NETWORK

SECURITY
PRESENTED

BY

GROUP C

1.JEROME

2.QUEENROSE

3.SAMSON

4 .Y I D I DYA
W H AT I S N E T W O R K S E C U R I T Y
Network security is the protection of the underlying networking infrastructure from
unauthorized access, misuse, or theft. It involves creating a secure infrastructure for
devices, applications and users to work in a secure manner.
Network security combines multiple layers of defenses at the edge and in the
network. Each network security layer implements policies and controls.
Authorized users gain access to network resources, but malicious actors are
blocked from carrying out exploits and threats. These layers could include the
following;
• Physical security.

• Perimeter security.

• End/entry point security.

• Application Security.

• Data security.
F I R E WA L L
A firewall is a network security system designed to prevent unauthorized access
to or from a private network. It monitors and controls the incoming and outgoing
network traffic based on predetermined security rules such as the IP address, IP
protocol and port number. It determines the source address, the destination
address and content.
This software or dedicated hardware unit functions by selectively blocking or
allowing data packets to help prevent malicious activity and to prevent anyone—
inside or outside a private network from engaging in unauthorized web activities.
Firewalls create 'choke points' to funnel web traffic, at which they are then
reviewed on a set of programmed parameters and acted upon accordingly. Some
firewalls also track the traffic and connections in audit logs to reference what has
been allowed or blocked.
• EXAMPLES OF FIREWALL SECURITY POLICIES

• Allow all access to the outside, block all access from the outside.

• Allow the access from the outside;

i. Only from for certain activities

ii. Only for certain sub-networks, hosts, application and/or
users.

Default security policy;

Default Permit.
Anything that is expressly not prohibited is allowed
Default Deny,
Anything that is not expressly allowed is denied.
 H OW DO F I RE WALLS
• Using OSI model;
WORK
• 7. Application Layer

• The application layer is used by end-user software such as web browsers and email clients. It provides protocols that allow
software to send and receive information and present meaningful data to users.
• 6. Presentation Layer

• The presentation layer prepares data for the application layer. It defines how two devices should encode, encrypt, and
compress data so it is received correctly on the other end.
• 5. Session Layer

• The session layer creates communication channels, called sessions, between devices. It is responsible for opening sessions,
ensuring they remain open and functional while data is being transferred, and closing them when communication ends.
• 4. Transport Layer

• The transport layer takes data transferred in the session layer and breaks it into “segments” on the transmitting end. It is responsible for
reassembling the segments on the receiving end, turning it back into data that can be used by the session layer.
• 3. Network Layer

• The network layer has two main functions. One is breaking up segments into network packets, and reassembling the packets on the receiving end. The other is routing packets by
discovering the best path across a physical network. T

• 2. Data Link Layer

• The data link layer establishes and terminates a connection between two physically-connected nodes on a network. It breaks up packets into frames and sends them from source to destination

