A virtual private network (VPN) allows a connection to a private network over a public network. VPNs provide remote access to an internal network for mobile users. Firewall ACLs include rules to allow VPN traffic based on the tunneling protocol. If you’re planning to take the Security+ exam, you should have a basic understanding of implementing common protocols and services.
For example, can you answer this question?
Q. A network administrator needs to open a port on a firewall to support a VPN using PPTP. What ports should the administrator open?
A. UDP 47
B. TCP 50
C. TCP 1723
D. UDP 1721
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
Virtual Private Network Over Open Wireless
Public wireless hot spots typically have little or no security. Their goal is to provide users with free wireless access and often include a warning indicating that the network doesn’t have any security. Attackers with wireless sniffers can typically capture any traffic sent over the network.
The best protection for users, especially when entering confidential data, such as usernames and passwords, is to ensure data is encrypted. One method is to ensure that connections are using Hypertext Transfer Protocol Secure (HTTPS) connections.
Another method is to use a VPN service that provides secure VPN connections over open wireless connections. For example, Private Internet Access and TunnelBear are two applications that provide this service, and applications are available for most platforms, including smartphones.

Using TLS and SSL
Some tunneling protocols use either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to secure the VPN channel. As an example, Secure Socket Tunneling Protocol (SSTP) encrypts VPN traffic using SSL over port 443. Using port 443 provides a lot of flexibility for many administrators and rarely requires opening additional firewall ports. It is a useful alternative when the VPN tunnel must go through a device using NAT, and IPsec is not feasible. OpenVPN and OpenConnect are two open source applications that can use TLS to create a secure channel.
Full Security+ Course
SY0-601 Full Security+ Course
Helping you Pass the First Time
This course includes all of the multiple-choice practice test questions, performance-based questions, audio, and flashcards from the but adds the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide within an online course.
Test your readiness with these quality materials
Here’s what you get
Random 75-question tests
Random practice tests from the all of the practice test questions in the
CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. All questions include explanations so you’ll know why the correct answers are correct, and why the incorrect answers are incorrect.
Performance-based Questions
These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions.
Online Flashcard Set
Audio – SY0-601 Security+ Remember This Audio Files
Learn by Listening (MP3 downloads.)
Audio – SY0-601 Security+ Question and Answer Audio Files
Learn by Listening (MP3 downloads.)Bonus #1
The same set of questions organized by domain including questions in the
CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide plus extra practice test questions.
Bonus #2
Audio from the end of chapter reviews from each of the chapters in the
CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide.
Bonus #3
Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. This includes labs, extra practice test questions, and supplementary materials.Bonus #4
Extended access. Access the study materials for a total of 60 days because sometimes life happens.Bonus #5
10% off Voucher Code. Access to a coupon code that will give you 10% off your exam voucher. At the current price of $370 USD for the Security+ voucher, this can save you $37.Get the SY0-601 Full Security+ Course Here
Using PPTP
Many Microsoft implementations used Point-to-Point Tunneling Protocol (PPTP) for VPNs. PPTP uses Microsoft’s Point-to-Point Encryption to create the secure channel, but PPTP is rarely used today because of known vulnerabilities. PPTP uses TCP port 1723.
Remember this
L2TP is a VPN tunneling protocol and it is commonly combined with IPsec (as L2TP/IPsec). L2TP uses UDP port 1701. PPTP uses TCP port 1723.
CompTIA Security+ Study Guide
The
CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide
is an update to the top-selling SY0-201, SY0-301, SY0-401, and SY0-501 study guides, which have helped thousands of readers pass the exam the first time they took it. It includes the same elements readers raved about in the previous four versions.
Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
Kindle edition also available.
Site-to-Site VPNs
A site-to-site VPN includes two VPN servers that act as gateways for two networks separated geographically. For example, an organization can have two locations. One is its headquarters and the other is a remote office. It can use two VPN servers to act as gateways to connect the networks at the two locations together.
A benefit of the site-to-site model is that it connects both networks without requiring additional steps on the part of the user. Users in the remote office can connect to servers in the headquarters location as easily as if the servers were in the remote office. Connecting to the remote server may be slower than connecting to a local server, but otherwise it’s transparent to end users.
In contrast, in a host-to-gateway model, the end user makes the direct connection to the VPN server and is very much aware of the process.
Security+ (SY0-601) Practice Test Questions
SY0-601 Practice Test Questions
Over 385 realistic Security+ practice test questions
At least 10 performance-based questions
All questions include explanations so you’ll know why the correct answers are correct,
and why the incorrect answers are incorrect.
Upgrade Your Resume with the Security+ New Version
Multiple quiz formats to let you use these questions based on the way you learn.
- Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
- Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
- Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.
Pass the First Time You Take It
Get the full bank of SY0-601 Practice Test Questions Here
Click here if you’re looking for SY0-501 Online Study Package
Q. A network administrator needs to open a port on a firewall to support a VPN using PPTP. What ports should the administrator open?
A. UDP 47
B. TCP 50
C. TCP 1723
D. UDP 1721
Answer is C. A virtual private network (VPN) using Point-to-Point Tunneling Protocol (PPTP) requires Transmission Control Protocol (TCP) port 1723 open.
It would also need protocol ID 47 open, but the protocol ID is not a port.
Internet Protocol security (IPsec) uses protocol ID 50.
See Chapter 4 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information on remote access.
You might also like to view the Implementing VPNs blog post.