Chapter 1

Introduction

Off-Site

Internet

Notebook with VPN

Client Software

VPN

Central Office

Router

 

Computer to VPN Router

For additional information and instructions about creating your own VPN, refer to “Appendix B: VPN Tunnel” or visit the Linksys website at www.linksys.com.

VPN Security

IPSec is compatible with most VPN endpoints and ensures privacy and authentication for data, while authenticating user identification. With IPSec, authentication is based upon the computer’s IP address. This confirms the user’s identity and establishes the secure tunnel at the network layer, protecting all data that passes through.

By operating at the network layer, IPSec is independent of any applications running on the network. This way, it does not affect your computer’s performance and still allows you to do more with greater security. Still, it is important to note that IPSec encryption does create a slight slowdown in network throughput, due to the encryption and decryption of data.

Some VPNs will still leave the IP headers decrypted. These headers contain the IP addresses for the users at both ends of the tunnel and can be used by potential hackers in future attacks. The VPN Router, however, does not leave the IP headers decrypted, if you enable and set up Perfect Forward Secrecy (PFS). With PFS, both the IP headers and secret keys used to secure the tunnel are encrypted.

The VPN Router allows users on your local network to secure their data over the Internet (using VPN tunnels) without having to purchase the extra client licenses that other VPN hardware manufacturers and software packages may require. With VPN functions handled by the Router, rather than your computer (which software packages would require), then your computer would have fewer tasks to process. Also, you would not have to reconfigure your computer for VPN usage.

There are additional ways to enhance data security beyond the VPN Router. Here are some suggestions:

•• Enhance security on your other networks. Install firewall routers for your Internet connections, and use the most up-to-date security measures for wireless networking.

•• Narrow the scope of your VPN tunnel as much as possible. Rather than allowing a range of IP addresses, use the addresses specific to the endpoints (such as computers) required.

•• Do not set the Remote Security Group to the Any setting, as this will open the VPN to any IP address. Host a specific IP address.

•• Use the strongest encryption and authentication methods available on the VPN Router, 3DES encryption and SHA authentication.

•• Manage your pre-shared keys; change them periodically.

EtherFast Cable/DSL VPN Router with 4-Port Switch

2

Page 5 Page 7
Page 6
Image 6
Linksys BEFVP41 manual VPN Security
Page 5 Page 7

BEFVP41 specifications

The Linksys BEFVP41 is a sophisticated yet user-friendly VPN router designed primarily for small office and home office networks. Known for its robust performance and versatility, it stands out as a solid choice for users looking to enhance their network security and connectivity.

One of its key features is the built-in VPN support, which allows users to establish secure connections to remote networks or clients. The BEFVP41 supports up to 50 simultaneous VPN connections, making it an excellent option for small businesses that require secure remote access for their employees without compromising on speed or reliability.

The router employs advanced security protocols including IPsec, which is well-known for ensuring encrypted communication over the internet. This level of security enables users to safeguard sensitive data and maintain privacy while accessing their networks remotely, critical for businesses that handle confidential information.

In terms of connectivity, the BEFVP41 is equipped with four Ethernet ports that support 10/100 Mbps speeds, allowing for high-speed wired connections. It also features a WAN port for connection to a broadband modem, ensuring a fast and stable internet connection. The router supports various connection types, including DHCP, static IP, and PPPoE, making it versatile for different networking environments.

Additional features include a user-friendly web-based interface, which simplifies the setup and configuration process for users. This intuitive design is combined with powerful QoS (Quality of Service) capabilities, enabling prioritized bandwidth allocation to specific applications or users, ensuring that critical business applications have the necessary speeds and reliability.

The BEFVP41 also offers dynamic DNS support, which allows users to access their home or office network using a domain name instead of remembering an IP address. Moreover, it includes a DHCP server for automated IP address assignment, making network management more streamlined.

Overall, the Linksys BEFVP41 combines essential networking technologies and security features into a compact design suitable for any small business or home office environment. With its robust performance, extensive VPN capabilities, and user-friendly interface, it caters effectively to the diverse needs of modern network requirements. The BEFVP41 is a reliable solution for those looking to enhance their connectivity while maintaining security and ease of use.
Top Page Image Contents