Home >

How To Use Network Encryption In VPN

2008/9/24 16:14:00 33

??? 日本語 Fran?ais English 中文

All articles are intercepting.

As an analyst, I have received more and more questions about network encryption, encryption pmission, or virtual private network security.

Maybe that's because of the security breakthroughs that TJ Maxx's parent companies, such as TJX, Marshalls and HomeGoods stores, have experienced.

When a hacker took advantage of the vulnerability of the Wi-Fi network in the Marshalls clothing store near St Paul, Minnesota, millions of credit cards were damaged.

Security breakthroughs are not just TJX companies.

There are also some notable breakthroughs in personal data, including the personal data of the names of 80% active servicemen within the US government.

These events prompted the US government to issue an administrative order requiring encryption measures to pmit and preserve personal identification data.

I often talk with network engineers about data in encrypted pmission.

Here, I will first introduce the various types of VPN that are encrypted and pmitted, and then put forward the type of encryption to be considered in the order of complexity.

The two most commonly used technologies for encrypting pmission are SSL (secure sockets layer) and IPsec (IP network security protocol).

Four types of network encryption

1. no client SSL:SSL's original application.

In this application, a host computer is directly connected to a source (such as Web server, mail server, directory, etc.) on the encrypted link.

2. no client SSL configuring VPN devices: this way of using SSL is similar to the first one for the host.

However, the work of encrypted communication is done by VPN devices, rather than by online resources (such as Web or mail server).

3. host to network: in the above two schemes, the host is directly connected to a resource on an encrypted channel.

In this way, the host run client software (SSL or IPsec client software) is connected to a VPN device and becomes part of the network that contains the host's target resources.

SSL: because of its simple setup, SSL has become the de facto choice of this type of VPN.

Client software is usually a small Java based program.

Users may not even notice.

IPsec: before using SSL as a popular way to create host to network, use IPsec client software.

IPsec is still in use, but it provides users with many settings and is easy to confuse.

4. network to network: there are many ways to create this type of encrypted tunnel VPN., but the technology to use is almost always IPsec..

In the case of network to network VPN, we are discussing the encryption problem from one network device to another.

Because we expect the current network equipment to do something, there will be other difficulties in this discussion: interaction with other technologies: Wan often uses quality of service, deep packet inspection or WAN acceleration.

If these services are not considered at the time of deployment, encryption will invalidate these services.

Network address resolution is another obstacle to overcome, because it first interferes with the ability to build an encrypted connection.

Overlay network: encrypted tunnel VPN works by creating a superimposed encrypted connection on the existing network.

Encrypted connections exist between two specific interfaces on this network.

From the source point, if the encrypted network communication is rerouted or pmitted to different interfaces, it will not be encrypted.

If the communication is rerouted after being encrypted and sent to other interfaces other than the specified interface, it can not be decoded or abandoned.

In an encrypted VPN, DNS, IP address and routing require special attention.

Some secure VPN technologies and special address areas work very well.

Some secure VPN technologies can work well even when network endpoints use dynamic addresses.

In some cases, companies like to route all Internet communications to a central location.

In other cases, the split tunnel method has separate Internet gateways.

Bandwidth: network engineers constantly solve bandwidth problems while providing their users with the best possible experience.

However, in the case of an encrypted VPN, they must consider the ability to encrypt bandwidth or to encrypt and decrypt large data streams.

Whatever motive is, it is time to explore this technology.

Encryption technology is much cheaper and more technology than before. This technology is embedded in firewalls, routers and WAN accelerators.

However, for most network engineers and designers, this technology needs different ideas: Thinking in order of complexity, in order to choose in this technology, and strive to minimize the burden of network and network users, and so on.

By adhering to some basic principles, you can ensure that encryption technology is a guarantee of your network security.