Tunneling and Encryption

Video Activity

Tunneling and Encryption This lesson covers methods of tunneling and encryption as a means of network control. The main concept with tunneling and encryption is the Virtual Private Network (VPN). A VPN is an encrypted private tunnel over a public network. Basically, it's a means of creating a private network on a public interface.

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

31 hours 29 minutes
Video Description

Tunneling and Encryption This lesson covers methods of tunneling and encryption as a means of network control. The main concept with tunneling and encryption is the Virtual Private Network (VPN). A VPN is an encrypted private tunnel over a public network. Basically, it's a means of creating a private network on a public interface.

Video Transcription
our next type of network access control that we're gonna talk about is tunneling and encryption.
So what is tunneling an encryption?
When we need to make a connection between two in points over a public network, we need to have some way that we can transmit that information that we can access that network without disclosing the information that we're transmitting to the public.
A lot of times, this is by piggybacking on a public Internet connection and then just using a VPN tunnel through the Internet connection. That way we can essentially, we can authenticate ourselves, and we can send information encrypted
without having to actually be in the office or
Lisa dedicated line. We could just use the standard Internet connection. So let's let's take a look at this a little bit closer. Our main concept with our tunnelling encryption, tunneling and encryption, is going to be a V p. M. Now VP and stands for a virtual private network and essentially, what a VPN is. It's an encrypted
private tunnel over and over a standard public network,
so we're essentially
creating a private network on a public interface. So that's a lot of words that if we don't really understand what what's going on, make no sense. So let's take a look at this in practice. Let's say that you work. You work from home. Sometimes you have two days out of the week that where you
get to work from home,
you have to look, but you have to log in. You have to be self to do work.
You also have the flexibility to work from from the road. If you go on your business trips. So you go on a business business trip and you're sitting in the hotel where you're working and the hotel has available WiFi.
So you pull out here, you pull out your company laptop, you open it up and you remember that before this big presentation, you need to access a file that's on the file server at your company.
So your company has the VP and set up a virtual private network which allows you to connect from from wherever you are in the world, over the Internet, to the company. Sever, while depending on the company, some companies little sidebar. Some companies may not permit you to connect through your VP in when you're in other countries
because those other countries may act, their government may actually be
tracking, and they may be putting additional tracking code into the data that you're transmitting when it's going through their their country's Internet service providers. So you need to check your company's policies for this, of course, as to where you're allowed to connect from through V. P. M. But anyway, back to our main discussion.
You're sitting in a hotel in Oregon
and you're about to go on and you're about to have a presentation, and your company's main offices are in Washington, D. C. So you need to retrieve this file from the server in Washington, D. C. But it's sensitive company information. It's need to know confidential, sensitive company information.
So you don't want all the other people on this
put on this public this public hotel wireless to be able to see this data coming down. Maybe it's ah, big conference, and there are multiple other companies that are also staying in this hotel that could potentially be listening into the wireless to sniff for any traffic or anything that they're competition's doing to get in, get a leg up.
this is of course, the ultimate.
I need to make sure your data is secure. One of the ultimate need to make sure your company's data secure scenario.
So you're on a public open wireless connection in the hotel.
Now we're going to think of
the connection
from you to the Internet as a tunnel
because we're on a public, open wireless,
this wireless inner This wireless access point is just sending out a big tunnel
that anyone connected to that wireless access point can listen to the traffic that's going on in that tunnel right now in that hotel.
So you have another companies
employee who's connected to the tunnel,
and you're also connected to the Internet tunnel
rather than just connecting to the Internet tunnel connecting to the wireless access point, going to the Internet, going to your company's accent remote, remote access server and then connecting to the file server.
What you're going to do is you're going to start up
your remote access VPN.
So what this means is, before you actually can get to this server to pull your files, you're going to initiate your VP in. You're going to initiate an encrypted tunnel connection
by first sending an authentication method, you're gonna send an authentication over the Internet,
and this is going to be encrypted authentication.
And that's going to go to whichever aspect of your company is authenticating your remote dialling connection.
this device,
well, now authenticate you.
Whichever meet by whatever means it does. We'll talk about those means later.
So this device authenticates you
and it says, Okay, your authenticated. You're allowed to connect to the VPN,
so it's going to send back information
and you're going toe it, negotiate a tunnel.
So now
that you've been authenticated, you're gonna negotiate a tunnel.
What you're essentially doing
is you're creating your own private encrypted tunnel
inside of the existing
Internet public Internet tunnel
to the Internet,
over the Internet
and over to your company.
So the other person who's sitting on the same public wireless connection is you, even if they listen in and even if they're listening to the packets that you're sending
as soon as you've initiated your VP in connection and a CZ, long as you have this VP in connection set up correctly, all they see is encrypted data, so they don't see any of the connections that you're initiating back and forth. They don't see any of your data.
Once that encrypted tunnel gets to your in point, however,
it becomes unencrypted again because now it's in a safe location.
It goes to your file server. It says, Hey, can you send me this file? Any for the conference file server says. Sure,
in computer language
sends the file back,
and then once it hits this point, it gets re encrypted and then goes over the Internet through your encrypted tunnel.
Now, in the days before we could do this in this days before VPN in orderto have in order to be sure that you had a secure connection, you would either have to be sitting in the office or you would have to have a essentially a dedicated line running from you to your office. That was the only way you could verify