• 1. Physical Layer

• The physical layer is responsible for the physical cable or wireless connection between network nodes. It defines the connector, the electrical cable or wireless technology connecting the devices, and is
responsible for transmission of the raw data, which is simply a series of 0s and 1s, while taking care of bit rate control.
SCREENING ROUTERS
Screening routers are specialized gateway computers placed on a network to segment
it. They are known as house firewalls on the network-level. The two most common
segment models are the screened host firewall and the screened subnet firewall:
• Screened host firewalls use a single screening router between the external and
internal networks. These networks are the two subnets of this model.
• Screened subnet firewalls use two screening routers— one known as an access
router between the external and perimeter network, and another known as
the choke router between the perimeter and internal network. This creates three
subnets, respectively.
Both the network perimeter and host machines themselves can house a firewall. To do
this, it is placed between a single computer and its connection to a private network.
• External public networks typically refer to the public/global internet or various
extranets.
• Internal private network defines a home network, corporate intranets, and other
‘closed’ networks.
• Perimeter networks detail border networks made of bastion hosts — computer
hosts dedicated with hardened security that are ready to endure an external attack.
As a secured buffer between internal and external networks, these can also be used
to house any external-facing services provided by the internal network (i.e., servers
for web, mail, FTP, VoIP, etc.). These are more secure than external networks but
less secure than internal. These are not always present in simpler networks like
home networks but may often be used in organizational or national intranets.
N E T W O R K F I R E WA L L S
Network firewalls involve the application of one or more firewalls between external
networks and internal private networks. These regulate inbound and outbound network
traffic, separating external public networks—like the global internet—from internal
networks like home Wi-Fi networks, enterprise intranets, or national intranets. Network
firewalls may come in the form of any of the following appliance types: dedicated
hardware, software, and virtual.
 Host firewalls or 'software firewalls' involve the use of firewalls on individual user
devices and other private network endpoints as a barrier between devices within
the network. These devices, or hosts, receive customized regulation of traffic to and
from specific computer applications. Host firewalls may run on local devices as an
operating system service or an endpoint security application. Host firewalls can also
dive deeper into web traffic, filtering based on HTTP and other networking protocols,
allowing the management of what content arrives at your machine, rather than just
where it comes from.
•A network firewall requires configuration against a broad scope of connections, whereas a host firewall can be tailored to fit
each machine's needs. However, host firewalls require more effort to customize, meaning that network-based are ideal for a
sweeping control solution. But the use of both firewalls in both locations simultaneously is ideal for a multi-layer security
system.
•Filtering traffic via a firewall makes use of pre-set or dynamically learned rules for allowing and denying attempted
connections. These rules are how a firewall regulates the flow of web traffic through your private network and private
computer devices. Regardless of type, all firewalls may filter by some combination of the following:
• Source: Where an attempted connection is being made from.
• Destination: Where an attempted connection is intended to go.
• Contents: What an attempted connection is trying to send.
• Packet protocols: What ‘language’ an attempted connection is speaking to carry its message. Among the networking
protocols that hosts use to ‘talk’ with each other, TCP/IP protocols are primarily used to communicate across the internet
and within intranet/sub-networks.
• Application protocols: Common protocols include HTTP, Telnet, FTP, DNS, and SSH.
•By using these identifiers, a firewall can decide if a data packet attempting a connection is to be discarded—silently or with an
error reply to the sender—or forwarded.
 TYPES OF
F I R E WA L L
Different types of firewalls incorporate varied methods of
filtering. While each type was developed to surpass
previous generations of firewalls, much of the core
technology has passed between generations. Firewall
types are distinguished by their approach to:
Connection tracking, Filtering rules and Audit logs.
Each type operates at a different level of the standardized
communications model, the Open
Systems Interconnection model (OSI). This model gives a
better visual of how each firewall interacts
with connections.
S T A T I C P A C K E T- F I LT E R I N G
F I R E WA L L
Static packet-filtering firewalls, also known as stateless inspection firewalls, operate at the OSI
network layer (layer 3). These offer basic filtering by checking all individual data packets sent across
a network, based on where they're from and where they're attempting to go. Notably, previously
accepted connections are not tracked. This means each connection must be re-approved with every
data packet sent.

Filtering is based on IP addresses, ports, and packet protocols. These firewalls, at the bare minimum,
prevent two networks from directly connecting without permission. Rules for filtering are set based on
a manually created access control list. These are very rigid, and it is difficult to cover unwanted traffic
appropriately without compromising network usability. Static filtering requires ongoing manual
revision to be used effectively. This can be manageable on small networks but can quickly become
difficult on larger ones.

Inability to read application protocols means the contents of a message delivered within a packet
cannot be read. Without reading the content, packet-filtering firewalls have a limited quality of
protection.
C I RC U I T- L E V E L G AT E WAY F I R E WA L L
A N D S TAT E F U L I N S P E C T I O N F I R E WA L L S
Circuit-level gateways operate on the session level (layer 5). These firewalls check for functional packets in an attempted
connection, and—if operating well—will permit a persistent open connection between the two networks. The firewall stops supervising
the connection after this occurs.

Aside from its approach to connections, the circuit-level gateway can be similar to proxy firewalls.

The ongoing unmonitored connection is dangerous, as legitimate means could open the connection and later permit a malicious actor
to enter uninterrupted.

Stateful inspection firewalls, also called dynamic packet-filtering firewalls, are unique from static filtering in their ability to
monitor ongoing connections and remember past ones.

