Remote Access Methods | CompTIA Network+ N10-007 | 3.4

In this video you will learn about remote access methods such as: VPN, RDP, SSH, VNC, Telnet, HTTPS, URL management, remote file access, & out-of-band management.

VPN (Virtual Private Network)

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.  A VPN connection requires a VPN server at the remote site and a VPN client at the client site. VPN traffic between client and server is encrypted and encapsulated into packets suitable for transmission over the network. VPN connections are often referred to as “tunnels” and the process of setting up a VPN as “tunneling”. A VPN connection has several benefits compared with a standard connection:

• A VPN connection enables insecure public Wi-Fi to provide a secure private connection to a website that supports VPNs.
• A VPN connection enables the user to bypass blocks on websites in certain areas.  By using a VPN, a user can access social networks or search tools in countries where access is restricted or can use media subscription sites for areas other than where they live, such as a different country’s Netflix or other streaming service.
• A VPN connection hides activity from the user’s normal ISP because their internet traffic (including P2P torrents) is tunneling through the ISPs connections and is therefore invisible.

IPsec (Internet Protocol Security)

IPsec is a secure network protocol suite that authenticates & encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.  It is used in VPNs.  IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session & negotiation of cryptographic keys to use during the session.  IPsec can protect data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.^[1]  IPsec uses cryptographic security services to protect communications over IP networks.  It supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.^[2]

SSL (Secure Sockets Layer)

SSL is an encryption-based Internet security protocol.  It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, & data integrity in Internet communications.  SSL is the predecessor to the modern TLS encryption used today.  A website that implements SSL/TLS has “HTTPS” in its URL instead of “HTTP”.^[3]

TLS (Transport Layer Security)

Transport Layer Security is a widely adopted security protocol designed to facilitate privacy & data security for communications over the Internet.  A primary use of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website.  TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP).  As previously mentioned, TLS evolved from an encryption called Secure Sockets Layer (SSL).  Due to this history, the terms TLS & SSL are sometimes used interchangeably.^[4]

DTLS (Datagram Transport Layer Security)

Datagram Transport Layer Security is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed^[5] to prevent eavesdropping, tampering, or message forgery.  The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol & is intended to provide similar security guarantees.  The DTLS protocol datagram preserves the semantics of the underlying transport — the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP (not TCP),  the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet.^[6]

Site-to-Site VPN

A site-to-site VPN is a connection between two or more networks, such as a corporate network & a branch office network.  Many organizations use site-to-site VPNs to leverage an Internet connection for private traffic as an alternative to using private MPLS circuits.  Site-to-site VPNs are frequently used by companies with multiple offices in different geographic locations that need to access and use the corporate network on an ongoing basis.  With a site-to-site VPN, a company can securely connect its corporate network with its remote offices to communicate and share resources with them as a single network.^[7]

Client-to-Site VPN

In a client-to-site VPN connection, clients from the Internet can connect to the server to access the corporate network or LAN behind the server but still maintain the security of the network & its resources.  This feature is very useful since it creates a new VPN tunnel that would allow teleworkers and business travelers to access your network by using a VPN client software without compromising privacy & security.^[8]

RDP (Remote Desktop Protocol)

Remote Desktop Protocol is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose (Remote Desktop Services), while the other computer must run RDP server software (Remote Desktop Connection). RDP uses port 3389.

SSH (Secure Shell)

Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. SSH is more secure than FTP and Telnet. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH. SSH servers housing data a client wants to retrieve utilizes port 22 and would need to have that port open to get access to that data. As previously mentioned, regular FTP is an insecure port, whereas, Secure FTP (SFTP) is secure by way of utilizing TCP port 22 as it run over an SSH session.

VNC (Virtual Network Computing)

Virtual Network Computing is a graphical desktop-sharing system that uses the Remote Frame Buffer (RFB) protocol to remotely control another computer.  It transmits the keyboard & mouse input from one computer to another, relaying the graphical-screen updates, over a network.^[9]  VNC is a platform-independent — there are clients and servers for many GUI-based operating systems and for Java.  Multiple clients may connect to a VNC server at the same time.  Popular uses for this technology include remote technical support and accessing files on one’s work computer from one’s home computer, or vice versa.^[10]

Telnet

Telnet is an application protocol used on the internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. A Telnet emulation enables a user to connect to a remote host or device using a telnet client over port 23. A telnet connection allows for a user to telnet into a computer that hosts their website to manage their files remotely versus simply downloading pages and files as he/she would with an http:// or ftp:// connection. Before a Telnet connection from a client can be established, a remote computer must already be configured to accept a Telnet login on port 23 and that port must be open before a login can take place.  To utilize the Telnet command prompt on a Windows or Linux computer by way of a command-line Telnet program, you would have to open a connection to a remote computer, followed by opening a command prompt (Windows) or Terminal session (Linux) and then typing telnet and pressing the Enter.

