In this video you will learn about remote access methods such as: VPN, RDP, SSH, VNC, Telnet, HTTPS, URL management, remote file access, & out-of-band management.
A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A VPN connection requires a VPN server at the remote site and a VPN client at the client site. VPN traffic between client and server is encrypted and encapsulated into packets suitable for transmission over the network. VPN connections are often referred to as “tunnels” and the process of setting up a VPN as “tunneling”. A VPN connection has several benefits compared with a standard connection:
IPsec (Internet Protocol Security)
IPsec is a secure network protocol suite that authenticates & encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in VPNs. IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session & negotiation of cryptographic keys to use during the session. IPsec can protect data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.[1] IPsec uses cryptographic security services to protect communications over IP networks. It supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.[2]
SSL (Secure Sockets Layer)
SSL is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, & data integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used today. A website that implements SSL/TLS has “HTTPS” in its URL instead of “HTTP”.[3]
TLS (Transport Layer Security)
Transport Layer Security is a widely adopted security protocol designed to facilitate privacy & data security for communications over the Internet. A primary use of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP). As previously mentioned, TLS evolved from an encryption called Secure Sockets Layer (SSL). Due to this history, the terms TLS & SSL are sometimes used interchangeably.[4]
DTLS (Datagram Transport Layer Security)
Datagram Transport Layer Security is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed[5] to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol & is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport — the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP (not TCP), the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet.[6]
Site-to-Site VPN
A site-to-site VPN is a connection between two or more networks, such as a corporate network & a branch office network. Many organizations use site-to-site VPNs to leverage an Internet connection for private traffic as an alternative to using private MPLS circuits. Site-to-site VPNs are frequently used by companies with multiple offices in different geographic locations that need to access and use the corporate network on an ongoing basis. With a site-to-site VPN, a company can securely connect its corporate network with its remote offices to communicate and share resources with them as a single network.[7]
Client-to-Site VPN
In a client-to-site VPN connection, clients from the Internet can connect to the server to access the corporate network or LAN behind the server but still maintain the security of the network & its resources. This feature is very useful since it creates a new VPN tunnel that would allow teleworkers and business travelers to access your network by using a VPN client software without compromising privacy & security.[8]
Remote Desktop Protocol is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose (Remote Desktop Services), while the other computer must run RDP server software (Remote Desktop Connection). RDP uses port 3389.
Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. SSH is more secure than FTP and Telnet. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH. SSH servers housing data a client wants to retrieve utilizes port 22 and would need to have that port open to get access to that data. As previously mentioned, regular FTP is an insecure port, whereas, Secure FTP (SFTP) is secure by way of utilizing TCP port 22 as it run over an SSH session.
Virtual Network Computing is a graphical desktop-sharing system that uses the Remote Frame Buffer (RFB) protocol to remotely control another computer. It transmits the keyboard & mouse input from one computer to another, relaying the graphical-screen updates, over a network.[9] VNC is a platform-independent — there are clients and servers for many GUI-based operating systems and for Java. Multiple clients may connect to a VNC server at the same time. Popular uses for this technology include remote technical support and accessing files on one’s work computer from one’s home computer, or vice versa.[10]
Telnet is an application protocol used on the internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. A Telnet emulation enables a user to connect to a remote host or device using a telnet client over port 23. A telnet connection allows for a user to telnet into a computer that hosts their website to manage their files remotely versus simply downloading pages and files as he/she would with an http:// or ftp:// connection. Before a Telnet connection from a client can be established, a remote computer must already be configured to accept a Telnet login on port 23 and that port must be open before a login can take place. To utilize the Telnet command prompt on a Windows or Linux computer by way of a command-line Telnet program, you would have to open a connection to a remote computer, followed by opening a command prompt (Windows) or Terminal session (Linux) and then typing telnet and pressing the Enter.
HTTPS is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using TLS, or the formerly SSL. The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.[11] The principal motivations for HTTPS are authentication of the accessed website, and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks, and the bidirectional encryption of communications between a client and server protects the communications against eavesdropping and tampering.[12]
Management URL (Uniform Resource Locator)
A URL (also known as a web address) is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identifier (URI), although many people use the two terms interchangeably. URLs occur most commonly to reference web pages (http) but are also used for file transfer (ftp), email (mailto), database access (JDBC), and many other applications.[13]
URL management controls the technical configuration of a domain such as:
Remote file access is a service that lets you access files anywhere, anytime and with whatever device you like, as long as you’re connected to the Internet.[15] The types of remote file access that you need to be concerned about for the CompTIA Network+ N10-007 exam are:
Out-of-band management involves the use of management interfaces (or serial ports) for managing & networking equipment. Out-of-band management allows the network operator to establish trust boundaries in accessing the management function to apply it to network resources. It also can be used to ensure management connectivity (including the ability to determine the status of any network component) independent of the status of other in-band network components. One form of out-of-band management is sometimes called lights-out management (LOM) and involves the use of a dedicated management channel for device maintenance. It allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on, or whether it is installed or functional.[18]
References