Like the static filtering firewall, stateful inspection firewalls allow or block traffic based on technical properties, such as specific packet
protocols, IP addresses, or ports. This firewall updates filtering rules based on past connection events logged in the state table by the
screening router.

Generally, filtering decisions are often based on the administrator's rules when setting up the computer and firewall. However, the
state table allows these dynamic firewalls to make their own decisions based on previous interactions it has ‘learned’ from. For
example, traffic types that caused disruptions in the past would be filtered out in the future. Stateful inspection's flexibility has
cemented it as one of the most ubiquitous types of shields available.
•Proxy Firewalls, also known as application-level firewalls (layer 7), are unique in reading and filtering
application protocols. These combine application-level inspection, or ‘deep packet inspection (DPI),’ and
stateful inspection.
•Similar to a guard at a doorway, it essentially looks at and evaluates incoming data. If no problem is
detected, the data is allowed to pass through to the user.
•The downside to this kind of heavy security is that it sometimes interferes with incoming data that isn't a
threat, leading to functionality delays.
• Next-Generation Firewall (NGFW) Evolving threats continue to demand more intense solutions, and
next-generation firewalls stay on top of this issue by combining the features of a traditional firewall
with network intrusion prevention systems. Threat-specific next-generation firewalls are designed to
examine and identify specific threats, such as advanced malware, at a more granular level. More
frequently used by businesses and sophisticated networks, they provide a holistic solution to filtering
out threats.
• Hybrid Firewall As implied by the name, hybrid firewalls use two or more firewall types in a single
private network.
I M P O R TA N C E O F
F I R E WA L L S

• Networks without protection are vulnerable to any traffic that is

trying to access your systems. Harmful or not, network traffic
should always be vetted
• Connecting personal computers to other IT systems or the
internet opens up a range of benefits, including easy
collaboration with others, combining resources, and enhanced
creativity. However, this can come at the cost of complete
network and device protection. Hacking, identity theft, malware,
and online fraud are common threats users could face when
they expose themselves by linking their computers to a network
or the internet.
• Proactive protection is critical when using any sort of network.
Users can protect their network from the worst dangers by using
a firewall.
W H AT D O E S F I R E WA L L
SECURITY DO
What does a firewall do, and what can a firewall protect against? The concept of a
network security firewall is meant to narrow the attack surface of a network to a single
point of contact. Instead of every host on a network being directly exposed to the
greater internet, all traffic must first contact the firewall. Since this also works in
reverse, the firewall can filter and block non-permitted traffic, in or out.
Also, firewalls are used to create an audit trail of attempted network connections for
better security awareness. Since traffic filtering can be a rule set established by owners
of a private network, this creates custom use cases for firewalls. Popular use cases
involve managing the following;
Infiltration from malicious actors: Undesired connections from an oddly behaving
source can be blocked. This can prevent eavesdropping and advanced persistent threats
(APTs).
• Parental controls: Parents can block their children from viewing explicit web content.

• Workplace web browsing restrictions: Employers can prevent employees from using company
networks to access certain services and content, such as social media.
• Nationally controlled intranet: National governments can block internal residents' access to web
content and services that are potentially dissident to a nation's leadership or its values.
•However, firewalls are less effective at the following:

• Identifying exploits of legitimate networking processes: Firewalls do not anticipate human

intent, so they cannot determine if a ‘legitimate’ connection is intended for malicious purposes. For
example, IP address fraud (IP spoofing) occurs because firewalls don't validate the source and
destination IPs.
• Prevent connections that do not pass through the firewall: Network-level firewalls alone will
not stop malicious internal activity. Internal firewalls such as host-based ones will need to be
present in addition to the perimeter firewall, to partition your network and slow the movement of
internal ‘fires.’
• Provide adequate protection against malware: While connections carrying
malicious code can be halted if not allowed, a connection deemed acceptable can
still deliver these threats into your network. If a firewall overlooks a connection as
a result of being misconfigured or exploited, an antivirus protection suite will still
be needed to clean up any malware that enter.
•Firewall examples:
• Packet-filtering firewalls
• Proxy firewalls
• NAT firewalls
• Web application firewalls
• Next-gen firewalls (NGFW)
H O W T O U S E F I R E WA L L
PROTECTION
Proper setup and maintenance of your firewall are essential to keep your network and devices protected. Here are some
tips to guide your firewall network security practices:

• Always update your firewalls as soon as possible: Firmware and software patches keep your firewall updated
against any newly discovered vulnerabilities. Personal and home firewall users can usually safely update immediately.
Larger organizations may need to check configuration and compatibility across their network first. However, everyone
should have processes in place to update promptly.

