NETGEAR FVL328 manual 2

FVL328 Cable/DSL ProSafe High-Speed VPN Firewall

Page 2

7.How many VPN tunnels can the FVL328 support at one time?

As a standard feature, the FVL328 has the ability to support up to 100 VPN tunnels at one time. This can be a combination of branch office, mobile users or partner connections.

8.What is encryption?

A mathematical operation that transforms data from "clear text" to "cipher text," which cannot be interpreted. Usually the mathematical operation requires that an alphanumeric key be supplied along with the clear text. The key and clear text are processed by the encryption operation, which leads to data scrambling that makes it secure. Decryption is the opposite of encryption; it is the mathematical operation that transforms cipher text to clear text.

9.How is the data encrypted on the FVL328 VPN?

The data is hardware-encrypted through the embedded encryption accelerator in the microprocessor.

10.What is DES and 3DES?

DES, or Digital Encryption Standard, is encryption used for data communications where both the sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to generate and verify a message authentication code. NETGEAR DES encryption uses a 56-bit key. 3DES, or “triple DES” on the other hand, is a variation on DES that uses a 168-bit key to provide more secure data transmission than DES. TripleDES is considered to be virtually unbreakable by security experts. It also requires a great deal more processing power, resulting in increased latency and decreased throughput unless hardware acceleration is provided, as in the FVL328.

11.What is IPSec?

Internet Protocol Security is a robust VPN standard that covers authentication and encryption of data traffic over the Internet. IPSec employs three components, encapsulating security payload (ESP), authentication header (AH), and Internet key exchange (IKE) technology. VPN technology employing IPSec will encrypt all outgoing data and decrypt all incoming data so that a public network can be used, like the internet, as transportation media. IPSec can support two encryption modes: transport and tunnel. Transport mode encrypts the data portion of each packet but leaves the header unencrypted. The more secure the tunnel mode encrypts both the header and the data. The FVL328 supports both. At the receiving end, an IPSec- compliant device decrypts each packet. For IPSec to work, the sending and receiving devices must share a key. IKE protocol is a key management protocol standard which is commonly used in conjunction with the IPSec standard. Unlike PPTP, IPSec is specific only to the Internet Protocol (IP) and does not provide security for other protocols. PPTP supports multiple protocols, but is not as secure.

12.What is IKE?

Internet Key Exchange is a negotiation and key exchange protocol specified by the Internet Engineering Task Force (IETF). An IKE security association (SA) automatically negotiates encryption and authentication keys. With IKE, and initial exchange authenticates the VPN session and automatically negotiates keys that will be used to pass IP traffic.

13.What is Authentication Header (AH)?

AH provides authentication and integrity, which protect against data tampering, using the same algorithms as ESP. AH also provides optional anti-replay protection, which protects against unauthorized retransmission of packets. The authentication header is inserted into the packet between the IP header and any subsequent packet contents. The payload is not touched. Although AH protects the packet’s origin, destination, and contents from being tampered with, the identity of the sender and receiver is known. In