tailieunhanh - Virtual Private Networks CS - 480b dick steflik
Used to connect two private networks together via the Internet Used to connect remote users to a private network via the Internet This could be done by opening your firewall to the LAN networking protocols (NETBIOS, NFS NetWare, AppleTalk)) But it would also make those protocols available to any one on the Internet and they could come into your LAN at will Effectively make the whole Internet your LAN Exposes all of your data Anyone can easily take advantage of vulnerabilities in your internal hosts No privacy Better solution is to use a VPN in conjunction with your firewall . | Virtual Private Networks CS-480b Dick Steflik Virtual Private Networks (VPNs) Used to connect two private networks together via the Internet Used to connect remote users to a private network via the Internet This could be done by opening your firewall to the LAN networking protocols (NETBIOS, NFS NetWare, AppleTalk)) But it would also make those protocols available to any one on the Internet and they could come into your LAN at will Effectively make the whole Internet your LAN Exposes all of your data Anyone can easily take advantage of vulnerabilities in your internal hosts No privacy Better solution is to use a VPN in conjunction with your firewall VPNs Since we all understand that IP is used to transport information between LANs if we add some security stuff to IP then this transport can be made more secure Can be done two ways: At the network level using IPSec Currently the most widely used method But requires special client installation on each workstation (more IT $) At the . | Virtual Private Networks CS-480b Dick Steflik Virtual Private Networks (VPNs) Used to connect two private networks together via the Internet Used to connect remote users to a private network via the Internet This could be done by opening your firewall to the LAN networking protocols (NETBIOS, NFS NetWare, AppleTalk)) But it would also make those protocols available to any one on the Internet and they could come into your LAN at will Effectively make the whole Internet your LAN Exposes all of your data Anyone can easily take advantage of vulnerabilities in your internal hosts No privacy Better solution is to use a VPN in conjunction with your firewall VPNs Since we all understand that IP is used to transport information between LANs if we add some security stuff to IP then this transport can be made more secure Can be done two ways: At the network level using IPSec Currently the most widely used method But requires special client installation on each workstation (more IT $) At the Transport level using SSL Quickly gaining popularity because there are no special software installation requirements for end user workstations All that’s required is a browser with SSL support Mozilla Internet Explorer Netscape Opera IP Based VPNs Fundamental Components IP Encapsulation Cryptographic based authentication Secret Key Encryption Single shared secret key for encrypt and decrypt Public Key Encryption Unidirectional keys Encrypt or decrypt (not both) Data Payload Encryption Encrypt payload but not header (method depends on OEM/Vendor solution) IP/IP Encapsulation Makes remotely located LANs appear to be adjacent Makes non-routable addresses ( a,d ) routable VPN Characteristics Cheaper than WANs dedicated leased lines are very expensive Easier to establish than WANs ISPs will usually help make the initial IP connection hours for VPNs vs. weeks for WANs slower than LANs encryption/dectyption takes time typical LANS are 10-100 Mbps endpoints connected by VPM may
đang nạp các trang xem trước