Types of VPNs:

• Site to Site VPN

• A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly
used in the large companies. Companies or organizations, with branch
offices in different locations, use Site-to-site VPN to connect the network
of one office location to the network at another office location.
• Intranet based VPN: When several offices of the same company are
connected using Site-to-Site VPN type, it is called as Intranet based VPN.
• Extranet based VPN: When companies use Site-to-site VPN type to
connect to the office of another company, it is called as Extranet based
VPN.
• Remote Access VPN

A remote access VPN allows a user to securely connect to a business or home

network and access its resources from a remote location.An employee of a
company, while he/she is out of station, uses a VPN to connect to his/her
company’s private network and remotely access files and resources on the private
network. Private users or home users of VPN, primarily use VPN services to
bypass regional restrictions on the Internet and access blocked websites.
Cloud VPN
• A Cloud VPN is a virtual private network that allows users to securely
connect to a cloud-based infrastructure or service. Cloud VPNs are
typically offered as a service by cloud providers such as Amazon Web
Services (AWS) and Microsoft Azure.. Cloud VPNs are often used by
organizations to securely connect their on-premises resources to
cloud-based resources, such as cloud-based storage or software-as-a-
service (SaaS) applications.
• 4. Mobile VPN
• Mobile VPN is a virtual private network that allows mobile users to
securely connect to a private network, using a cellular network. It
creates a secure and encrypted connection between the mobile
device and the VPN server, protecting the data transmitted over the
connection. Mobile VPNs can be used to access corporate resources,
such as email or internal websites, while the user is away from the
office.
IPSec Protocol
• Internet Protocol Security ( IPSec ) is a secure network protocol suite
that authenticate and encrypt data packets in internet. It has two
important roles: Encryption and Authentication.
• It operates at network later IPSec can work in two modes
transport mode
tunnel mode.
• In transport mode, IPSec encrypts traffic between two hosts. Here, there
will be encryption only for the data packet and not the IP header.
• In Tunnel mode, IPSec create virtual tunnels between two subnets. This
mode encrypts the data as well as the IP header.
Advantages of IPSec
• Users don’t need special training to use IPSec.
• Secured :When used with a firewall, IPSec makes the network more
secure.
• Adaptability: IPsec can be utilized in different organization conditions,
like LAN, WAN, and the Web.
• Confidentiality:All incoming and outgoing traffic is secured
• Zero dependability on Application:No changes are needed for
applications or how data is sent
• Cost-Effective : It is a Cost-effective way to connect different offices
Disadvantages of IPSec
• Wide access range: Giving access to a single device in IPSec-based
network, can give access privileges for other devices too.
• CPU Overhead:IPSec is well known for the high CPU usage.
• Compatibility issues: when you are already on IPSec based VPN,
connecting to another network will be rather impossible due to
restrictions in firewalls.
• Broken Algorithms:security of certain algorithms used in IPSec is a
concern
Layer 2 Tunneling Protocol (L2TP)
Layer 2 Tunneling Protocol (L2TP): L2TP generally has 2 protocols
combined, that is the Point to Point Tunneling Protocol (PPTP)
and Layer 2 Forwarding protocol to provide VPN services .It is often
combined with another VPN security protocol like IPSec to establish a
highly secure VPN connection. L2TP generates a tunnel between two
L2TP connection points and IPSec protocol encrypts the data and
maintains secure communication between the tunnel.
 L2TP
Advantages of L2TP
• Military-grade encryption for highest data protection
• No data altering between senders and receivers, prohibiting middle
attacks
• Well supported protocol for various mobile devices and operating
platforms

Disadvantages of L2TP
• Difficult to configure
• Higher use of computing power because of advanced encryption
• Slower operations because of double encapsulation technique
• Easily blocked by firewalls
 Point–to–Point Tunneling Protocol (PPTP):
• Point–to–Point Tunneling Protocol (PPTP): PPTP or Point-to-Point Tunneling
Protocol generates a tunnel and confines the data packet. Point-to-Point
Protocol (PPP) is used to encrypt the data between the connection. PPTP is one
of the most widely used VPN protocol and has been in use since the early
release of Windows. PPTP is also used on Mac and Linux apart from Windows.
• Advantages of PPTP
• Low overhead costs and easy setup
• Fast connection speeds
• Compatible with a wide range of operating systems like MAC OS Linux,android
and ios