• Use antivirus protection: Firewalls alone are not designed to stop malware and other infections. These may get past
firewall protections, and you'll need a security solution that's designed to disable and remove them. Kaspersky Total
Security can protect you across your personal devices, and our many business security solutions can safeguard any
network hosts you'll seek to keep clean.

• Limit accessible ports and hosts with an allow list: Default to connection denial for inbound traffic. Limit inbound
and outbound connections to a strict whitelist of trusted IP addresses. Reduce user access privileges to necessities. It is
easier to stay secure by enabling access when needed than to revoke and mitigate damage after an incident.

• Segmented network: Lateral movement by malicious actors is a clear danger that can be slowed by limiting cross-
communication internally.

• Have active network redundancies to avoid downtime: Data backups for network hosts and other essential
systems can prevent data loss and productivity during an incident
INTRUSION DETECTION
SYSTEM
An intrusion detection system (IDS) is a network security tool that monitors network traffic and
devices for known malicious activity, suspicious activity or security policy violations.

An IDS can help accelerate and automate network threat detection by alerting security
administrators to known or potential threats, or by sending alerts to a centralized security tool,
such as a security information and event management (SIEM) system, where they can be
combined with data from other sources to help security teams identify and respond to
cyberthreats that might slip by other security measures.

IDSs can also support compliance efforts. Certain regulations, such as the Payment Card Industry
Data Security Standard (PCI-DSS), require organizations to implement intrusion detection
measures.

