VPN Technologies – CompTIA Security+ SY0-501 – 3.2

There are many different ways to design a VPN solution. In this video, you’ll learn about the most common ways to implement VPN technologies on your network.

<< Previous Video: Network Segmentation Next: Security Technology Placement >>

There’s many different ways to connect a virtual private network together. And in many environments, they’re using multiple techniques to provide VPN connectivity. A site-to-site VPN is when you want to connect two sites to each other across the public internet, but you want to send all of the data between those sites in an encrypted form. That way, if somebody was on the internet and able to see the traffic going back and forth, they wouldn’t see any of your private company information.

This is often accomplished by installing a VPN appliance at each location. Usually, there is a firewall that’s already installed. And most of these firewalls are already designed to act as a VPN appliance. You’ve also got an internet connection that’s usually installed at each of these sites. So once you have those two things in place, you can set up the site-to-site VPN.

Traffic on the inside of your corporate network and traffic on the inside of your remote site would still be in the clear or non-encrypted traffic. Between the VPN appliances, though, is the VPN tunnel. And any traffic that is traversing that link will all be encrypted.

The encryption takes place on one side of the tunnel. It’s decrypted on the other side of the tunnel and passes through to the other side’s network in the clear. To go to the other side, the process is reversed. The VPN appliance on one side of the connection provides the encryption and the VPN appliance on the other side of the tunnel provides the decryption.

Of course, we’re not always located at our home office or at a remote site. We may be at a coffee shop. We may be in a hotel or anywhere else that’s outside of the normal workplace. In those cases, we may want to use a host-to-site VPN, or what’s commonly known as a remote access VPN.

This is accomplished by installing software on the remote device that’s being taken to the coffee shop or the hotel. And that remote software will create an encrypted tunnel to the VPN concentrator that’s on your corporate network. At that point, it decrypts the data and provides in-the-clear access between the corporate network and the remote user.

Up to this point, our VPN implementations have required some type of VPN concentrator, which is usually some physical device that’s connected to the network. But with the right software, you can build a VPN tunnel between devices without needing a separate piece of hardware. These would be host-to-host VPNs, and they’re usually all software-based.

We’d install some software on one device and install software on the other device and be able to build this encrypted tunnel between the devices. This means that we can send data over the network that was private to these two devices, but everything that traverses that internet link would all be sent as an encrypted data stream.