拨号和虚拟专用专用设置
安全VPN (Secure VPN)
Since the Internet has spread and has become an important means of communication; security has become increasingly important, both for clients and providers. As the VPN did not offer complete security, connectivity providers have begun to create protocols that would allow the encryption of data by the network or by the computer of origin, in order to be transported over the Internet as any other data, then be decrypted on arrival at the company’s network or the receiving computer.
由于互联网已经普及并已成为重要的交流手段; 对于客户和提供商来说,安全性都变得越来越重要。 由于VPN不能提供完整的安全性,因此连接提供商已开始创建协议,该协议将允许通过网络或原始计算机对数据进行加密,以便像其他任何数据一样通过Internet进行传输,然后再解密。到达公司的网络或接收计算机。
This encrypted traffic acts as a “tunnel” between two networks: even if an intruder tried to read the data could not decipher the contents, nor modify them, as any changes would be immediately detected by the receiver and then rejected. The networks built using data encryption are called Secure VPN.
加密的流量充当两个网络之间的“隧道”:即使入侵者试图读取数据也无法解密内容,也无法修改内容,因为接收者会立即检测到任何更改,然后将其拒绝。 使用数据加密构建的网络称为安全VPN。
More recently, service providers have started offering a new type of trusted VPNs, this time using the Internet instead of the telephone network as a substrate of communication. These new Trusted VPNs do not offer security, but they give customers a way to easily create network segments on a large scale (WAN), Trusted VPN segments also can be controlled by a unique and often with a guaranteed quality of service (QoS – quality of service) provider.
最近,服务提供商已经开始提供一种新型的受信任的VPN,这一次使用Internet而不是电话网络作为通信的基础。 这些新的Trusted VPN不提供安全性,但是它们为客户提供了一种轻松地大规模创建网段(WAN)的方法。TrustedVPN网段也可以通过独特的方式进行控制,并且通常具有保证的服务质量(QoS – Quality服务提供商)。
The main reason why companies use a VPN Secure is that they can transmit sensitive information over the Internet without fear of being spied on. All the information that travels through a Secure VPN is encrypted to a level that even if a person captures a copy of the traffic, could not read it even if he used high-performance computers (supercomputers). In addition, a Secure VPN allows the company to be sure that no intruder can alter the content of broadcasts. The Secure VPNs are especially useful to allow remote access by users connected to the Internet in areas not controlled by the network.
公司使用VPN Secure的主要原因是,它们可以通过Internet传输敏感信息,而不必担心被窃取。 通过安全VPN传输的所有信息都被加密到一个级别,即使一个人捕获了流量的副本,即使他使用了高性能计算机(超级计算机)也无法读取它。 此外,Secure VPN使公司可以确保没有入侵者可以更改广播内容。 安全VPN对允许不受Internet控制的区域中连接到Internet的用户进行远程访问特别有用。
Secure VPN Requirements
安全VPN要求
All traffic on a Secure VPN must be encrypted and authenticated. Many of the protocols used to create secure VPN networking allow authenticated but not encrypted. Although such a network is more secure than a network without authentication, can not be regarded as a VPN because it protects privacy.
安全VPN上的所有流量都必须经过加密和身份验证。 用于创建安全VPN网络的许多协议都允许进行身份验证,但不能进行加密。 尽管这样的网络比没有身份验证的网络更安全,但是由于它可以保护隐私,因此不能视为VPN。
The security properties of a VPN must be agreed by all parties to the VPN. Have one or more secure VPN “tunnel” and each tunnel has two ends. The directors of the two ends of each tunnel must be able to agree on the security properties of the tunnel.
VPN的安全性属性必须得到VPN各方的同意。 拥有一个或多个安全VPN“隧道”,并且每个隧道都有两端。 每个隧道两端的主管必须能够就隧道的安全性达成一致。
No one outside the VPN can compromise the security properties of the VPN. It must be impossible for an intruder to change the security properties of one or more parts of the VPN in order to weaken or compromise the encryption keys used for encryption.
VPN之外的任何人都不能破坏VPN的安全性。 入侵者必须不可能更改VPN的一个或多个部分的安全属性,以削弱或损害用于加密的加密密钥。
Technologies used by Secured VPN
安全VPN使用的技术
- IPsec with encryption in each tunnel. 在每个隧道中都有加密的IPsec。
- Internal IPsec L2TP. 内部IPsec L2TP。
- SSL 3.0 or TLS encryption SSL 3.0或TLS加密
These technologies are standardized in the IETF (Internet Engineering Task Force IETF Web site).
这些技术在IETF(Internet工程任务组IETF网站)中已标准化。
Hybrid VPN
混合VPN
A secure VPN can be used as part of a trusted VPN by creating a third type of VPN, recently introduced on the market:
通过创建最近在市场上推出的第三种VPN,可以将安全VPN用作受信VPN的一部分:
Hybrid VPN
混合VPN
The certain parts of a Hybrid VPN can be controlled by the client or by the same provider that provides trusted part of the Hybrid VPN. Sometimes an entire Hybrid VPN is secured through a Secure VPN, but more commonly only one part of the Hybrid VPN is secure. It is clear that the Trusted VPN Secure VPN and have very different properties.
混合VPN的某些部分可以由客户端或由提供混合VPN的受信任部分的同一提供商控制。 有时,整个混合VPN通过安全VPN进行保护,但更常见的是混合VPN中只有一部分是安全的。 显然,Trusted VPN和Secure VPN具有非常不同的属性。
- The Secure VPNs provide security but do not provide the paths. 安全VPN提供安全性,但不提供路径。
- The Trusted VPN ensure the properties of paths such as QoS, but no security from intruders. 可信VPN可以确保诸如QoS之类的路径的属性,但不能确保入侵者的安全。
Because of these strengths and weaknesses were introduced Hybrid VPN. Scenarios of use are still evolving, however. A typical situation for the deployment of a hybrid VPN is when a company already has a trusted VPN security and want a part of the VPN. Fortunately none of the Trusted VPN technologies prevents the creation of Hybrid VPN, and some producers are creating systems that explicitly support the creation of Hybrid VPN services.
由于这些优点和缺点,引入了混合VPN。 但是,使用场景仍在不断发展。 部署混合VPN的典型情况是公司已经拥有可信任的VPN安全性并需要VPN的一部分。 幸运的是,没有任何一种受信任的VPN技术可以阻止Hybrid VPN的创建,并且一些生产者正在创建明确支持Hybrid VPN服务创建的系统。
Requirements
要求
The addresses of the border between Secured and Trusted VPN VPN must be very clear. In a Hybrid VPN, Secure VPN should be a subset of the trusted VPN. For each pair of address data in a Hybrid VPN, the VPN administrator must be able to know with certainty whether the traffic between two addresses is whether or not the Secure VPN.
安全和受信任的VPN VPN之间的边界地址必须非常清楚。 在混合VPN中,安全VPN应该是受信任VPN的子集。 对于混合VPN中的每对地址数据,VPN管理员必须能够确定地知道两个地址之间的流量是否是Secure VPN。
Continued…
继续…
翻译自: https://www.eukhost.com/blog/webhosting/virtual-private-network-part-2/
拨号和虚拟专用专用设置
扫一扫
1654
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
