VPN & Remote Working - Computerphile

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

oh hello yes I can see you so it's gonna be a bit obvious already boat Steve you'll apart from the fact that you're frozen and turned into a load of garbled mass suggesting I might need to turn the video off what are we talking about today it's a bit of a different type of day as you can see I'm not at the University I am working from home like most people in the world so we're going to record a computer file Sean is at home with his house were socially distancing I'm at my house I've got my camera out I'm sitting in my dining room and we're going to talk about working from home one of the things that I've been doing over the last weeks I've been using software like Microsoft teams to communicate with my students and things everything now lead rescue of nothing was being done online and I thought it'd be interesting to spend a few computer files talking about the technology that people are using to work from home we'll do a series of videos on these sort of things while we're all locked down and we'll explore something sort of overview and others will go down into details or some of the nitty-gritty stuff and I thought the first one to start with would be to look at what people are using to connect to their work networks which in is Virtual Private Networks there's two uses of VPNs there's a sort of use of people use it at home perhaps and there's a sort of use that people use in the business world where they're trying to connect to their corporate network so they can use resources that exist on that corporate network and it's that latter view that I'm going to talk about today the technology use are doing both from when using at home to sort of protect your traffic if you're on a hostile network and when you're the business world is the same but the emphasis is slightly different we're going to talk about it from the business world emphasis because of the current situations I think the place to start is to think about how people use their computers and networks in a business and then we can extrapolate from that the problem that we need to solve with a virtual private network and then how the technology works from that so going to draw a little diagram I don't have any computer listing paper here but I have the next best thing I have my iPad with computer listing paper all right and we'll draw on that and hopefully the screen capture worth anybody else to see what doing let's have a think about what a typical corporate network would be we would have some computers that people will use and these would sort of been networked together let's just have a couple it would be a small office and they're all connected to a single network and alongside that there might be servers that you use so there might be for example a file server which contains some secret information we'll call this the files and we might have a database which has got some information off and on a normal corporate network you can access that quite easily the machines can send packets out over the network to the fast server and access and things are generally secure you may have some permission set up so only the right people can access the right services and so on but these days that network is going to be connected via some sort of router to the internet and if I can draw a cloud picture that will be the internet after those machines can also access the internet via the router and the Richer can act as a firewall so that people can't get into it from the outside and that all works absolutely fine the problem comes us if we have a person sitting out in a cafe or working from home asan who wants to access those same resources we need to provide access to those resources without making them insecure now some of these you could secure and put directly out on the web there's no problem doing that but some of them may be devices that you don't want that accessible out on the wide internet what we want to be able to do is to have the person who's sitting here on the outside be able to access as if they were directly connected to that Network but of course they're not in the physical premises so we can't just run a cable to them so how do we get around this well what you could do at one point is you could buy a good educated connection from your telecoms company and they would run a wire from your business premises to say the person's home and you could connect them directly whether you have a direct cable that ran across the whole thing the other thing you could do is use a dial-up modem when the person would ring over the telephone network and connect with that way you'd have remote access by that but that requires specific resources requires a dial-up modem of either diet can actually be into plus what would be great is if someone could just sit on the internet and access those resources from wherever they are but with the same level of access as if they had a physical connection to the network and this is what a virtual private network is trying to solve now how does that work well we need to think about how the computer is actually communicating over the local network and then we can extrapolate out from that to see how the data gets sent over a virtual private network so let me bring up a new sheet of virtual paper this is an interesting experience doing a computer file this way it's very different from doing a Bashan in the room so let's think about it we've got a machine on the local network and we've got a file server so it's trying to access files through that now in a way that modern networks work particularly IP networks we take the data we're trying to send and we break it down into a series of chunks which we call copies and we send a series of chunks out over the network but those chunks don't go as pure data over the network we need to sort of wrap them up so that when they get to the other end they can be sort of unwrapped and put back together in the right order because depending on how that was configured depending on how complicated the network is they may get to take different routes to get to the point so there's various things generally would have the data in a package and then on top of that we put a series of headers that tell us things so on a standard Network these days you'd have a TCP header there that would tell it with the order than these packets need to go in and then you'd have an IP header put in front of that which would tell it where it's going where it's come from and then these days the local network or the one would certainly be Ethernet and that whole lot will be put inside an Ethernet packet and so we'll have an Ethernet header at the top and then that could be sent either directly to the machine that once there or to a machine they can pass it on to the machine that wants it over the company's local network so that's how we send data over the local network but we can actually do the same thing if we had a direct connection rather than having the Machine put it directly on the local network we'd have another machine which was connected to the local network and connected to the direct kin action and it would give an IP address to the remote machine remember this is a physical direct connection either via dial-up modem link or a physical leased line from the telecoms company and then it wouldn't put the ethernet header on the front of that there so these in that header would disappear but it would wrap it up in some other form of