fredag, januar 16, 2004
timer kl 10-15
les videre om VPN her
Internett VPN - Sikkerhet og Ytelse
Two primary concerns when deploying VPNs over the Internet are security and performance.
Security
The privacy of corporate information as it travels through the VPN is guarded by encrypting the data.
Performance
Unlike the leased lines used in traditional corporate networks, VPNs do not maintain permanent links between the end points that make up the corporate network. Instead, when a connection between two sites is needed, it is created; when the connection is no longer needed, it is torn down, making the bandwidth and other network resources available for other uses. Thus the connections making up a VPN do not have the same physical characteristics as the hard-wired connections used on the LAN, for instance.
Tunnels can consist of two types of end points, either an individual computer or a LAN with a security gateway, which might be a router or firewall. Only two combinations of these end points, however, are usually considered in designing VPNs. In the first case, LAN-to-LAN tunneling, a security gateway at each end point serves as the interface between the tunnel and the private LAN. In such cases, users on either LAN can use the tunnel transparently to communicate with each other.
The second case, that of client-to-LAN tunnels, is the type usually set up for a mobile user who wants to connect to the corporate LAN. The client, i.e., the mobile user, initiates the creation of the tunnel on his end in order to exchange traffic with the corporate network. To do so, he runs special client software on his computer to communicate with the gateway protecting the destination LAN.
Nick comment:
What kind of software would the mobile user use?
http://www.iec.org/online/tutorials/vpn/topic03.html?Next.x=31&Next.y=11
Security
- authentication—ensuring that the data originates at the source that it claims
- access control—restricting unauthorized users from gaining admission to the network
- confidentiality—preventing anyone from reading or copying data as it travels across the Internet
- data integrity—ensuring that no one tampers with data as it travels across the Internet
The privacy of corporate information as it travels through the VPN is guarded by encrypting the data.
Performance
Unlike the leased lines used in traditional corporate networks, VPNs do not maintain permanent links between the end points that make up the corporate network. Instead, when a connection between two sites is needed, it is created; when the connection is no longer needed, it is torn down, making the bandwidth and other network resources available for other uses. Thus the connections making up a VPN do not have the same physical characteristics as the hard-wired connections used on the LAN, for instance.
Tunnels can consist of two types of end points, either an individual computer or a LAN with a security gateway, which might be a router or firewall. Only two combinations of these end points, however, are usually considered in designing VPNs. In the first case, LAN-to-LAN tunneling, a security gateway at each end point serves as the interface between the tunnel and the private LAN. In such cases, users on either LAN can use the tunnel transparently to communicate with each other.
The second case, that of client-to-LAN tunnels, is the type usually set up for a mobile user who wants to connect to the corporate LAN. The client, i.e., the mobile user, initiates the creation of the tunnel on his end in order to exchange traffic with the corporate network. To do so, he runs special client software on his computer to communicate with the gateway protecting the destination LAN.
Nick comment:
What kind of software would the mobile user use?
http://www.iec.org/online/tutorials/vpn/topic03.html?Next.x=31&Next.y=11
VPN kompatibelt med forskjellige medier
Because point-to-point links are not a part of the Internet VPN, companies do not have to support one of each kind of connection, further reducing equipment and support costs. With traditional corporate networks, the media that serve smaller branch offices, telecommuters, and mobile works—digital subscriber line (xDSL), integrated services digital network (ISDN), and high-speed modems, for instance—must be supported by additional equipment at corporate headquarters. In a VPN, not only can T1 or T3 lines be used between the main office and the ISP, but many other media can be used to connect smaller offices and mobile workers to the ISP and, therefore, to the VPN without installing any added equipment at headquarters. A company's information technology (IT) department can reduce wide-area network (WAN) connection setup and maintenance by replacing modem banks and multiple frame-relay circuits with a single wide-area link that carries remote user, local-area network to local-area network (LAN–to–LAN), and Internet traffic at the same time.
http://www.iec.org/online/tutorials/vpn/topic02.html?Next.x=38&Next.y=15
http://www.iec.org/online/tutorials/vpn/topic02.html?Next.x=38&Next.y=15
Internett VPN kostnadseffektivt
they can also offer other advantages, including indirect cost savings as a result of reduced training requirements and equipment, increased flexibility, and scalability.
http://www.iec.org/online/tutorials/vpn/topic02.html?Next.x=38&Next.y=15
http://www.iec.org/online/tutorials/vpn/topic02.html?Next.x=38&Next.y=15
hvorfor Internett-VPN
Rather than depend on dedicated leased lines or frame relay's permanent virtual circuits (PVCs), an Internet-based VPN uses the open, distributed infrastructure of the Internet to transmit data between corporate sites. Companies using an Internet VPN set up connections to the local connection points (called points-of-presence [POPs]) of their Internet service provider (ISP) and let the ISP ensure that the data is transmitted to the appropriate destinations via the Internet, leaving the rest of the connectivity details to the ISP's network and the Internet infrastructure. Because the Internet is a public network with open transmission of most data, Internet-based VPNs include measures for encrypting data passed between VPN sites, which protects the data against eavesdropping and tampering by unauthorized parties.
In addition, VPNs are not limited to corporate sites and branch offices. As an added advantage, a VPN can provide secure connectivity for mobile workers. These workers can connect to their company's VPN by dialing into the POP of a local ISP, which reduces the need for long-distance charges and outlays for installing and maintaining large banks of modems at corporate sites.
http://www.iec.org/online/tutorials/vpn/topic01.html?Next.x=35&Next.y=13
In addition, VPNs are not limited to corporate sites and branch offices. As an added advantage, a VPN can provide secure connectivity for mobile workers. These workers can connect to their company's VPN by dialing into the POP of a local ISP, which reduces the need for long-distance charges and outlays for installing and maintaining large banks of modems at corporate sites.
http://www.iec.org/online/tutorials/vpn/topic01.html?Next.x=35&Next.y=13
vpn
viktige søkeord for Google:
- vpn tutorial
- http://www.iec.org/online/tutorials/vpn/
- vpn introduction
- ?
- vpn deploy
- ?
- vpn deployment
- ?
- vpn implement
- ?
- vpn implementation
- ?
hvordan lage et intranett
hello og velkommen til tk701!
her kan vi legge ut ideér, linker til nyttige nettsteder, spørsmål, dokumenter, osv. Veldig praktisk.
