Linksys BEFSX41 manual Appendix B Maximizing VPN Security

Page 52

Instant Broadband® Series

Appendix B: Maximizing VPN Security

Just as you maximized your network security with a firewall, you should also maximize security for your data with the Firewall Router.

IPSec is compatible with most VPN endpoints and ensures privacy and authen- tication for data, while authenticating user identification. With IPSec, authen- tication is based upon the PC's IP Address. This not only confirms the user's identity but also establishes the secure tunnel at the network layer, protecting all data that passes through.

By operating at the network layer, IPSec is independent of any applications running on the network. This way, it doesn't harm your PC's performance and still allows you to do more with greater security. Still, it is important to note that IPSec encryption does create a slight slowdown in network throughput, due to encrypting and decrypting data.

A method of securing data transmission is by using key exchange with a VPN tunnel. Securing the key exchange without compromising earlier sessions is by using PFS (Perfect Forward Secrecy). PFS protects by authenticating the key exchange between two VPN endpoints. This is done by sending one key to the other endpoint and then then creating a new key to be passed back to the the original sender of the data exchange.

All of this protection actually comes at a lower cost than most VPN endpoint software packages. The Firewall Router will allow the users on your network to secure their data over the Internet without having to purchase the extra client licenses that other VPN hardware manufacturers and software packages will require. With VPN functions handled by the router, rather than your PC (which software packages would require), this frees up your PCs to perform more functions, more efficiently. An additional benefit is that you aren't required to reconfigure any of your network PCs.

EtherFast® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

As secure as the Firewall Router makes your data, there are still more ways to maximize security. The following are a few suggestions on how to increase data security beyond the Firewall Router.

1)Maximize security on your other networks. Install firewall routers for your Internet connections, and use the most up-to-date security measures for wireless networking.

2)Narrow the scope of your VPN tunnel as much as possible. Rather than allowing a range of IP Addresses, use the addresses specific to the end- points required.

3)Do not set the Remote Security Group to Any, as this will open the VPN to any IP Address. Host a specific IP address.

4)Maximize encryption and authentication. Use 3DES encryption and SHA authentication whenever possible.

5)Manage your pre-shared keys. Change pre-shared keys regularly.

Data transmission over the Internet is a hole in network security that is often overlooked. With VPN maximized, along with the use of a firewall router and wireless security, you can secure your data even when it leaves your network.

96

97

Page 51 Page 53
Image 52
Page 51 Page 53
Contents User Guide Copyright & Trademarks Table of Contents Introduction FeaturesEnvironmental 139 An Introduction to LANs and WANs IP AddressesWhy Do I Need a VPN? Network Setup OverviewYour Virtual Private Network VPN What is a Virtual Private Network? Firewall Router to Firewall RouterPower Router’s Back PanelModem connection will not work from any other port PortsRouter’s Front Panel LEDs WAN and LAN LEDsProceed to Connect the Router Connecting Your Hardware Together and Booting Up Router’s hardware installation is now completeConnect the Router OverviewConfigure the PCs Configuring Windows 95, 98, and Millennium PCsGo to Configure the Router Configuring Windows 2000 PCsConfiguring Windows XP PCs Configure the Router Obtain an IP Address Automatically Static IP AddressAdvanced Proxies. Click Direct Connection to the Internet Enter the Gateway AddressPPPoE RASQuick and Easy Router Administration Cable/DSL Firewall Router’s Web-based UtilitySetup User Name and Password Static IPWAN IP Firewall Remote Upgrade Block WAN RequestMulticast Pass Through IPSec Pass ThroughEstablishing a Tunnel VPNLocal Secure Group and Remote Secure Group Remote Security Gateway Encryption AuthenticationKey Management Instant Broadband Series Advanced Settings for Selected IPSec Tunnel PhaseOther Settings PasswordStatus Dhcp Log Help Advanced FiltersInstant Broadband Series Forwarding UPnP Forwarding Port Triggering Dynamic Routing Static RoutingDMZ Port DMZ HostDMZ Host Address Current DMZ Host MAC Address CloneDynDNS.org DdnsCommon Problems and Solutions Appendix a TroubleshootingTZO.com For Windows XP For Windows NTFor Windows 95, 98, and Me For Windows XP Am not able to access the Router’s web interface Setup Can’t get the Internet game, server, or application to work To start over, I need to set the Router to factory default Click the Advanced = Filter tab Need to use port triggeringFrequently Asked Questions TCP/IP is compatible with the Router Appendix B Maximizing VPN Security Introduction EnvironmentWindows 2000 or Windows XP Step One Create an IPSec PolicyStep Two Build Filter Lists Filter List 1 win-routerIP Address Filter List 2 router=win Figure C-6Step Three Configure Individual Tunnel Rules Tunnel 1 win-routerRespond Using IPSec XYZ12345. Click String to Protect Negotiate Security Key exchange preShared key, as shown AcceptTunnel 2 router-win Action Require Security This string to protect Key ExchangePreshared key, XYZ12345Figure C-24 Step Four Assign New IPSec PolicyStep Five Create a Tunnel Through the Web-based Utility Figure C-28Appendix E How to Ping Your ISP’s E-mail & Web Addresses Appendix D Snmp FunctionsFigure E-1 Appendix F Installing the TCP/IP Protocol TCP/IP installation is now completeFigure G-1 For Windows NT, 2000, and XPFigure G-5 Appendix H Glossary 129 131 133 135 137 Appendix I Specifications EnvironmentalAppendix J Warranty Information Appendix K Contact InformationSales Information Web FTP SiteCopyright 2003 Linksys, All Rights Reserved
Top Page Image Contents