hello so the usual one that was used on leased lines was a PPP a point-to-point protocol packet header same thing we take the data wrap it up in the TCP header wrap it up into an IP header and then send it out using PPP over the direct connection between the two machines so that's how we could do it there but what if we want to do this with someone who's just sitting on the Internet what we can do basically a very similar thing we give the remote machine an IP address as if it was on our network but rather than sending that packet directly to the machines over the Internet what it does it takes that wrapped up IP package and it wraps the whole lot up as another packet so it has a UDP header here that's another way things communicate over the Internet and there's a reason why it uses UDP over TCP which we might cover in a later video and then that gets wrapped up as another IP packet but this time rather than saying waves were to go on the local network this is going from the remote machines address on the Internet to a gateway server on the running at the company so that then gets sent over the Internet to the right machine to the gateway server and then the header can be removed the UDP header to leave the original IP packet that was sent by the machine and the same thing can happen in Reverse but there's a couple of issues one we're sending data out over the Internet so we need to make sure that that data is protected from being altered as someone is sending it and also that someone can't read the secret information that might be in that data and we can do that using cryptography we can use hashing to hash the data that's in there and then say whether it's been changed or not so we can sign that hash in the same way that Mike's talked about in other videos and we can also use cryptography to encrypt the data so they can't be snooped on as it travels over the internet so that's relatively straightforward that gives us a private part and we get the virtual part because we're sending it over the internet over a virtual link that we've created just using a standard internet connection you have to set up your corporate network so that it knows that the packets going to this particular IP address need to go out over a virtual private network link and so we can send it out over there and also you need to make sure that the machine the remote machine is sending packets that are going to that machine over the virtual network and so on there's actually two ways you can get the rowing machine to send packets you can either just send the ones that are going to that network there and let everything else go out over the Internet and that works fine you get a good browsing speed but you might also be using services on the internet that you don't want people to know that if you're working on you might be accessing resources that could compromise your business integrity and so on and so you can also set it up and this is what people use at home with they're using a VPN to protect their connection so that all your traffic is sent over the virtual private network and then it appears as if it's leaving from the business network where it's coming out of with their IP addresses even though actually the machine is in a different location and so the mr. data is can encrypt it and send over that to the destination and then sent on from there as if you were connected to that Network and so it's not proxying it's as literally as if your machine is connected to that network of course the problem you have here is if you're sending all your data out over the virtual private network you need to make sure that the virtual private network traffic yourself isn't sent out over the virtual private network otherwise it wouldn't get there and the operator Symphony's you take care of this because the connection to the virtual private network is created before you start sending data over the virtual private network so it can still track where it needs to route that information over the Internet the only other thing you need is some way to authenticate who the person using the network is and this is usually done when you start up the connection so where's are the normal network connection these days we connect to Wi-Fi you connect three you're immediately connected to the network there may be some access controls there to say whether you can actually use it in send things anywhere but the technology immediately connects you with a Virtual Private Network you have to set that connection when you set up that virtual connection with the server they come the end and the client of the remote end as configuring the details so that they know where the IP address is and where to send those wrapped up packets back over the network I understand what's being achieved there but does this run into any problems at all obviously it's blockable you could see the VPN traffic going over and you can just sort of stop those packets being sent and so on you shouldn't if the encryption is good and actually setting up for the encryption making this right is quite difficult there's a lot of sort of commercial home use VPNs or actually if you're not careful it can be set up so it's virtually not encrypted at all the other thing to say from that point of view is that it's still possible to see what people are doing even if they can't see actually the data they're transferring I mean certain activities that you might do everything internet have specific patterns that data is transferred in and so you can infer from the way the packets over the VPN are going what's actually happening there so it's not true hidden things you could still see some things for example the difference between a sort of video conferencing call like this and a webpage you'd be able to say looks like they're videoconferencing or looks like they're sort of webpage you wouldn't have full detail but you can sort of infer that from the way the traffic is sort of being transferred and things the other thing is of course from more practical point of view it will have latency to you connection because you go to send the packet to the VPN server and then out to its destination it'll have latency depending on how bad the network is where you are but might actually be faster because your business has got a faster connection that might be a more direct route than you going directly follow and of course because each packet has to be slightly smaller to fit the extra headers in there then you will run slightly slower than the maximum speed you could transfer but that's marginally less there are swings around about direct connection and so on is always going to be faster but this gives you a lot of peace of mind it means you can have access as if you were sitting on your corporate network if this is our data path with our columns by sharing bytes around the different columns when we combine it with the mixed column step which we'll do in a minute you'll see that actually we're mixing everything up so within just a couple of rounds we can either make the computer processor faster or we can have multiple cores each working on part of the problem at the same speed

Info

Channel: Computerphile

Views: 181,769

Rating: undefined out of 5

Keywords: computers, computerphile, computer, science, Computer Science, University of Nottingham, Remote Working, WFH, Working From Home, VPN, Virtual Private Networks, Dr Steve Bagley, HD

Id: 1mtSNVdC7tM

Channel Id: undefined

Length: 13min 38sec (818 seconds)

Published: Wed Mar 25 2020