Friday,Jul16,

Internet Security and VPN network design

View

This article describes some key technical concepts in combination with a VPN. A Virtual Private Network (VPN), integrated external staff, the company has offices and business partners through the Internet and secure encrypted tunnel between sites. An-VPN access network is used to remote users to the company. The workstation or laptop will use a remote access circuit, such as cable, DSL or wireless, to connect to a localInternet Service Provider (ISP). With a client-initiated, the software on the remote workstation builds an encrypted tunnel from the laptop to the Internet service provider with IPSec, Layer 2 Tunneling Protocol (L2TP) or Point to Point Tunneling Protocol (PPTP). The user must authenticate as a legitimate ISP with VPN users. Once this is done, the ISP builds an encrypted tunnel to the enterprise router or VPN concentrator. TACACS, RADIUS, or Windows server to authenticate the remote user, such asan employee who is allowed access to the corporate network. This is done, the remote user must be local to the Windows domain servers, Unix servers and mainframe hosts, depending on where it is the network account for authentication. The ISP has launched model is less secure than the client-initiated, because the encrypted tunnel is built only from the ISP to the company VPN router or VPN concentrator. The VPN secure tunnel will be built in addition to or L2TPL2F.

Extranet VPN to connect the partner is a company constructing a secure VPN connection from router to router VPN or the activity of the company concentrators. The specific tunneling protocol used depends on whether it is a router or a dial-up dial-up. The options for a router connected routing are generic or extranet VPN IPSec Encapsulation (GRE). dialup connections use extranet L2F or L2TP. TheIntranet VPN connection protocols in a secure branch office by the same process with IPSec or GRE tunneling. It 'important to note that what makes VPN' s very efficient and profitable is using the Internet, the existing companies for the transport market. That's why companies choose IPSec as a security protocol of choice for ensuring that information is secure during transfer between the laptop and router or router. IPSecconsists 3DES encryption, authentication, IKE key exchange and authentication MD5 path, authentication, authorization and confidentiality.

Internet Protocol Security (IPSec)

IPSec operation is noteworthy, as it uses a security protocol, which prevails today with Virtual Private Networking. IPSec is specified by RFC 2401 and developed as an open standard for the secure transport of IP over the public Internet. The structure of the package isconsisting of an IP header and IPsec header / Encapsulating Security Payload. IPSec with 3DES encryption and MD5 authentication services offers. There are also Internet Key Exchange (IKE) and ISAKMP, which automates the distribution of secret keys between IPSec peer devices (routers and concentrators). These protocols for the negotiation of one or two-way security associations are needed. IPSec security associations are formed by including an encryption algorithm (3DES), hash algorithm (MD5)and an authentication method (MD5). implementations use three access VPN Security Associations (SA) to connect (send, receive and IKE). A corporate network with many devices IPSec peer is to use a certification body for the scalability of the post authentication IKE / Pre-Shared Keys.

Laptop - Peer IPSec VPN Concentrator Connection

Before IKE Security Association Negotiation

According IPSec TunnelSetup

Third Xauth request / response - (RADIUS authentication server)

Fourth Response Mode Config / Recognize (DHCP and DNS)

Fifth IPSec Security Association

Access VPN Design

The VPN Access is a leverage effect on the availability and low cost of Internet connectivity in the office core business with WiFi, cable and ADSL access circuits from local Internet Service Provider. The main problem is that corporate data should be protected as they travelInternet from laptop core teleworkers to the company office. The VPN concentrator client initiated which used the model is to build an IPSec tunnel from each client to bring a laptop, which will be completed. Each laptop will be configured with the software VPN client that is running Windows. The teleworker must first dial a local number for access to and authenticate with your ISP. The RADIUS server authenticates each dial-up as authorized teleworkers. Once thewere completed, the remote user to authenticate and authorize with Windows, Solaris, or a mainframe server before all applications. There are two VPN concentrators, which are available will not be configured for failover with Virtual Routing Redundancy Protocol (VRRP) should be one.

Each concentrator is connected between the router and the external firewall. A new feature with the VPN concentrators prevents Denial of Service (DoS) attacks by hackers outsidecould affect the availability of the network. Firewalls are configured so that source and destination IP addresses that are assigned to each teleworker from a predefined interval allowed. In addition, each application and protocol ports through the firewall, which is required permitted.

Extranet VPN Design

The Extranet VPN is designed to allow secure connections from any business office office of Kern. Safety is the primary objective asInternet will be used to transport all traffic from each business partner. It is a liaison office of the circuit from any company's core business, which ends in a VPN router. Each activity and its peer VPN Router at the Secretariat, to use a router with the VPN module. The module provides fast encryption hardware and high-IPsec packets before they are transported over the Internet. Peer VPNcore router at the office of the company are dual homed options multilayer left-diversity should be one of the links is no longer available. It 'important that the purpose of holding public office not other activities. The switches used are located between internal and external firewalls, and connect to public servers and external DNS servers. This is not a public safety issue because the firewall filters Internet traffic outside.

AlsoFiltering can be implemented to prevent the route to each network switch advertised or security holes in the connections business office company core multilayer switches are used. Separate VLANs will be assigned to each network switch for each company to improve safety and traffic segmentation subnet. The Tier 2 external firewall examines each packet and allow the company to source and destination IP address, application andprotocol ports they need. Business Partner sessions will be authenticated with a RADIUS server. Once this is complete, will authenticate Windows, Solaris, mainframe or host, first of all applications.

Related : MP3 Player hpofficejet6500

Labels: , , , Posted by tun at 7:58 PM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger