: • Hackers can easily exploit home computers and use those computers VPN connections to penetrate your network. • Thieves can steal laptops containing VPN software and keys and use them to connect to your network. The next two sections explain these problems in detail. Virtual Private Security Holes Many companies use VPNs to allow authorized users to securely transit firewalls-the practice has become increasingly common in the last two years due to the convenience and efficiency it allows. But this seriously undermines your network security policy. The problem is that hackers can quite easily exploit home computers that have not themselves been secured. And if that home computer has a VPN connection to your network, hackers can relay through the home computer and through the firewall via the virtual private tunnel. Most businesses do not attempt to enforce any sort of security requirements for remote home users, because they dont