I'm Mark Bowling. In the second part of the network and security devices module, I'll pick up where I left off in the last video and talk about VPN, DLP, UTM and SIEM devices. Previously, I talked about some methods and devices used for securing data on a network controlling web access. But we also need to ensure that when companies need to utilize third party and public networks for secure site to site and client to site network connections, they can do so while ensuring that the data transmitted across those networks is secured from eavesdropping and interception. That can be effectively handled using VPNs. We also need to ensure that sensitive and classified data on the network is kept secure. Data loss prevention provides mechanisms to make sure that sensitive data is only shared with those who are authorized to access it. A virtual private network or VPN creates a secure encrypted connection or tunnel across the Internet back to an organization's network. VPN client software is typically installed on mobile endpoints such as laptop computers, smartphones to extend a network beyond the physical boundaries of the organization. The VPN client connects to a VPN server such as a firewall router or VPN appliance concentrator. Once a VPN tunnel is established, a remote user can access network resources such as file servers, printers and voice over Internet Protocol VoIP phones just the same as if they were physically located in the local network. Point to point tunneling protocol PPTP is a basic VPN protocol that uses the Transmission Control Protocol TCP Port 1723 to establish communication with the VPN peer and then creates a generic routing encapsulation or GRE tunnel that transports encapsulated point to point protocol, PPP packets between the VPN peers. Although it's easy to set up and considered to be very fast, it's perhaps the least secure of the various VPN protocols. It's commonly used with either the password authentication protocol PAP, Challenge Handshake Authentication Protocol, CHAP or Microsoft Challenge Handshake Authentication Protocol versions 1 and 2 called IMS Chat V1 or V2 all of which have well-known security vulnerabilities to authenticate tunneled PPP traffic. The Extensible Authentication Protocol Transport Layer Security, also known as EAPTLS provides a more secure authentication protocol for PPTP but requires a public key infrastructure and is therefore more difficult to set up. The Layer 2 tunneling protocol L2TP is a tunneling protocol that supported by most operating systems, including mobile devices. Although it provides no encryption by itself, it's considered secure when used together with IPSec, discussed in Module 2445. The Secure Socket Tunneling Protocol, SSTP is a VPN tunnel created by Microsoft to transport PPP or L2TP traffic through an SSL 3.0 Channel. SSTP is primarily used for secure remote client VPN access rather than site to site VPN tunnels. Open VPN is a highly secure open source VPN implementation that uses SSLTLS encryption for key exchange. Open VPN users up to 256 bit encryption and can run over TCP or UDP. Although it's not natively supported by most major operating systems, it has been ported to most major operating systems, including mobile device operating systems. Internet protocol security, commonly referred to as IPSec, is a secure communications protocol that authenticates and encrypts IP packets and a communication session. An IPSec VPN requires compatible VPN client software to be installed on the endpoint device. A group password or key is required for configuration inclined to server IPSec VPN typically require user action to initiate the connection, such as launching the client software and logging in using a username and password. An IPSec VPN can be configured to force all the users Internet traffic back through the organization's firewall, providing optimal protection with enterprise great security but with some performance loss. Alternatively, split tunneling can be configured to allow Internet traffic from the device to go directly to the Internet, while other specific types of traffic route through the IPSec tunnel for acceptable protection with much less performance degradation. If split tunneling is used, a personal firewall previously discussed should be configured and active on the organization's endpoints, as a split tunneling configuration can create a side door into the organization's network. Attackers can essentially bridge themselves over the Internet through the client endpoint and into the network over the IPSec tunnel. Secure Sockets Layer, SSL is an asymmetric encryption protocol used to secure communication sessions. SSL has been superseded by transport layer security, TLS, although SSL is still more commonly used terminology. An SSL VPN can be deployed as an agent based or agent list browser based connection. An agent list SSL VPN only requires users to launch a web browser and open a VPN portal or web page using the STTP protocol and log in to their network using their user credentials. A dissolvable client is used within the browser session, which persist only as long as the connection is active and removes itself when the connection is closed. This type of VPN can be particularly useful for remote users that are connecting from an endpoint device they do not own or control, such as a hotel kiosk where the full VPN software cannot be installed. SSL VPN technology has become the de facto standard and preferred method of connecting a remote endpoint devices back to the Enterprise Network while IPSec is the most commonly used in site to site and device to device VPN connections such as connecting a branch office network to headquarters location network or data center. Network Data Loss Prevention, or DLP solutions, inspect data that is leaving or egressing a network, for example, via email, file transfer, Internet uploads or copying to a USB thumb drive and prevent certain sensitive data based on defined policies from leaving the network. Examples of sensitive data might include personally identifiable information, PII, such as names, addresses, birth dates, Social Security numbers, health records including electronic medical records or EMR, and electronic health records or EHRs and financial data such as bank account numbers and credit card numbers. Classified materials such as military or national security information and intellectual property, trade secrets and other confidential or proprietary company information. A DLP security solution prevents sensitive data from being transmitted outside the network by users, either inadvertently or maliciously. A robust DLP solution can detect the presence of certain data patterns, even if the data is encrypted. However, these solutions introduce a potential new vulnerability in the network as they have visibility into and ability to decrypt all data on the network. Other methods rely on decryption happening elsewhere, such as web security clients or other man in the middle decryption engines are also available. DLP solutions often require many moving parts to effectively route traffic to and from inspection engines, which can add to the complexity of troubleshooting network issues. Unified Threat Management, or UTM devices, combine numerous security functions into a single appliance, including firewall for stateful inspection IDS, IPS, anti-malware, antispam, VPN content filtering and DLP. UTM devices don't necessarily perform any of these security functions better than their standalone counterparts, but nonetheless, they serve a purpose in small to medium size enterprise networks as a convenient and inexpensive solution giving an organization in all in one security device. Typical disadvantages of UTM include, in some cases, the lack of rich feature sets in order to make them more affordable. All security functions use the same processor and memory sources and enabling all of the functions of UTM can result in up to a 97 percent drop in throughput and performance as compared to top end throughput without the security features enabled. Despite numerous security functions running on the same platform, the individual engines operate in silos with little or no integration or cooperation between each other. SIEM, or security information and event management software tools and managed services provide real time monitoring, event correlation, analysis and notification of security alerts generated by various network devices and applications. That covers all of the network security devices in this module. Once again, I'm Mark Bowling, and I'd like to thank you for watching.
