BN305 - Virtual Private Networks: Technologies and Security Report

Verified

Added on 2022/12/15

AI Summary

This report, prepared for the BN305 Virtual Private Networks course, provides a comprehensive overview of VPN technologies and their significance in contemporary organizations. The report begins with an executive summary highlighting the importance of VPNs for organizational security. It delves into the introduction of VPNs, emphasizing their role in providing secure and encrypted connections, cost savings, and network scalability. The report then explores authentication and access control mechanisms, including the authentication process of SSL and TLS, digital signatures, and client-server architecture. It further examines confidentiality and integrity, detailing the methods used by SSL to achieve these aspects, including symmetric and asymmetric encryption, hash algorithms, and the role of VPN client software. The report also addresses anti-replay attacks and the countermeasures to mitigate them. Finally, the report concludes by emphasizing the critical role of VPNs in protecting organizational data and operations.

Running head: VPN
VPN
Name of the Student:
Name of the University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1VPN
Executive Summary:
The purpose of this report is to showcase the importance of VPN in each and every
organization. The report describes about the various types of VPN and their importance in
daily business operation. The report mainly focuses on the VPN and the possible
countermeasures to mitigate the VPN attacks in an organization. Lastly, the report concludes
that the security of VPN should be a high priority for every organization.

2VPN
Table of Contents
Introduction:...............................................................................................................................3
Authentication and Access Control:...........................................................................................3
Confidentiality and Integrity:...................................................................................................14
Anti-Replay:.............................................................................................................................16
Conclusion:..............................................................................................................................17
References................................................................................................................................18

3VPN
Introduction:
VPN is a type of programming which generates an encrypted and a safe connectivity
between the loss secure networking system for example public internet. A VPN operates with
the help of some distributed public infrastructure keeping the privacy by tunnelling protocols
and some security procedures. Tunnelling protocols includes encrypting all the data at the
sending side and decrypting data at the receiver side. The contemporary organization should
implement VPN due to some factors like: Cost Savings of the organization , increases the
productivity of the organization and they are too affordable for any type of organization.
increases the network scalability and also plays an important role in security of the
organization. The two form of VPN SSL/VPN as well as the IPSEC/VPN differs due to the
fact that the security of the system which is in the favor of VPNSSL and the SSL based VPN
s are always better to bypass all the firewalls from the network, Speed and reliability both of
the type are relatively fast but IKEv2/IPsec is the comparatively faster than SSL based VPN.
SSL/VPN has more advantageous over IPSEC/VPN because of the administrative costliness
of IPSEC/VPN and it do not support granular access security. The report briefly describes
about the authentication and access control, confidentiality and integrity, anti-replay attacks.
Authentication and Access Control:
The authentication process of SSL and TLS: To authenticate the server, the client utilizes
the server’s public key for encryption the data which is to find the secret key [1]. The server
produces the secret key if and only if the data is decrypted with the right private key [2]. To
authenticate client, the server utilizes the public key in the client certificate which is to
decrypt the data which the client sends during the handshake process [3]. When the exchange
method occurs between the encrypted messages and the secret key it confirms that the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4VPN
authentication process is finished. If any one of the authentication fails, then the handshake
process fails and the session terminates [4].
Figure 1: Open the chrome window
(Source: [5])

5VPN
Figure 2: select the red labelled button
(Source: [5])
Figure 3: select more tools
(Source: [5])
Figure 4: select security or >>

6VPN
(Source: [5])
Figure 5: click on view certificate
(Source: [5])
The working principle of digital signature:
The working principle of the digital signature are as follows [6]:
 Put the Signature: When the “sign” button is clicked a very unique fingerprint of the
document known as hash is created, then the hash is encrypted with the help of private
key of the signer and then the document which is now digitally signed is ready to
distribute.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7VPN
 Verify the signature: When the document is opened in a digital signature capable
program which utilizes the signer’s key to decrypt the hash then the program finds the
new hash for the file.
Figure 6: open chrome and click on settings
(Source: [7])