An IDS cannot stop security threats on its own. Today IDS capabilities are typically integrated
with—or incorporated into—intrusion prevention systems (IPSs), which can detect security
threats and automatically take action to prevent them.
HOW INTRUSION DETECTION
SYSTEMS WORK
IDSs can be software applications installed on endpoints or dedicated hardware devices
connected to the network. Some IDS solutions are available as cloud services. Whatever
form it takes, an IDSs will use one or both of two primary threat detection methods:
signature-based or anomaly-based detection.
• Signature-based detection: Signature-based detection analyzes network packets
for attack signatures—unique characteristics or behaviors associated with a specific
threat. A sequence of code that appears in a particular malware variant is an example
of an attack signature.
A signature-based IDS maintains a database of attack signatures against which it
compares network packets. If a packet triggers a match to one of the signatures, the IDS
flags it. To be effective, signature databases must be regularly updated with new threat
intelligence as new cyberattacks emerge and existing attacks evolve. Brand new attacks
that have not yet been analyzed for signatures can evade signature-based IDS.
• Anomaly-based detection methods use machine learning to create and
continually refine a baseline model of normal network activity. Then it compares
network activity to the model and flags deviations—such as a process using more
bandwidth than it typically uses, or a device opening a port that’s usually closed.
•Because it reports any abnormal behavior, anomaly-based IDS can often catch
brand new cyberattacks that might evade signature-based detection. For example,
anomaly-based IDSs can catch zero-day exploits—attacks that take advantage of
software vulnerabilities before the software developer knows about them or has
time to patch them. But anomaly-based IDSs may also be more prone to false
positives. Even benign activity, such as an authorized user accessing a sensitive
network resource for the first time—can trigger an anomaly-based IDS.
LESS COMMON DETECTION
METHODS
• Reputation-based detection, blocks traffic from IP addresses and domains
associated with malicious or suspicious activity.
• Stateful protocol analysis focuses on protocol behavior—for example, it might
identify a denial-of-service (DoS) attack by detecting a single IP address making
many simultaneous TCP connection requests in a short period.
Whatever method(s) it uses, when an IDS detects a potential threat or policy
violation, it alerts the incident response team to investigate. IDSs also keep records
of security incidents, either in their own logs or by logging them with a security
information and event management (SIEM) tool (see 'IDS and other security
solutions' below). These incident logs can be used to refine the IDS’s criteria, such
as by adding new attack signatures or updating the network behavior model.
TYPES OF INTRUSION
PREVENTION SYSTEMS
IDSs are categorized based on where they’re placed in a system and what kind of activity they monitor.
• Network intrusion detection systems (NIDSs) monitor inbound and outbound traffic to devices across
the network. NIDS are placed at strategic points in the network. They are often positioned immediately
behind firewalls at the network perimeter so they can flag any malicious traffic that breaks through. NIDS
may also be placed inside the network to catch insider threats or hackers who have hijacked user
accounts. For example, NIDS might be placed behind each internal firewall in a segmented network to
monitor traffic flowing between subnets.
To avoid impeding the flow of legitimate traffic, a NIDS is often placed “out-of-band,” meaning traffic doesn’t
pass directly through it. A NIDS analyzes copies of network packets rather than the packets themselves. That
way, legitimate traffic doesn’t have to wait for analysis, but the NIDS can still catch and flag malicious traffic.
• Host intrusion detection systems (HIDSs) are installed on a specific endpoint, like a laptop, router, or
server. The HIDS only monitors activity on that device, including traffic to and from it. A HIDS typically
works by taking periodic snapshots of critical operating system files and comparing these snapshots over
time. If the HIDS notices a change, such as log files being edited or configurations being altered, it alerts
the security team.
•Security teams often combine network-based intrusion detection systems and host-based intrusion
detection systems. The NIDS looks at traffic overall, while the HIDS can add extra protection around
high-value assets. A HIDS can also help catch malicious activity from a compromised network node,
like ransomware spreading from an infected device.
While NIDS and HIDS are the most common, security teams may use other IDSs for specialized
purposes.
A protocol-based IDS (PIDS) monitors connection protocols between servers and devices. PIDS are
often placed on web servers to monitor HTTP or HTTPS connections.
•An application protocol-based IDS (APIDS) works at the application layer, monitoring application-
specific protocols. An APIDS is often deployed between a web server and an SQL database to detect
SQL injections.
•IDS evasion tactics While IDS solutions can detect many threats, hackers have developed ways to
get around them. IDS vendors respond by updating their solutions to account for these tactics.
However, this has created something of an arm’s race, with hackers and IDSs trying to stay one
step ahead of one another.
S O M E C O M M O N I D S E VA S I O N
TA C T I C S I N C LU D E :
Distributed denial-of-service (DDoS) attacks taking IDSs offline by flooding them with obviously
malicious traffic from multiple sources. When the IDS’s resources are overwhelmed by the decoy
threats, the hackers sneak in.
Spoofing faking IP addresses and DNS records to make it look like their traffic is coming from a
trustworthy source.
Fragmentation splitting malware or other malicious payloads into small packets, obscuring the
signature and avoiding detection. By strategically delaying packets or sending them out of order,
hackers can prevent the IDS from reassembling them and noticing the attack.
Encryption using encrypted protocols to bypass an IDS if the IDS doesn’t have the corresponding
decryption key.
Operator fatigue generating large numbers of IDS alerts on purpose to distract the incident
response team from their real activity.
IDS AND OTHER SECURITY
S O LU T I O N S
IDSs aren’t standalone tools. They’re designed to be part of a holistic cybersecurity system and are often
tightly integrated with one or more of the following security solutions.
IDS and SIEM (security information and event management
IDSs alerts are often funneled to an organization’s SIEM, where they can be combined with alerts and
information from other security tools into a single, centralized dashboard. Integrating IDS with SIEMs
enables security teams to enrich IDS alerts with threat intelligence and data from other tools, filter out
false alarms‌, and prioritize incidents for remediation.
IDS and IPS (intrusion prevention systems) As noted above, an IPS monitors network traffic for suspicious
activity, like an IDS, and intercepts threats in real time by automatically terminating connections or
triggering other security tools. Because IPSs are meant to stop cyberattacks, they’re usually placed
inline, meaning all traffic has to pass through the IPS before it can reach the rest of the network.
Some organizations implement an IDS and an IPS as separate solutions. More often, IDS and IPS are
combined in a single intrusion detection and prevention system (IDPS) which detects intrusions, logs
them, alerts security teams, and automatically responds.
1. Privacy: Without a virtual private network, your personal data like passwords, credit card information, and
browsing history can be recorded and sold by third parties. VPNs use encryption to keep this confidential
information private, especially when connecting over public wi-fi networks.
2. Anonymity: Your IP address contains information about your location and browsing activity. All websites on
the Internet track this data using cookies and similar technology. They can identify you whenever you visit
them. A VPN connection hides your IP address so that you remain anonymous on the Internet.

