Vpn security, Introduction – Linksys BEFVP41 User Manual
Page 6
Chapter 1
Introduction
2
EtherFast Cable/DSL VPN Router with 4-Port Switch
Internet
Central Office
Off-Site
Notebook with VPN
Client Software
VPN
Router
Computer to VPN Router
For additional information and instructions about creating
your own VPN, refer to “Appendix B: VPN Tunnel” or visit
the Linksys website at www.linksys.com.
VPN Security
IPSec is compatible with most VPN endpoints and ensures
privacy and authentication for data, while authenticating
user identification. With IPSec, authentication is based
upon the computer’s IP address. This confirms the user’s
identity and establishes the secure tunnel at the network
layer, protecting all data that passes through.
By operating at the network layer, IPSec is independent of
any applications running on the network. This way, it does
not affect your computer’s performance and still allows
you to do more with greater security. Still, it is important
to note that IPSec encryption does create a slight
slowdown in network throughput, due to the encryption
and decryption of data.
Some VPNs will still leave the IP headers decrypted. These
headers contain the IP addresses for the users at both
ends of the tunnel and can be used by potential hackers
in future attacks. The VPN Router, however, does not leave
the IP headers decrypted, if you enable and set up Perfect
Forward Secrecy (PFS). With PFS, both the IP headers and
secret keys used to secure the tunnel are encrypted.
The VPN Router allows users on your local network to
secure their data over the Internet (using VPN tunnels)
without having to purchase the extra client licenses
that other VPN hardware manufacturers and software
packages may require. With VPN functions handled by
the Router, rather than your computer (which software
packages would require), then your computer would
have fewer tasks to process. Also, you would not have to
reconfigure your computer for VPN usage.
There are additional ways to enhance data security beyond
the VPN Router. Here are some suggestions:
Enhance security on your other networks. Install
•
firewall routers for your Internet connections, and use
the most up-to-date security measures for wireless
networking.
Narrow the scope of your VPN tunnel as much as
•
possible. Rather than allowing a range of IP addresses,
use the addresses specific to the endpoints (such as
computers) required.
Do not set the Remote Security Group to the Any
•
setting, as this will open the VPN to any IP address.
Host a specific IP address.
Use the strongest encryption and authentication
•
methods available on the VPN Router, 3DES encryption
and SHA authentication.
Manage your pre-shared keys; change them
•
periodically.