-
Notifications
You must be signed in to change notification settings - Fork 91
/
11. VPNs, Proxies
49 lines (37 loc) · 3.28 KB
/
11. VPNs, Proxies
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
* VPNS and Proxies
-----------------
-> Virtual Private Networks (VPNs) - A technology that allows for the extension of a private or local network to hosts that might not be on the that local network.
-> tunneling protocol - they provision access to something not locally available, when accessing a VPN it is to say a VN tunnel is established;
Employee ---------> VPN tunnel through internet ---> Router ------> Office IP server;
-> Employee uses a VPN client to establish a VPN tunnel to their company network;
-> This provisions their computer with a virtual interface with an IP that matches the address space of the network that established a VPN connection;
-> By sending data out of this virtual interface the computer can access internal resources just like it was physically connected to the private network;
-> Most VPNS work by using the Payload section of the transport layer to carry an encrpted payload that actually contains an entire second set of packets - network, transport, application intended to traverse the remote network;
-> Payload is carried to the VPNs endpoint, where all the other layers are stripped away and discarded, then the payload in decrypted, leaving the VPN server with the top three layers of a new packet, this gets encapsulated with the proper data link layer information and gets sent out across the network;
-> The process is completed in reverse in the opposite direction;
-> Here two-factor authentication became common;
-> Two-factor authentication - A technique where more than just a username and password are required to authenticate;
- A short-lived numerical token is generated by a user through a specialized piece of hardware or software.
* Site - site connectivity
-> VPNs are used to establish site-to-site connectivity, router or a specialized VPN device on one network establishes the VPN tunnel to the router or VPN device on another network; Two physically separated offices/devices - might be able to act as one network and access network resource across the tunnel;
-> VPNs are a technology that uses encrypted tunnels for a remote computer or a network to act as if it is connected to a network that it is not actually connected to.
* Proxy Services
-----------------
- A server that acts on behalf of a client in order to access another service;
- Proxies sit between clients are other servers to provide various funcionalities
1. Anonymity
2. Security
3. Content filtering
4. Increased performance;
etc;
-> Gateway router - example of a proxy;
->Web proxy - built for web traffic ;(old) It retrieves the data first time and stores it in cache, thereafter it launches the webpage from the cache on request;
-> Technology is faster, and web is more dynamic;
-> Now proxies can be used to prevent users from browsing certain sites;
-> Reverse Proxy -> A service that might appear to be single server to clients, but actually represents many servers living behind it;
Example twitter - too much incoming traffic that needs to be handled by multiple servers; Single front-end but multiple servers;
1. load balancing
Clients -------------------> Reverse Proxy ---------> Application servers 1,2,3, ......, n; - load balancing;
2. decryption
Proxies can be used to encrpte and decrypt the data;
Clients -------> decrypt hardware ---------> Reverse Proxy ----------> Application Servers;