Home โ€บ D4: Network Security โ€บ VPN, TLS & Encrypted Channels
Domain 4 ยท Lesson 3 of 6

VPN, TLS & Encrypted Channels

VPN, TLS & Kรชnh Mรฃ hรณa

IPSec โ€” Components & Modes

IPSec is a suite of protocols that secures IP communications. The exam heavily tests the distinction between AH vs ESP and tunnel vs transport mode. Get these four concepts perfectly clear.

AH vs ESP

AH โ€” Protocol 51
Authentication Header
  • โœ“ Provides integrity (data not modified)
  • โœ“ Provides authentication (source verified)
  • โœ— NO ENCRYPTION โ€” data is still readable
  • โ€ข Useful when integrity matters but NAT traversal is needed (AH breaks NAT)
ESP โ€” Protocol 50
Encapsulating Security Payload
  • โœ“ Provides integrity + authentication
  • โœ“ Provides ENCRYPTION โ€” data is confidential
  • โœ“ Works with NAT traversal (NAT-T)
  • โ†’ Use ESP. It is always preferred over AH.

Tunnel Mode vs Transport Mode

Mode What Is Encrypted Use Case Example
Tunnel Mode Entire original packet (original IP header + payload) โ€” new IP header added for routing Site-to-site VPN between gateways. Hides both source/destination IPs of original packet. TS โ†” Bank A H2H VPN; Corporate HQ โ†” Branch VPN
Transport Mode Payload only โ€” original IP header remains in plaintext Host-to-host communication where both endpoints run IPSec natively Two servers communicating directly; end-to-end host security
IKE (Internet Key Exchange):

IKE negotiates IPSec security associations (SAs) and exchanges session keys. IKEv2 is current standard โ€” faster, more reliable, supports MOBIKE for mobile devices. IKE runs on UDP port 500 (IKEv1/v2) or UDP 4500 (NAT traversal).

TLS โ€” Version History & Key Features

TLS secures application-layer communications. Version matters enormously for CISSP โ€” deprecated versions represent real attack surface. Know which versions are acceptable and why.

Version Status Key Issues / Notes
SSL 2.0 / SSL 3.0 BROKEN POODLE (SSLv3), DROWN attacks. Never use. These are SSL, not TLS.
TLS 1.0 DEPRECATED BEAST, POODLE variant. Prohibited by PCI-DSS 3.2+ since 2018. Never use.
TLS 1.1 DEPRECATED Deprecated by RFC 8996 (2021). No meaningful improvements over 1.0. Never use.
TLS 1.2 ACCEPTABLE Widely deployed. PFS is optional (depends on cipher suite). Acceptable minimum if TLS 1.3 not yet supported.
TLS 1.3 CURRENT BEST PFS mandatory (ECDHE only). Removed weak ciphers. Faster handshake (1-RTT, 0-RTT resumption). Use this.

Critical TLS Concepts

PFS (Perfect Forward Secrecy)

Uses ephemeral (temporary) session keys generated fresh for each session. Even if the server's long-term private key is later stolen, recorded past sessions cannot be decrypted โ€” because the ephemeral keys are never stored. Requires ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) or DHE key exchange. Mandatory in TLS 1.3.

HSTS (HTTP Strict Transport Security)

HTTP response header: Strict-Transport-Security: max-age=31536000; includeSubDomains. Tells browsers to ALWAYS use HTTPS for the specified period. Prevents SSL stripping attacks and protocol downgrade. HSTS preloading adds the domain to browser's built-in HTTPS-only list โ€” protects even on first visit.

mTLS (Mutual TLS)

Standard TLS: only the SERVER presents a certificate (client verifies server). mTLS: BOTH client AND server present certificates โ€” bidirectional authentication. Used for service-to-service authentication where both parties must prove identity. Used in all Platform C microservices via Istio.

Split Tunneling โ€” Security Risk

When split tunneling is enabled, only corporate-destined traffic goes through the VPN. All other traffic (internet browsing, cloud services) goes directly to the internet without VPN protection. Risk: if the device is compromised through the non-VPN path (e.g., visiting a malicious site), the attacker has access to corporate resources through the VPN tunnel from the same device. Best practice: disable split tunneling for production access. Use full tunnel VPN.

Key Terms

IPSec

Suite of protocols providing authentication, integrity, and optional confidentiality for IP packets. Uses AH and/or ESP.

AH (Authentication Header)

IPSec protocol providing integrity and authentication but NO encryption. Protocol 51. Breaks NAT.

ESP (Encapsulating Security Payload)

IPSec protocol providing integrity, authentication, AND encryption. Protocol 50. Always preferred over AH.

Tunnel Mode

IPSec mode that encrypts the entire original packet including IP header. Used for site-to-site VPNs between gateways.

Transport Mode

IPSec mode that encrypts only the payload, leaving the original IP header intact. Used for host-to-host communication.

IKE (Internet Key Exchange)

Negotiates IPSec security associations and exchanges cryptographic keys. IKEv2 is current standard.

TLS 1.3

Current TLS standard. Mandates PFS via ECDHE. Removed weak cipher suites. 1-RTT handshake. Best practice.

PFS (Perfect Forward Secrecy)

Ephemeral session keys ensure past sessions cannot be decrypted even if long-term private key is compromised.

ECDHE

Elliptic Curve Diffie-Hellman Ephemeral โ€” the key exchange algorithm providing PFS in TLS 1.3.