• Disadvanatages of PPTP
• Security risk because of low encryption
• Potential to get blocked by firewalls
• Less stable
• Inefficient over longer distances
 SSL/TLS protocol
• An SSL VPN, or Secure Sockets Layer Virtual Private Network, is a type of
VPN that connects to the internet via the SSL/TLS protocol. SSL VPNs
provide a secure remote connection, which allows people to access the
internet anywhere without compromising data privacy. SSL VPN can help
strengthen the privacy of your internet browsing. the web browser acts as
the client and user access is prohibited to specific applications instead of
entire network.Online shopping websites commonly uses SSL and TLS
protocol
Advanatages
• Allows secure remote access
• No need for client software
• Easy to setup and use
• Compatible with a wide variety of devices
• End-to-end data encryption

Disadvanatages
• Limited network-level access control
• Only protects the web browser it is set up on
• Doesn’t protect traffic from web apps
• May be vulnerable to malware
• Relies on web-based applications
 VLAN VTP protocol
• VTP stands for VLAN Trunking Protocol. It is a layer-2 protocol. In a small
network, the number of switches is less, so we can configure VLANs
individually. But it is not an easy task to configure VLANs individually in large
networks.
• Putting one switch in VTP server mode and the other in VTP client mode, you
can configure VLANs in one go. VTP allows you to configure VLANs on a
central VTP server switch while VTP clients coordinate their VLAN database to
the server.
There are three modes of VTP
• VTP Server Mode (default)
1.It allows you to add, modify and delete VLANs.
2.It stored the VLAN database in NVRAM.
3.The VTP server advertises all VLANs on a trunk port, and the VTP client
synchronizes their database to it so that whenever a new VLAN gets added
to the VTP server, it automatically gets created in VTP clients. The CR
number also gets updated automatically (the CR value is the same as the
VTP server).
4.The revision number (CR value) increases whenever a new VLAN is added
or deleted.
• VTP Client Mode
1. You can’t add, modify or delete VLANs in this mode.
2. Don’t store the VLAN database in NVRAM.
3. If the configuration number received from server is greater than their own configuration
number the devices update their configuration and pass it to other clients of the same VTP
domain.

• VTP Transparent Mode

1. A switch configured in transparent mode does not participate in the VTP domain and forwards
the advertisements in the same domain.
2. Maintain their own VLAN database in NVRAM. You can add or delete VLAN in this mode.
But these VLANs will not advertise in the VTP domain.
The advantages of working with VTP in networking are as follows-
• VTP helps in separating the network
• VTP allows accurate VLAN tracking and monitoring
• VTP provides dynamic reporting of VLANs
• VTP offers management of the VLAN database
• VTP reduces the VLAN management
• Virtual Local Area Networks or Virtual LANs (VLANs) are
a logical group of computers that appear to be on the
same LAN irrespective of the configuration of the
underlying physical network. Network administrators
partition the networks to match the functional
requirements of the VLANs so that each VLAN comprise
of a subset of ports on a single or multiple switches or
bridges. This allows computers and devices in a VLAN to
communicate in the simulated environment as if it is a
separate LAN.
• A VLAN forms sub-network grouping together devices on separate physical LANs.
• VLAN's help the network manager to segment LANs logically into different broadcast
domains.
• VLANs function at layer 2, i.e. Data Link Layer of the OSI model.
• There may be one or more network bridges or switches to form multiple, independent VLANs.
• Using VLANs, network administrators can easily partition a single switched network into
multiple networks depending upon the functional and security requirements of their systems.
• VLANs eliminate the requirement to run new cables or reconfiguring physical connections in
the present network infrastructure.
• VLANs help large organizations to re-partition devices aiming improved traffic management.
• VLANs also provide better security management allowing partitioning of devices according to
their security criteria and also by ensuring a higher degree of control connected devices.
• VLANs are more flexible than physical LANs since they are formed by logical connections.
This aids is quicker and cheaper reconfiguration of devices when the logical partitioning needs
to be changed.
• Here are the important characteristics of VLAN:
• Virtual LANs offer structure for making groups of devices, even if their networks are different.
• It increases the broadcast domains possible in a LAN.
• Implementing VLANs reduces the security risks as the number of hosts which are connected to the
broadcast domain decreases.
• This is performed by configuring a separate virtual LAN for only the hosts having sensitive information.
• It has a flexible networking model that groups users depending on their departments instead of network
location.
• Changing hosts/users on a VLAN is relatively easy. It just needs a new port-level configuration.
• It can reduce congestion by sharing traffic as individual VLAN works as a separate LAN.
• A workstation can be used with full bandwidth at each port.
• Terminal reallocations become easy.
• A VLAN can span multiple switches.
• The link of the trunk can carry traffic for multiple LANs.
• Broadcast domain size-reduction
• Device management and administration tasks are made easier
• Reduced latency and Improved performance
• Hosts can be kept separated in a VLAN
• Reduction of physical devices in a network topology
• VLANs solve broadcast challenges
• VLANs offer scalability for growing organizations
• Enhancement of network security
• Physical boundary removal
• There are three types of VLANs including Port-Based VLANs, Mac-Based VLANs, and
Protocol-Based VLANs.
• Port-Based VLANs
• This VLAN type groups virtual local networks based on ports. Switch ports in this case are
configured manually to member VLANs. Devices connected to this port exist in similar
broadcast domains. The main challenge of this network type is that it can be difficult to
know which ports are good for each VLAN.
• MAC-Based VLANs
• MAC Based VLANs work by allowing incoming untagged packets to be assigned to virtual
LANS hence classifying traffic based on packet source address.
• Protocol-Based VLANs
• As the name suggests, this kind of VLAN operates by using traffic-based protocols to filter
criteria tags that take the shape of untagged packets.
 Comparison of VPN and VLAN
VPN
Parameter of Comparison VLAN

