Course 10 - Network Security Fundamentals | Episode 4: VPNs, Tunneling, and Secure Remote Access Technologies
Update: 2025-11-25
Description
In this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- What VPNs are and why organizations rely on them
- How tunneling works and how VPNs secure data in transit
- Key VPN protocols (TLS, L2TP/IPsec, AH, ESP) and what each provides
- How organizations manage secure remote access for users
- AAA systems for authentication, authorization, and auditing
- Administrative considerations for supporting remote workers securely
- A Virtual Private Network (VPN) creates a virtual, encrypted connection over an untrusted network (like the internet).
- VPNs protect communications through:
- Confidentiality: Encryption hides data from attackers.
- Integrity: Hashing ensures data isn’t modified.
- AAA: Authentication, Authorization, and Auditing/Accounting.
- VPNs are essential for users working remotely, on public Wi-Fi, or in locations with weak security.
- They defend against attacks such as:
- Traffic sniffing
- IMSI-catcher attacks on mobile networks
- Unauthorized access to internal systems
- Tunneling means encapsulating one network packet inside another using TCP/IP.
- Encryption can be applied at different OSI layers depending on the protocol.
- Tunneling allows remote users to securely reach internal networks as if they were physically inside the office.
- Uses Transport Layer Security (TLS) to secure remote access.
- Accessible through a browser (sometimes called SSL/TLS VPN).
- Must be protected with account lockout policies to block brute-force login attempts.
- Combines L2TP (Layer 2) for tunneling + IPsec (Layer 3) for encryption.
- IPsec includes two main components:
- AH (Authentication Header)
- Provides integrity, authentication, and non-repudiation.
- ESP (Encapsulating Security Payload)
- Provides encryption at Layer 3 so attackers cannot read data.
- AH (Authentication Header)
- Often used for site-to-site VPNs or permanent remote connections.
- Organizations must consider:
- User bandwidth (slow connections → poor performance).
- Encryption strength (weak encryption → vulnerabilities).
- Compatibility with firewall/VPN gateway settings.
- Monitoring and logging of remote sessions to detect misuse.
- Remote workers may face obstacles like:
- Poor-quality internet (e.g., remote regions)
- Location-based blocks (e.g., Great Firewall of China)
- AAA = Authentication, Authorization, Auditing/Accounting
- Common systems include:
- RADIUS
- Diameter (successor to RADIUS)
- TACACS
- Active Directory / SSO systems for unified authentication
- Logs created during the accounting phase help detect misuse.
- Full desktop control:
- RDP, VNC, TeamViewer, LogMeIn, Splashtop, Citrix
- Limited function access (e.g., email only):
- More restrictive remote gateways
- Security teams must:
- Regularly patch these tools
- Restrict access rights
- Align tool capabilities with organizational security goals
- Clear rules must define who:
- Supports equipment
- Fixes or replaces damaged devices
- Handles user connectivity issues
- Policies reduce ambiguity and prevent security gaps.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
1.0x
