Internet Security and VPN Network Design

Overview

This article describes some key technical concepts with a VPN connection. A Virtual Private Network (VPN) integrating remote workers, businesses with offices and business partners over the Internet and secures the encrypted tunnel between the sites. An Access-VPN is used for remote users connect to the corporate network. The remote workstation or laptop will use an access circuit, such as cable, DSL or wireless, to connect to a localInternet Service Provider (ISP). With a client-initiated model, software on the remote workstation builds an encrypted tunnel from the laptop to the ISP to use IPSec, Layer 2 Tunneling Protocol (L2TP) or Point to Point Tunneling Protocol (PPTP). The user must authenticate as a permitted VPN user with the ISP. Once this is completed, the ISP builds an encrypted tunnel to the enterprise router or VPN concentrator. TACACS, RADIUS, or Windows server to authenticate the remote user asan employee is allowed access to the corporate network. With this finished, it must authenticate the remote user then to the local Windows domain server, Unix server or mainframe host, depending on where it is network account. The ISP initiated model is less secure than client-initiated model, since the encrypted tunnel from the ISP to the enterprise VPN router or VPN concentrator built only. In addition to the secure VPN tunnel will be built with L2TP orL2F.

The Extranet VPN to connect to a corporate partner network in connection with the establishment of a secure VPN connection from the router business to the enterprise VPN router or concentrator. Used, the specific tunneling protocol depends on whether it is a router connection or remote dial-up connection. The options for an extranet VPN routers are connected IPsec or Generic Routing Encapsulation (GRE). Extranet use dialup connections, L2TP or L2F. TheIntranet VPN to connect companies with offices in over a secure connection to the same process with IPSec or GRE as the tunneling protocols. It is important to note that what VPN 's is very inexpensive and efficient that they use their existing Internet companies for the transportation of traffic. Therefore, many companies are choosing the IPSec security protocol of choice for ensuring that the information as secure travel between routers or laptop and router. IPSecoffer consisting of 3DES encryption, IKE key exchange and authentication, MD5 authentication, route, authentication, authorization and confidentiality.

Internet Protocol Security (IPSec)

IPSec operation is significant because it uses such a dominant security protocol today with Virtual Private Networking. IPSec is specified by RFC 2401 and developed as an open standard for the secure transport of IP over the public Internet. The package structureconsisting of an IP header / IPSec Header / Encapsulating Security Payload. IPSec provides services with 3DES encryption and authentication with MD5. In addition, there is the Internet Key Exchange (IKE) and ISAKMP, the distribution of secret keys between IPSec peer automated devices (routers and concentrators) for sale. These protocols are required for the negotiation of one-or two-way security associations. IPSec security associations are an encryption algorithm (3DES), is formed hash algorithm (MD5)and an authentication method (MD5). To use access VPN implementations 3 Security Associations (SA) per port (transmit, receive, and IKE). A company network with many IPSec peer devices is a Certificate Authority to use for the scalability of the authentication instead of IKE / Pre-Shared Keys.

Notebook - IPSec VPN Concentrator Peer Connection

1. IKE Security Association Negotiation

2. IPSec tunnelSetup

3. XAUTH request / response - (RADIUS Server Authentication)

4. Mode Config Response / Acknowledge (DHCP and DNS)

5. IPSec Security Association

Access VPN Design

The Access VPN is a leverage effect on the availability and low cost of Internet connectivity for the company central office with WiFi, DSL and cable access circuits from the local Internet Service Provider. The main problem is that companies should enjoy protection as they travel through histhe Internet from the laptops telecommuters core to the company office. The client initiates use model, have a build IPSec tunnels from each client laptops, which terminates at a VPN concentrator. Each laptop is configured with VPN client software to run on Windows. The teleworker must first dial a local access number, and authentication with the ISP. The RADIUS server to authenticate each dial-up connection as an authorized teleworkers. Once this isis complete, the remote to authenticate and authorize users with Windows, Solaris, or mainframe server before all applications. There are two VPN concentrators, which are configured for failover with Virtual Routing Redundancy Protocol (VRRP) one of them should not be available.

Each concentrator between the external router and firewall connected. Prevent a new feature with the VPN concentrators to denial of service (DOS) attacks from outside hackersCould adversely affect network availability. The firewalls are configured to allow the source and destination IP addresses that are assigned for each telecommuter from a pre-defined area. How good is each application and protocol ports on the firewall, which is required permitted.

Extranet VPN Design

The Extranet VPN is designed to enable the secure connection from any business office of the company core office. Safety is the primary focus sincethe Internet will be used to transport all traffic from each business partner. It will close a circuit connection from any business partner, to a VPN router at the core of the company office. Each business and its peer VPN router at the center office to use a router with a VPN module. The module provides IPSec and high-speed hardware encryption of packets before they are transported over the Internet. Peer VPNShould be the core router at the company office are two different homed multi-layer switches for link a variety of non-links will be available. It is important that the movement of a business does not end at another business office. The switches are between external and internal firewall for the connection of public servers and external DNS server is used removed. This is not a safety issue, as the external firewall to filter public Internet traffic.

FurthermoreFiltering can be attached to each network switch and converted to the promoted routes or weaknesses of having business connections with the company office to prevent nuclear use multilayer switches. Separate VLANs will be at each network switch assigned for each business in order to improve security and the segmentation of the subnet traffic. The level 2 external firewall will examine each packet and to enable the business to source and destination IP address, application andProtocol ports that they need. Business partner meetings need to authenticate with the RADIUS server. Once this is completed, it will authenticate on Windows, Solaris, or mainframe servers before all applications.

notebook hp dv7 Game

Labels: , , , Posted by tun at 10:23 AM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger