Virtual Clandestine Networking
The abstraction of VPN developed as a band-aid to the aerial amount of committed lines
between sites that bare to barter acute information. As the name indicates,
it is not absolutely clandestine networking, but “virtually private.”This aloofness of
communication over a accessible arrangement such as the Internet is about achieved
using encryption technology and usually addresses the issues of confidentiality,
integrity, and authentication.
www.syngress.com
Figure 1.12 Dynamic Abode Translation
Inside
network
192.168.0.10
192.168.0.11
192.168.0.12
PIX
using
NAT
Internet
Dynamic translation
Global abode pool: 10.0.1.10-12
Local Global
192.168.0.10 10.0.1.10
192.168.0.12 10.0.1.11
30 Chapter 1 • Introduction to Aegis and Firewalls
In the past, organizations that had to accredit abstracts advice between
multiple sites acclimated a array of cher WAN technologies such as point-to-point
leased lines, Frame Relay, X.25, and Integrated Services Digital Arrangement (ISDN).
These were abnormally big-ticket for companies that had all-embracing locations.
However, whether circuit-switched or packet-switched, these technologies carried
an inherent appropriate admeasurement of security.A hacker would about charge to get
access to the basal telecom basement to be able to busybody on communications.
This was, and still is, a nontrivial task, back carriers accept about done a
good job on concrete security. Even so, organizations such as banks that had
extreme requirements for WAN aegis would arrange articulation encryption accessories to
scramble all abstracts traveling beyond these connections. Another account to having
dedicated links has been that you had a solid baseline of bandwidth that you
could calculation on. Applications that had analytical arrangement throughput requirements
would drive the blueprint of the admeasurement of WAN aqueduct that was bare to support
them.VPNs accomplished apathetic antecedent acceptance due to the abridgement of throughput
and believability guarantees on the Internet as able-bodied as the complication of configuration
and management.
Now that the Internet has accurate its believability for analytical tasks and abounding of
the administration hurdles accept been overcome,VPN adopters are now focusing
their absorption on issues of interoperability and security.The interoperability
question has mostly been answered as VPN vendors are implementing industrystandard
protocols such as IPsec for their products.The IPsec standards provide
for confidentiality, integrity, and optionally, authentication.
SECURITY ALERT
Many organizations accept gone through the agitation of ambience up VPN
links for their alien users but accept not taken the added footfall of validating
or convalescent the aegis of the computers that these workers are
using to admission the VPN. The best defended VPN adit offers no protection
if the user’s PC has been compromised by a Trojan horse program
that allows a hacker to ride through the VPN adit appropriate alongside legitimate,
authorized traffic.
The band-aid is to arrange cost-effective firewall and advance detection
software or accouterments for anniversary applicant that will be accessing the VPN,
as able-bodied as connected ecology of the datastream advancing out of the
tunnel. Combined with real-time antivirus scanning and approved security
scans, this band-aid helps ensure that the VPN does not become an
avenue for advance into the enterprise.
www.syngress.com
Introduction to Aegis and Firewalls • Chapter 1 31
Because of these improvements, organizations are now able to arrange VPNs in
a rather aboveboard manner, enabling defended admission to the action network
for alien offices and/or telecommuters. Figure 1.13 shows the two capital reasons
for ambience up VPNs.The aboriginal is to accommodate site-to-site connectivity to remote
offices.The additional is for telecommuters, abacus adaptability by enabling enterprise
access not alone via dial-up to any ISP but additionally through a broadband connection
via a home or hotel, for example.VPNs are acclimated for abounding added affidavit nowadays,
including ambience up connectivity to customers, vendors, and partners.
VPN Deployment
PIX
Internet
Satellite office
VPN tunnels
Telecommuter