3. Security: A VPN service uses cryptography to protect your internet connection from unauthorized
access. It can also act as a shut-down mechanism, terminating pre-selected programs in case of
suspicious internet activity. This decreases the likelihood of data being compromised. These
features allow companies to give remote access to authorized users over their business networks.
 I D S A N D F I R E WA L L S
• IDSs and firewalls are complementary. Firewalls face outside the network and act as barriers,
using predefined rulesets to allow or disallow traffic. IDSs often sit near firewalls and help catch
anything that slips past them. Some firewalls, especially next-generation firewalls, have built-in
IDS and IPS functions.

What is a VPN? (virtual Private Network)

• A VPN or Virtual Private Network creates a private network connection between devices through
the internet. VPNs are used to safely and anonymously transmit data over public networks. They
work by masking user IP addresses and encrypting data so it's unreadable by anyone not
authorized to receive it.
• What is a VPN used for

VPN services are mainly used to safely send data over the internet. The three main functions of
VPNs are:
HOW DOES A VPN WORK
A VPN connection redirects data packets from your machine to another remote server before
sending them to third parties over the internet. Key principles behind VPN technology include:
• Tunneling protocol : A virtual private network essentially creates a secure data tunnel
between your local machine and another VPN server at a location that is thousands of miles
away. When you go online, this VPN server becomes the source of all your data. Your
Internet Service Provider (ISP) and other third parties can no longer see the contents of your
internet traffic.
• Encryption: VPN protocols like IPSec scramble your data before sending them through the
data tunnel. IPsec is a protocol suite for securing Internet Protocol (IP) communications by
authenticating and encrypting each IP packet of a data stream. The VPN service acts as a
filter, making your data unreadable at one end and only decoding it at the other — this
prevents personal data misuse, even if your network connection were to be compromised.
Network traffic is no longer vulnerable to attack, and your internet connection is secure.
W H Y S H O U L D YO U U S E A V P N

• For safe public internet access : Virtual private networks make on-the-go web activity safer for everyone.
People today are used to reading news articles at the cafe, checking email at the supermarket, or logging into
bank accounts on their mobile devices. This type of internet connection is vulnerable to hacking as the web
activity is over public wi-fi. Using VPN services when connecting to unsecured public wi-fi hotspots keeps both
your data and device safe.
• For keeping your search history private: It is no secret that your internet service provider and web browser
track your search history. They can and often do sell your browsing history for marketing purposes. For
example, looking for articles on leaking water taps can result in targeted ads from local plumbers. Your VPN
connection will protect you from data misuse.
• For accessing streaming services globally: When you travel outside your home country, your paid streaming
services may not be available due to contractual terms and regulations. Your VPN connection will allow you to
change your IP address from your home country and allow access to your favorite shows from where you are.
• For protecting your identity: By keeping you anonymous, VPN services protect you from digital surveillance.
They prevent your comments and conversations on the Internet from being tracked and safeguard your right to
freedom of speech, provided that you do not use your real identity on social media platforms.
HOW TO SET UP A
VPN

There are two common ways to access VPN services for individuals:
• Use a VPN provider : You can choose a VPN service that can be
accessed either from your browser or by downloading an app or
software to your device. These are subscription-based services that
typically charge on a per device basis. Hence they can be quite
expensive to set up. Also, each device needs to be configured
individually.
• Use a VPN router: This involves either purchasing a router with a
VPN connection pre-installed or installing VPN software yourself on
your home router. The advantage of this approach is that every
device accessing the internet via this router gets protected
automatically.
HOW TO CHOOSE
THE BEST VPN
PROVIDER
• With so many options available, choosing the right VPN service can feel
challenging. Use the checklist below to assess the different VPN providers
and make the best choice for you:

1. Logging policies The best VPN providers have minimal or no-logging

policies to prevent data breaches from their end.

