Placeholder Image

Subtitles section Play video

  • No.

  • Hello?

  • Yes, I can see.

  • So it's gonna be a bit obvious already.

  • But, Steve, you apart from the fact that you're frozen and turned into a load of garbled mess, suggesting I might need to turn that video off.

  • What are we talking about today?

  • It's a bit of a different type of days.

  • You can see I'm not at the university.

  • I am working from home like most people in the world.

  • So we're gonna record a computer file.

  • Shawn is at home with his house.

  • We're socially distancing.

  • I'm at my house.

  • I've got my camera out.

  • I'm sitting in my dining room on.

  • We're gonna talk about working from home.

  • One of the things that I've been doing the last week I've been using software Microsoft teams to communicate with my students and things.

  • Everything.

  • Now the rescue.

  • Nothing was being done online, and I thought it was interesting to spend a few computer files were talking about the technology that people are using to work from home.

  • We'll do it a serious of videos on these.

  • So things were all locked down and we'll explore some instead of every view, and others will go down into details of some of the nitty gritty stuff on.

  • I thought the 1st 1 to start with me to look at what people are using to connect to their work networks, which is virtual private networks.

  • There's two uses of VPN says that sort of use of people use it at home, perhaps, and this is sort of use of people use in the business world where they're trying to connect to their corporate networks so they can use resources that exist on that corporate network.

  • It is that latter view they're gonna talk about today.

  • The technology used a boat from when using a home to sort of protect your traffic if you're on a hostile network on when you the business world is the same, but the emphasis is slightly different.

  • We gotta talk about it from the business world empty because of the current situations.

  • I didn't place the size to think about how people use their computers and networks in a business, and then we can extrapolate from that the problem that we need to solve with a virtual private network and then how the technology works from that.

  • So I drew a little diagram.

  • I don't have any computer listing.

  • Pray for here, but I have the next best thing.

  • I have my iPad with computer listing paper by and we'll draw on that and hopefully the screen capture will work.

  • Then you see what I'm doing.

  • Let's have a think about what a typical corporate network would be.

  • We would have some computers that people would use on.

  • These would sort of be networked together.

  • Let's just have a couple that would be a small office and they're all connected to a single network.

  • And alongside that, there might be servers that you'd use.

  • So that might be.

  • For example, a file server, which contained some secret information, will call us the files, and we might have a database which has got some information on a normal corporate network.

  • You can access that quite easily.

  • The machines can send packets out every network to the file server and accent, and things are generally secure.

  • You may have some commission set up, so the right people you can access the right service is, and so but these things, that network is gonna be connected via some sort of router to the Internet and if I could draw a flower picture that will be the Internet after those machines can also access to the Internet via the router on the Richard Connect as a firewall so that people can't get into it from the outside and that all works.

  • Answer that you find the problem comes is if we have a person sitting out in a cafe or working from home is on who wants to access those same resources?

  • We need to provide access to those resources without making them insecure.

  • Now, some of these you could secure and put directly out on the Web is no problem doing that.

  • But some of them may be devices that you don't want accessible out on the wide Internet.

  • What we want to be able to do is have the person who's sitting here on the outside be able to access as if they were directly connected to that network.

  • But of course they're not in the physical premises, so we can't just run a cable to them.

  • So how do we get around this?

  • Well, what you could do At one point you could buy a dedicated connection from telecoms company, and they would run a wire from your business premises to say the person's home on you connect them die.

  • Will you have a direct cable that ran across the whole thing?

  • The other thing you could do is use a dial up modem and the person would ring over the telephone network and connect with that.

  • You'd have remote access by that, but that requires specific resources, quite a dial up modem, quite a diet collection being put into place.

  • What would be great is if someone could just sit on the Internet.

  • Access to resources from wherever they are, but with the same level of access is if they had a physical connection to the network.

  • And this is what a virtual private network is trying to solve now.

  • How does that work?

  • Well, we need to think about how the computer is actually communicating over the local network.

  • Then we can extrapolate out from that to see how the day to get sent over a virtual private network.

  • So when we bring up a new sheet of virtual paper, this is an interesting experience during a computer file.

  • This way, it's very different from doing it, for sure on in the room.

  • So let's think about it.

  • We've got a machine on the local network on we've got a file server too Strong access files that now, in a way that modern networks were particularly I p networks.

  • We take the data we're tryingto send, and we break it down into a series of chunks which we call khakis, and we send a series of trunks out over the network.

  • But those chunks don't go is pure data over the network.

  • We need to sort of wrap them up so that when they get to the other end, they can be sort of unwrapped and put back together in the right order, depending on how that works.

  • Configure depending on how complicated the network is, they may get take different routes to get to the point.

  • So the various things generally would have the data in a packet.

  • And then on top of that, we put a series of headers that tell us things.

  • So the standard network these days you have a TCP head of there that would tell it with the order that these packets need to go in and then you have an I P headed put in front of that, which would tell it where it's going, where it's come from.

  • And then these days of local network will almost certainly be even on.

  • That whole lot will be perched inside an Ethernet packet so we'll have an Ethernet header at the top and then that could be sent either directly to the machine that wants it all to a machine that can pass it on to the machine that wants it over the company's local network.

  • So that's how we send data over the local network.

  • But we can actually do the same thing if we have a direct connection, rather than having the machine put it directly on the local network.

  • We have another machine, which was connected to the local network and connected to the direct connection, and it would give an I P address to the remote machine.

  • Remember, this is a physical direct connection, either by a dial up modem link or physical, at least lying from the telecoms company.

  • And then it wouldn't put the Ethan their head around the front of that there, so these in the head it would disappear, but it would wrap it up in some other form of headed to the usual one that was used on leased lines.

