D-Link DFL-260 Product Manual - Page 378
VPN Encryption, 9.1.3. VPN Planning, Client to LAN connection, Confidentiality
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 378 highlights
9.1.2. VPN Encryption Chapter 9. VPN 2. Client to LAN connection - Where many remote clients need to connect to an internal network over the Internet. In this case, the internal network is protected by the NetDefend Firewall to which the client connects and the VPN tunnel is set up between them. 9.1.2. VPN Encryption Encryption of VPN traffic is done using the science of cryptography. Cryptography is an umbrella expression covering 3 techniques and benefits: Confidentiality No one but the intended recipients is able to receive and understand the communication. Confidentiality is accomplished by encryption. Authentication and Integrity Proof for the recipient that the communication was actually sent by the expected sender, and that the data has not been modified in transit. This is accomplished by authentication, and is often implemented through the use of cryptographic keyed hashing. Non-repudiation Proof that the sender actually sent the data; the sender cannot later deny having sent it. Non-repudiation is usually a side-effect of authentication. VPNs are normally only concerned with confidentiality and authentication. Non-repudiation is normally not handled at the network level but rather is usually done at a higher, transaction level. 9.1.3. VPN Planning An attacker targeting a VPN connection will typically not attempt to crack the VPN encryption since this requires enormous effort. They will, instead, see VPN traffic as an indication that there is something worth targeting at the other end of the connection. Typically, mobile clients and branch offices are far more attractive targets than the main corporate network. Once inside those, getting to the corporate network then becomes easier. In designing a VPN there are many issues that need to be addressed which aren't always obvious. These include: • Protecting mobile and home computers. 378