Full Form Virtual Local Area Network (VLAN) Virtual Private Network (VPN)

Type of VLAN:
Type of VPN:
1. Port-based VLAN
Types 1. Remote Access VPN
2. Protocol-based VLAN
2. Site-to-Site VPN
3. MAC-based VLAN

Kind of service VLANs are the kind of subnetworks VPNs are the technology a service

VPN uses a virtual tunnel for secure

Tunnel/channel VLAN does not use any kind of tunnel
connection

Security less secure as compared to VPN more secure

 Comparison of VPN and VLAN

VPN
Parameter of Comparison VLAN

hierarchical structure VLAN is a subset of the VPN VPN is a superset of VLAN

use to consolidate(or strong) devices

Definition that are separated, into a single use to transmit secure data
Broadcast Domain

VLANs use virtual LANs to segment VPN uses encryption to create a virtual
Take help of
traffic private network

Help in connecting multiple devices Help in connecting authorization

Purpose
that are separated by distance personals

Price VLANs are cheap VPNs are expansive

VLAN is less efficient as compared to

Efficiency VPN increases the efficiency
the VPN
 Features of Windows server
a) Centralised user management: Windows Server's Active Directory feature allows
businesses to manage user accounts, permissions, and access controls centrally. This
streamlines user administration and enhances security.
b) Virtualisation: With the Hyper-V feature, Windows Server enables businesses to
create and manage virtual machines, leading to server consolidation, cost savings, and
improved resource utilisation.
c) Remote access and collaboration: Windows Server's Remote Desktop Services allow
users to access their desktops, applications, and data remotely, promoting efficient
collaboration and enabling remote work.
d) File sharing and storage: Windows Server provides robust file sharing and storage
capabilities, allowing organisations to manage and secure their data centrally. Features
like Distributed File Systems (DFS) and Storage Spaces enhance storage efficiency and
availability.
e) Web hosting and application deployment: Windows Server's IIS enables businesses
to host websites, web applications, and services. It offers a secure and scalable platform
 Features of Windows server
f) Administration: PowerShell, a powerful scripting language, allows administrators
to automate repetitive tasks and streamline server management. It offers extensive
command-line tools for configuration, maintenance, and troubleshooting.
g) High availability and fault tolerance: Windows Server's Failover Clustering
feature ensures continuous availability of critical applications .It minimizes
downtime ensuring uninterrupted access.Clustering enhances reliability and data
consistency.
h) Policy management: Group Policy simplifies the administration of security
policies, software deployment, and configuration settings across the network,
ensuring consistent and secure IT environments.
i) Remote server management: With RSAT, administrators can manage Windows
Server remotely from a client computer, simplifying server administration and
monitoring.
j) Software updates and patch management: The WSUS allows organisations to
manage and distribute software updates within their network, ensuring system
• Advantages of VLANs

• Ease of administration
• Reduction in network traffic
• Enforcement of security policies
 LDAP OVER SSL
• LDAP(Lightweight Directory Access Protocol) is used by Active Directory for communication
between clients and directory servers. LDAP allows to read and write data in Active Directory
• The LDAP protocol is not secure against cyberattacks because it transmits data without
encryption. This allows attackers to spy on the connection and intercept packets sent over a
network. This is called packet sniffing. Attackers can also perform a Man-in-the-Middle
(MiTM) attack, thereby manipulating, modifying, and replacing unencrypted LDAP packets.
• LDAPS uses TLS (Transport Layer Security) or SSL (Secure Sockets Layer) to encrypt LDAP
packets. SSL and TLS are cryptographic protocols that establish a secure connection between
client and server using certificates.
• LDAPS helps to make the communication between the client and server confidential so that
data cannot be seen by a third party.
• TLS also provides authenticity (so that both parties can be sure they talk to who they want)
and integrity (so that messages are not modified in transit).TLS is the newer version of SSL.