2.
Client to LAN connection - Where many remote clients need to connect to an internal
network over the Internet. In this case, the internal network is protected by the D-Link Firewall
to which the client connects and the VPN tunnel is set up between them.
9.1.2. VPN Encryption
Encryption of VPN traffic is done using the science of cryptography. Cryptography is an umbrella
expression covering 3 techniques and benefits:
Confidentiality
No one but the intended recipients is able to receive and
understand
the
communication.
Confidentiality
is
accomplished by encryption.
Authentication and Integrity
Proof for the recipient that the communication was actually
sent by the expected sender, and that the data has not been
modified in transit. This is accomplished by authentication,
often by use of cryptographic keyed hashes.
Non-repudiation
Proof that the sender actually sent the data; the sender cannot
later deny having sent it. Non-repudiation is usually a
side-effect of authentication.
VPNs are normally only concerned with confidentiality and authentication. Non-repudiation is
normally not handled at the network level but rather on a transaction (document-by-document)
basis.
9.1.3. VPN Planning
An attacker targeting a VPN connection will typically not attempt to crack the VPN encryption
since this requires enormous effort. They will, instead, see VPN traffic as an indication that there is
something worth targeting at the other end of the connection. Typically, mobile clients and branch
offices are far more attractive targets than the main corporate network. Once inside those, getting to
the corporate network then becomes easier.
In designing a VPN there are many issues that need to be addressed which aren't always obvious.
These include:
•
Protecting mobile and home computers.
9.1.2. VPN Encryption
Chapter 9. VPN
320
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...