that no one else was listening in on your connection
with VP ends. We can now you lot utilize the existing Internet, utilize the existing wires that connect practically all most toe all businesses now, and just essentially create our own piggyback connection over that That's encrypted,
this allows us a lot more. It makes it makes remote connections in tow work. Ah, lot more secure. It makes them a lot more user friendly. And it prevents us from having to have millions of wires connecting all the businesses across the United States because we now have essentially what is a dedicated what is says,
essentially a virtually a virtual
dedicated private network from us to our office. So that's why the peons are so powerful. And that's why the peons are so important in our work environment.
with our VP ins, we have two main types of the peons that we're goingto need to discuss. RV peons can be site to site
or client to site.
Now we're gonna talk about clients a site first, because that's what we have right here already set up
clients. A site, VPN, is a remote access VPN from a user back into their remote network,
so it's essentially a connection from you to work or you back to your home network. Whatever the case may be, that is a client to cite VP in connection. This may just be a There may already be a built in operating system functionality where you can set up your VP in
or you may have your company may issue specialized software to be downloaded on the laptop
so that you can set up your VP in. But whatever the case may be, remember that client to site is a connection from you back to your home or office.
now we say home or office, because you can Also VPN aren't just limited to all office functions. You can also utilize V peons in order just to make sure that your own communications air secure when you're out in public.
If you If you purchase of VPN now, you can actually go online and purchase. VP is to secure servers or you set up a VPN in your home. You can actually, just simply when you're out and about your out in a coffee shop, you can connect through a VPN back to your home and then from your home network, essentially go out to the Internet
to make sure that no one else in that coffee shop is listening in to your Internet connection. So VPN aren't just for connecting back to work. VP ends are very useful, even just for making sure that all of your Internet traffic is secure,
or at least it's not being listened to
on the network that you're currently on.
So that's client to site.
Next, we have sight to sight now. Site decided a little bit different site. The site isn't connecting a single computer to back toe work. Site to site is connecting to business sites together or two,
essentially two different networks together over a public network.
So rather than you in a hotel connecting back to
work, it may be your headquarters in a branch office in this branch office has several users in it, and these users need to connect back to the servers that are in the head office. They need to connect back to that data. Maybe there's some replication going on between the file servers and the file servers need to connect back
to the head office.
Whatever the case may be, you need a connection
from the branch office to the head office so that it's like the people in the branch office are sitting at computers in the head office.
So the people in the branch office will all connect to their network connection with all connect to their switch to the router and then this device. They'll have a VPN device,
which will then initiate a VP and tunnel
over to the head office using the pre existing Internet connection. This is essentially like a dedicated least line, but it's a lot cheaper. You're you're not paying for an entire line to be dug from you to your in point. You're not paying for a you're not paying for a dedicated,
a dedicated least line, which can cost a lot of money from one your branch office tear main headquarters. These dedicated least lines can be You could replace that with this alternative VP in structure, which is essentially a dedicated least line through the Internet that is a lot cheaper, a virtual dedicated least line
through just a standard Internet
because you don't want other people listening in on this connection between these two businesses. You want to make sure that it's encrypted, that it's secure and that it is a point to point connective ity, and that's what you're getting. That's what you're getting with this. With this VP in connection, it's avert essentially that virtual private network.
Well, why you may ask Why don't you just transmit data encrypted over just over the Internet? Why do you need it to actually be tunneled? Why do you need a virtual private network tunnel? While a virtual private network tunnel allows us to not only transmit data on Layer three, which is the I P layer, but it also allows us to transmit layer to data.
So if remember, Layer are Leia to data is going to be
data that packets that are being sent, like at the Mac address level at the network interface card level. They're not. They're dated. It's dated that may not be pushed out that may not be broadcast out of replicated out by a router, but because we haven't VP and concentrator, or we have some sort of VP and set of going on
rvp and will actually allow
layer to traffic to go from one point to the other over the Internet So VPN it's a encrypted virtual tunnel between Point A and point B that not only helps us by providing tunneling and encryption, but it also helps us by allowing us to
Sinden receive layer to traffic
through the Internet, which is which would otherwise typically just be a layer three connectivity so we could do things like an already P session from one computer in the branch office to a computer in the headquarters office. So it's important to realize that we do have that ability to have that layer to connective ity
using that v p m.
sight to sight it connects our 22 sites or two. Business is cheaper than a standard dedicated least line, and we can set it up to be persistent or dial on command. Persistent would be a dedicated least line are
my apologies Persistent would be a VPN that is connected and is essentially always on always on VP in connection. Doesn't matter if data's being transmitted over that VP in or not, it's still set up. We still have that encrypted tunnel between the Point A and point B,
whereas a dialogue on command is that VP and tunnel on Lee comes alive when it's needed,
and then for a short time frame. After that and then after it hasn't had data transmitted over a certain amount of time. It just stops and disconnects. So depending on our network, you utilization our network bandwidth and how often we need our band. R R v p n. We may want to consider whether we're using are persistent
or a dial on demand
v P M. If we're using a site to site set up.
Up Next
CompTIA Network+

This CompTIA Network+ certification training provides you with the knowledge to begin a career in network administration. This online course teaches the skills needed to create, configure, manage, and troubleshoot wireless and wired networks.

Instructed By