Maybe most of you think that the VPN itself was made for security, Is not safe? The answer to this example is that each security system can be attacked and ultimately infiltrated by the type of security parameters it uses, and VPN is not out of the question. VPN also has its own security settings that can enhance the ability to protect the privacy and security of our information. It should be assumed that this network is as well as other networks and we can do just that. This is to raise our security as much as possible. Here are some of the ways that we can secure the network through them, and to greatly enhance our information security, the main methods are as follows:

Firewall to prevent attacks such as:

Unauthorized access to network resources or unauthorized access (which interferes with the compromise of the computer)
Failure to service and overwhelm services or DOS Attack (so that it is impossible to service the rest)
Spoofing (replacing one person, for example changing the email address of the sender)

From solutions like:
Restrict access
Avoid using some services
And links between some operating systems, read more about VPN for Windows.

Encryption

Encryption is the process of protecting data security, it encrypts the source or data source computer and sends it to the destination, and the computer that is allowed to decrypt decrypts it when it receives the packet. There are two types of encryption:

Symbolic encryption (secret + key)
Public key + public key cryptography

In symmetric encryption, each computer has a key (code) that it uses to encrypt the packet. The encryption key between the shared sender and receiver uses the key that encodes and sends the original text to a specific algorithm. The receiver decrypts the encrypted image with the decryption algorithm, provided that it is familiar with the decryption algorithm. If the messages are encountered by the attackers, they can not decrypt it because they are not aware of the key.

In public key cryptography, each user has a key pair (private key and public key). The private key for the sender’s computer is identifiable and used, and the public key is sent to everyone else or stored in a public place so that other users can not use it. This way every user who sends a message to another person sends a message to the recipient’s public key, and this message can be decrypted only with the private key used in encryption.

AAA (Authentication Authorization Accounting)

Three of these are actually three types of services, which are usually both software and hardware. These three are also referred to as AAA or Triple A, usually when three letters are spoken in English, such as IEEE. However, we argue that there is something else. These are used to secure remote access. When you enter a user name and password, and a connection to the VPN will be transferred to the service as soon as the first connection is established. Then, each of these A’s do the following in the form below:

Who are you? (Authentication)
What are you allowed to do? (Authorization)
What have you done? (Accounting)

With this process, after identifying the user’s identity, the user will specify the user’s scope of use.

IPSEC (Internet Protocol Security)

One way to create security is to provide security at the IP level. The IPSEC protocol is also one of the available options for security and IP-level data transmission. Packets are routinely shipped to the LAN, meaning each packet has an IP body and header or header IP. But when the packet is to be transferred from a LAN to another network, packets change and they The header IP SEC is added. The IP SEC includes two sub protocols that are used to secure packets in the vpn network.

ESP (Encapsulated security payload)
To confidentiality of message content and to a limited extent to confidentiality of the traffic flow, the ESP task is to encrypt the payload of the packet being in transit by symmetric key.

AH (Authentication header)
AH authentication is used to maintain the integrity and authenticity of IP packets. To hide packet information, such as sender identity, it is used to protect its destination before being sent to its destination.

IP SEC can store data between different devices such as:

Router to Router
Firewall to Router
Desktop to Router
Desktop to Server
Encrypt it.

SSL (Secure Socket Layer)

The secure socket layer allows a session to be created between the user and the server, allowing for as many secure connections as possible. In fact, it defines a set of security parameters that are used jointly in the connections for this session. Theoretically, there may be more than one session between the user and the server, but in practice there is only one session.