HSTS

HTTP Strict Transport Security โ€” forces browsers to always use HTTPS. Prevents SSL stripping and protocol downgrade.

mTLS

Mutual TLS โ€” both client and server authenticate with certificates. Used for service-to-service auth.

Split Tunneling

VPN configuration where only corporate traffic goes through tunnel. Security risk โ€” compromised device can pivot into corporate network.

Exam Tips โ€” VPN & TLS
  1. IPSec tunnel mode = entire packet (for VPN gateways โ€” hides original IP headers); transport mode = payload only (host-to-host โ€” original headers visible). Site-to-site VPN always uses tunnel mode.
  2. AH = NO encryption; ESP = encryption included. For any question asking which provides confidentiality, the answer is always ESP. AH only provides integrity and authentication.
  3. TLS 1.3 mandates PFS via ECDHE; TLS 1.2 makes it optional (depends on which cipher suite is negotiated). ECDHE cipher suites in TLS 1.2 provide PFS; RSA key exchange does not.
  4. mTLS = BOTH parties authenticate with certificates; standard TLS = server only. In mTLS, the client also presents a certificate โ€” used for service mesh (Istio), B2B APIs, and machine-to-machine auth.
  5. Split tunneling is a security risk โ€” an infected device can attack corporate resources through the VPN tunnel while its internet traffic bypasses all corporate controls.
FinTech Company X VPN & TLS Architecture
  • Bank A H2H VPN: Uses IPSec tunnel mode โ€” site-to-site between FinTech Company X GCP and Bank A datacenter. Full packet encryption (ESP). Both original IP headers are hidden in transit. Verify IKEv2 (not IKEv1) and ESP with AES-256 cipher suite.
  • Partner A H2H VPN: Same pattern โ€” IPSec tunnel mode. Verify the security association negotiation uses strong ciphers and PFS in IKEv2 (DH group 14 or higher).
  • All Platform C microservices โ€” mTLS via Istio: Every pod has a client certificate issued by Istio's certificate authority. All service-to-service calls require mutual authentication. Verify Istio PeerAuthentication policies are set to STRICT mode in all namespaces โ€” not PERMISSIVE (which allows unauthenticated traffic).
  • Public APIs โ€” TLS 1.3 + HSTS: CloudFlare enforces TLS at the edge. Configure minimum TLS 1.2 with TLS 1.3 preferred on CloudFlare SSL/TLS settings. HSTS must be enabled with minimum max-age of 1 year for all public domains.
  • Action โ€” Split tunneling: Verify remote engineers accessing production Vault and GCP resources use full-tunnel VPN. No split tunneling for privileged access.

Practice Quiz โ€” VPN & TLS

Q1. FinTech Company X connects to Bank A via a site-to-site VPN. Which IPSec mode should be used?

A. Tunnel mode โ€” encrypts the entire original packet โœ“
B. Transport mode โ€” encrypts payload only
C. AH mode โ€” provides authentication without encryption
D. Hybrid mode โ€” alternates between tunnel and transport
Tunnel mode is used for site-to-site VPNs between gateways. It encrypts the entire original packet (including original IP headers showing internal network addresses), then adds a new IP header for routing across the internet. Transport mode is for host-to-host connections where both endpoints run IPSec.

Q2. Which IPSec protocol provides encryption (confidentiality)?

A. AH (Authentication Header)
B. ESP (Encapsulating Security Payload) โœ“
C. IKE (Internet Key Exchange)
D. Both AH and ESP provide encryption equally
AH provides only integrity and authentication โ€” it does NOT encrypt the payload. ESP provides integrity, authentication, AND encryption. ESP (Protocol 50) should always be used in preference to AH when confidentiality is required, which is almost always.

Q3. How does TLS 1.3 improve on TLS 1.2 regarding Perfect Forward Secrecy?

A. TLS 1.3 uses RSA key exchange for PFS
B. TLS 1.3 optionally supports PFS via DHE
C. TLS 1.3 makes PFS mandatory โ€” ECDHE only key exchange โœ“
D. TLS 1.3 and TLS 1.2 have identical PFS support
TLS 1.3 completely removed RSA and DH key exchange (which do not provide PFS). Only ECDHE is supported โ€” making PFS mandatory for all TLS 1.3 sessions. In TLS 1.2, PFS depends on the cipher suite selected: ECDHE cipher suites provide PFS, RSA key exchange does not.

Q4. How does mTLS differ from standard TLS?

A. mTLS uses a different encryption algorithm than TLS
B. mTLS only the client presents a certificate
C. mTLS requires BOTH client and server to present certificates โœ“
D. mTLS does not require a Certificate Authority
In standard TLS, only the server presents a certificate (client verifies server identity). In mTLS, both parties present certificates โ€” the server authenticates to the client AND the client authenticates to the server. This provides bidirectional proof of identity, essential for service-to-service authentication in microservices architectures.

Q5. A remote engineer uses split tunneling VPN for production access. What is the primary security risk?

A. VPN tunnel performance is degraded by split tunneling
B. Split tunneling prevents TLS 1.3 from functioning
C. A compromised device can pivot into corporate resources via the VPN tunnel โœ“
D. Split tunneling breaks IPSec AH authentication
With split tunneling, internet traffic bypasses corporate security controls. If the device is infected through the unsecured internet path, the malware has direct access to corporate resources via the VPN tunnel โ€” from a device that appears trusted. Full-tunnel VPN routes all traffic through corporate infrastructure, providing consistent security monitoring and control.
โ† Lesson 02: Firewalls & IDS/IPS Lesson 04: Wireless Security โ†’