  • Waas a p p.

  • P.

  • A point to point protocal packet headed.

  • Same thing.

  • We take the data, wrap it up in the TCP head of wrapped up into a nice header, send it out using PPP over the direct connection between the two machines, So that's how we could do it there.

  • But what if we want to do this with someone who's just sitting on the Internet?

  • What we can do?

  • Basically a very similar thing.

  • We give the Ramon machine an I p address as if it was on our network.

  • But rather than sending that packet directly to the machines over the Internet, what it does it takes that wrapped up i p packet and it wraps the whole watch up as another packet.

  • So it has a UDP headed here.

  • That's another why things communicate over the Internet, and there's a reason why he's UDP TCP might cover in a later video, and then that gets wrapped up as another I p packet.

  • But this time, rather than saying Wait with you, go on the local network.

  • This is going from the remain machines address on the Internet to a Gateway server on the running of the company.

  • So now then get sent I with the Internet to the right machine to the Gateway Server, and then the header could be removed.

  • The UDP header to leave the original I P packet that was sent by the machine on the same thing can happen in reverse.

  • But there's a couple of issues wrong.

  • We're sending date around over the Internet, so we need to make sure that that data is protected from being altered.

  • This someone is sending it, and also that someone can't read the secret information that might be in that data.

  • And we could do that.

  • Using cryptography, we can use hashing to hash the data that's in there and then say whether it's been changed enough, we consign that after the same way that Mike's talked about another videos, and we can also use cryptography to encrypt the data so they can't be sneaked on as it travels.

  • At least that's that's where two be straightforward.

  • That gives us is a private party when we get the virtual part because we're sending it over the Internet over virtually we've created just using a standard Internet connection.

  • You have to set up your corporate networks so that it knows that packets go into this particular I p address need to go out for a reversal private network link and so we can send it out over there.

  • And also, you need to make sure that the machine, the Remember Sheen is sending packets that are going to that machine over the virtual network.

  • And so is actually two ways you can get the rowing machine to send packets you can either just send the ones that are going to that network on everything else.

  • Go out of the Internet, and that works fine.

  • You get good, Brad and speed, but you might also be using Service is on the Internet that you don't want people to know that if you're working on, you might be accessing resources that could compromise your business integrity and so on.

  • So you can also set up.

  • And this is what people use at home, with their using a VPN to protect their connection so that all your traffic is sent over the virtual private network, and then it appears as if it's leaving from the business network where it's coming out with their I P addresses, even though actually the machines in a different location.

  • And so the Mr Data is encrypted and sent over that to the destination and then sent on from there as if he were connected to that network.

  • So it's not proxy.

  • It's a glittery, as if your machines connected to that network.

  • Of course, the problem you have here is if you're sending all your data out over the virtual private network, you need to make sure that the virtual private network they traffic yourself isn't sent out over the virtual private network.

  • Otherwise, it wouldn't get that I'm there already isn't unusual.

  • Take care of this because the connection to the virtual private network is created before you start sending data over the virtual private network so it can still track where it needs to route that information over the Internet.

  • The only other thing you need is some way to authenticate who the person using the network is, and this is usually done when you start up the connection.

  • So where there's a normal network connection these days, we connect a WiFi factories that you immediately connected to the network.

  • That may be some access controls their thio say whether you can actually use it insane things and whoever the technology immediately connects you with a virtual private network, you have to set that connection when you set up that virtual connection with server at the company, end on the climb to the remote and skin, figuring the details so they know where the I P addresses way to send those wrapped up packets back over the network.

  • I understand what's being achieved there, but does this run into any problems at all?

  • Obviously, it's possible you could see the VPN traffic going on when you could just sort of stopped those packets being sent and so on.

  • You shouldn't if the encryptions good and actually setting up all the encryption.

  • Making its right is quite difficult.

  • There's a lot of sort of commercial home use.

  • BP ends are actually, if you're not careful, it could be set up, so it's virtually no encrypted, a tall.

  • The other thing to say from that point of view, is that it's still possible to see what people are doing, even if they can't see.

  • Actually, the day to they're transferring.

  • I mean, certain activities that you might do everything to that have specific patterns.

  • That data is transferred in.

  • And so you can infer from the way the packets over the VPN going what's actually happening there.

  • So it's not true.

  • Hidden things.

  • He could still see some things, for example, of the difference between a sort of videoconferencing call like this on a Web page you'd be out of Satan.

  • Looks like videoconferencing looks like they're sort of weapons.

  • You won't have full detail, but you could sort of infer that from the way the traffic, it's sort of being transferred and things.

  • The other thing is calls from or practical point of view.

  • It will have later CTU connection because you got to send a packet to the VPN server and then out to its destination it, lad legacy, depending on how bad the network is, where you are, that man should be faster because your business got a faster connection.

  • That might be a more direct route than you going directly.

  • Follow on, of course, because each packet has to be slightly smaller to fit.

  • The extra head is in there.

  • Then you will run slightly slower than the maximum speed he could transfer.

  • But that's marginally less so.

  • There are swings around about direct connection, and so on is always gonna be faster.

  • But this gives you a lot of peace of mind.

  • Means in our access is if you were sitting on your corporate network.

  • If this is our data path with our columns, by sharing bites around the different columns, when we combine it with the mixed column step, which will do in a minute, you'll see that, actually, we're mixing everything up.

  • So within just a couple of round, we could either make the computer process of faster or we can have multiple cause, each working on part of the problem at the same speed.

No.

Subtitles and vocabulary

Click the word to look it up Click the word to find further inforamtion about it