HTTPS (Hypertext Transfer Protocol Secure)

HTTPS is an extension of the Hypertext Transfer Protocol (HTTP).  It is used for secure communication over a computer network, and is widely used on the Internet.  In HTTPS, the communication protocol is encrypted using TLS, or the formerly SSL.  The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.^[11]  The principal motivations for HTTPS are authentication of the accessed website, and protection of the privacy and integrity of the exchanged data while in transit.  It protects against man-in-the-middle attacks, and the bidirectional encryption of communications between a client and server protects the communications against eavesdropping and tampering.^[12]

Management URL (Uniform Resource Locator)

A URL (also known as a web address) is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.  A URL is a specific type of Uniform Resource Identifier (URI), although many people use the two terms interchangeably.  URLs occur most commonly to reference web pages (http) but are also used for file transfer (ftp), email (mailto), database access (JDBC), and many other applications.^[13]

URL management controls the technical configuration of a domain such as:

• assignments of URLs to websites
• redirection from one URL to another URL
• change to a URL
• vanity hostnames through third-level “vanity” URLs (this redirects a visitor from URL website link to another).^[14]

Remote File Access

Remote file access is a service that lets you access files anywhere, anytime and with whatever device you like, as long as you’re connected to the Internet.^[15]  The types of remote file access that you need to be concerned about for the CompTIA Network+ N10-007 exam are:

• FTP/FTPS (File Transfer Protocol/FTP secured with SSL/TLS)
  • The File Transfer Protocol is a standard network protocol used for the transfer of computer files between a client and server on a computer network. FTP is also used by web browsers. To access an FTP site, you would use the prefix ftp://. Windows, Linux & macOS contain a command-line FTP program, type ftp, press Enter, and then type help at the FTP prompt to see the commands you can use.
  • FTP sites with downloads available to any user support anonymous FTP.  Anonymous FTP is a means by which archive sites allow general access to their archives of information. These sites create a special account called “anonymous”. User “anonymous” has limited access rights to the archive host, as well as some operating restrictions. Some FTP sites require the user to log in with a specified username and password.  One drawback to FTP is that it is not considered secure due to FTP login credentials being transmitted & authenticated in clear-text.  To increase security, use FTP secured with SSL/TLS (FTPS) or Secure File Transfer Protocol (SFTP).  FTP uses port 21.

• SFTP (SSH File Transfer Protocol or Secure FTP)
  • SFTP is a network protocol that provides file access, file transfer, and file management over any reliable data stream.  It was designed as an extension of the Secure Shell (SSH) protocol to provide secure file transfer capabilities.  This protocol is used in a number of different applications, such as secure file transfer over TLS and transfer of management information in VPN applications.  The SFTP protocol allows for a range of operations on remote files which make it more like a remote file system protocol.  An SFTP client’s extra capabilities include resuming interrupted transfers, directory listings, and remote file removal.^[16]

• TFTP (Trivial File Transfer Protocol)
  • Trivial File Transfer Protocol is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host.  One of its primary uses is in the early stages of nodes booting from a LAN.  TFTP has been used for this application because it is very simple to implement.  Due to its simple design, TFTP can be easily implemented by code with a small memory footprint.  It is therefore the protocol of choice for the initial stages of any network booting strategy like BOOTP, PXE, BSDP, etc., when targeting from highly resourced computers to very low resourced single-board computers (SBC) and System on a Chip (SoC).  It is also used to transfer firmware images & configuration files to network appliances like routers, firewalls, IP phones, etc.  Today, TFTP is virtually unused for Internet transfers.^[17]

Out-of-Band Management

Out-of-band management involves the use of management interfaces (or serial ports) for managing & networking equipment.  Out-of-band management allows the network operator to establish trust boundaries in accessing the management function to apply it to network resources.  It also can be used to ensure management connectivity (including the ability to determine the status of any network component) independent of the status of other in-band network components.  One form of out-of-band management is sometimes called lights-out management (LOM) and involves the use of a dedicated management channel for device maintenance.  It allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on, or whether it is installed or functional.^[18]

References

1. Kent, S. & Atkinson, R. (1998, Nov). IP Encapsulating Security Payload.
2. IPsec. Wikipedia.
3. What is SSL? Cloudflare.
4. What is Transport Layer Security (TLS)? Cloudflare.
5. Rescorla, E. & Modadugu, N. (2006, Apr). Datagram Transport Layer Security.
6. Datagram Transport Layer Security. Wikipedia.
7. What Is a Site-to-Site VPN? Paloalto Networks.
8. Configure Client-to-Site Virtual Private Network (VPN) Connection on the RV34x Series Router. Cisco.
9. Richardson, T.; Stafford-Fraser, Q.; Wood, K.R.; Hopper, A. (1998). Virtual Network Computing.
10. Virtual Network Computing. Wikipedia.
11. Secure your with HTTPS. Google Inc.
12. HTTPS. Wikipedia.
13. URL. Wikipedia.
14. URL Management. Carnegie Mellon University.
15. How Remote File Access Works. How Stuff Works.
16. Barrett, D. & Silverman, R. (2001). SSH, The Secure Shell:  The Definitive Guide.
17. Trivial File Transfer Protocol. Wikipedia.
18. Out-of-band management. Wikipedia.