2. Updated software The best VPN connections use the latest tunneling
protocol. OpenVPN protocol provides more robust security than others.
It is open-source software that is compatible with all major operating
systems.

3. Bandwidth limit: All services have data usage limitations. You will need
to choose a VPN provider that meets your data needs within budget.

4. VPN server locations: You have to ensure that your VPN provider has a
server located in the country where you require private internet access.
HOW TO CHOOSE
B E T W E E N PA I D
VS. FREE VPNS
• Free VPNs are useful if you are on a limited budget. However, it is important to note that
the primary source of revenue for free VPN providers is advertising. You can expect
targeted advertising or data logging and selling policies to be hidden in the terms and
conditions.

• Most free VPNs:

• Do not offer the most up-to-date VPN protocols

• Do not offer quality technical support

• Have low bandwidth and slower speed for free users

• Have a higher disconnection fee

• Have limited geographical distribution of VPN servers

Why do businesses use VPNs

VPNs are a cost-effective, high speed and secure way to connect remote users to the office
network. Because VPN connections are generally made over the public internet, they can be
less expensive and offer higher bandwidth when compared to dedicated WAN (wide-area
network) links or long-distance, remote-dial links. VPN connections provide companies with
high-bandwidth, private Internet access compared to expensive, dedicated LAN or WAN
(wide-area network) links or long-distance, remote-dial links.
 HOW DO
BUSINESSES USE
VPNS
There are three main ways that businesses use a VPN:
• Site to site VPN: A site-to-site VPN acts as an internal private network
for companies with multiple geographically separated locations. It
seamlessly and securely connects different intranets, allowing employees
to share resources between different internal networks .AWS Site-to-Site
VPN is a fully-managed VPN service that creates a secure connection
between the office network and AWS resources using IP Security (IPSec)
tunnels. For globally distributed applications, this option provides
outstanding performance. It can be upgraded to intelligently route VPN
traffic to the geographically closest AWS network endpoint. It also
connects a company’s data centers and branch offices to cloud-based
applications and services without exposing confidential data.
• Client VPN or open VPN: In Client VPN, the network administrator is responsible for
setting up and configuring the VPN service. The configuration file is then distributed to
the clients, or end-users, who need access. The client can then establish a VPN
connection from their local computer or mobile device to the company network. AWS
Client VPN is a fully managed remote access VPN solution that employees can use to
securely access resources within both AWS and on-premise business networks. Fully
elastic, it automatically scales up or down based on demand.
• SSL VPNA: Secure Sockets Layer Virtual Private Network (SSL VPN) provides secure
remote access via a web portal and an SSL-secured tunnel between a private device
and the office network. For large size remote teams, it can become expensive to
supply every member with a company device. In this case, SSL VPN becomes a cost-
effective option.
RE FFERENCES
1. A CYBER SE CURITY AGENDA FOR THE 45TH
PR E S I D E N T. ( 2 017, JANUARY 5). RETRIEVED
FR OM
HT TPS://WWW. C S I S . O R G / N E W S / C Y B E R S E C U R I T Y- A
GE NDA-45TH-P RESIDENT

2 . AU S T R A L I A’ S C Y B E R S E C U R I T Y S T R AT E GY
ENABLING INNOVATION, GROWTH & PROSPERITY
[PDF]. (N.D.). RETRIEVED FROM
H T T P S : / / C Y B E R S E C U R I T Y S T R A T E G Y. P M C . G O V. A U / A
S S E T S / I M G / P M C - C Y B E R - S T R A T E G Y. P D F

3 . K U R O S E , J . F. A N D K . W. R O S S ( 2 0 0 3 )
COMPUTER NETWORKING: A TOP DOWN APPROACH
F E A T U R I N G T H E I N T E R N E T , A D D I S O N W E S L E Y.