CASES.LU

Glossary

  1. ▹ Antivirus
  2. ▹ Assets
  3. ▹ Authentication
  4. ▹ Availability
  5. ▹ Basic criteria for risk analysis
  6. ▹ Computer Hacks
  7. ▹ Confidentiality
  8. ▹ Control
  9. ▹ Cryptography
  10. ▹ Cybercrime
  11. ▹ Cybercriminals
  12. ▹ DRP – Disaster Recovery Plan
  13. ▹ Data backups
  14. ▹ Data loss
  15. ▹ Defacement
  16. ▹ Disinfect machine with a live CD
  17. ▹ Disposal
  18. ▹ Email
  19. ▹ Firewall
  20. ▹ Human error
  21. ▹ IDS/IPS
  22. ▹ Image rights
  23. ▹ Impact
  24. ▹ Integrity
  25. ▹ Internet and copyright
  26. ▹ Legal Aspects
  27. ▹ LuxTrust
  28. ▹ Malicious Codes
  29. ▹ Malicious websites
  30. ▹ Network segmentation
  31. ▹ Password
  32. ▹ Patches
  33. ▹ Phishing
  34. ▹ Physical faults
  35. ▹ Securing a fixed workstation
  36. ▹ Physical theft
  37. ▹ Recommendations for securing a file server
  38. ▹ Recommendations to secure a server connected to Internet
  39. ▹ Recommendations to secure a Web server
  40. ▹ Removable devices
  41. ▹ Risk processing
  42. ▹ Spam – unwanted emails
  43. ▹ SSL/TLS – encryption technologies on the web
  44. ▹ Update softwares with Secunia PSI
  45. ▹ Security Charter
  46. ▹ Social engineering
  47. ▹ Threat
  48. ▹ Virtual Private Networks (VPNs)
  49. ▹ Vulnerabilities
  50. ▹ Web of Trust - WOT
  51. ▹ Web filter – Proxy
  52. ▹ Why is it important to protect your computer?

Virtual Private Networks (VPNs)

In brief

The growth in Internet usage has given rise to new ways of working such as working from home, the exchange of classified information between different subsidiaries of the same company, and even viewing the websites and IT systems of suppliers or clients. As a consequence of this, a genuine security issue relating to these new methods of working is starting to emerge. 

“Virtual Private Networks” (VPNs) can provide an answer to some of these issues, and they are coming into increasing usage. The purpose of this article is to show the different types of VPN in existence, and also to detail a few user scenarios.  

Explanations

A virtual private network is a means of communication which ensures secure data transfer over public or shared networks (such as cable distribution and even ADSL). A VPN is, in fact, a communications network which uses the same security parameters as a private network. Its main features are:

  • data confidentiality: encryption guarantees that the content of data transmitted can only be known to the parties exchanging the information. Because of this, any third party intercepting VPN traffic will not be able to determine its content;
  • data integrity: cryptographic methods employed ensure that the data received by the recipient over a VPN is identical to the data sent by the sender;
  • authentication of VPN users: it is important to know who is taking part in procedures to avoid security issues relating to identity theft and therefore illicit access to private networks.

VPN is a technology enabling a logical extension of a network or a sub-network of the organisation through the addition of workstations or sub-networks outside its physical boundaries. More specifically, employees working from home will be virtually acting within the internal network of the organisation, or between two remote sites or even a world apart, and sharing the same network.

Threats encountered

The Internet provides no guarantees over the confidentiality or the integrity of data circulating over the web. For example, if you send an email, it is entirely possible that a third party could intercept it, read it and even alter some of the content.

This is clearly totally unacceptable, especially with regard to sensitive connections such as transactions with clients or partners or remote access to a company’s classified information (on a file server, for example).

The best means to counter such threats is currently the use of a VPN.

Recommendations

There are many different VPN protocols available and choosing the right one is not a simple matter. It is important to find out about the strength of the cryptographic algorithms being used. For example, the PPTP protocol – the protocol traditionally used in Windows infrastructures – is known to be no longer reliable because the authentication data can be stolen by third parties.

In general, the easiest thing to do is to use the type of VPN offered with the firewall solution of your organisation.

Security policy

Draft and enforce the following sectoral policies:

Table of Contents