Virtual Private Networks (VPNs) have become an essential element in providing remote access to corporate networks and in WAN deployment. VPNs can use the internet or be implemented on a private network by a service provider. Internet-based VPNs inherently present a greater risk to the business. This course addresses the definition of a VPN and key concepts essential to understanding VPN operations. The course covers common use cases, encryption, and PKI. The course also addresses site-to-site and remotes access VPNs with authentication, authorization, and accounting methods discussed at length. The course covers security concerns, mitigation strategies, audit requirements, sample reports, and acceptable management practices. The course concludes with a review of the areas an examiner needs to focus on in an examination.
Upon completion of this course, participants will be able to:
- Define a VPN environment and explain different types of VPN;
- Explain why banks are using a VPN;
- Describe the architecture of a VPN;
- Discuss reasons for security, common weaknesses and risks, and mitigation strategies;
- Describe a VN based on IPsec and PPTP;
- Discuss how VPNs work through routers/firewalls;
- Explain the differences between hardware and software VPN; and,
- Discuss how to manage and audit a VPN.
Facilitated classroom discussion and lectures
Examiners or ITEAs who will lead or participate on level B and A examinations.
This course is open to appropriate staff of the FDIC and partner government regulatory agencies. This course is not open to the public or staff of private banks.
Participant should have attended the following:
- Introduction to Security
- Introduction to Telecommunications and Networking, and
- Deploying Internet and Intranet Firewalls
Post Course Feedback
For more information concerning course content and administration, please email Dr. Allen Yarbrough or call (703) 516-1235.
For questions regarding course registration, please contact the CURegistrar.