لطفا منتظر باشید ...
When to Use a
VPN
A VPN allows you to extend your local network
to remote locations. Of course, if your local network is connected to the
Internet, remote users may have access to the local network even without a VPN.
A VPN offers two main advantages over direct non-VPN access: The illusion of local
access Many local networks include protections
against unwanted outside access. These may include firewall computers or iptables -based
firewall rules on individual computers (both covered in
Configuring iptables), restrictions implemented in TCP Wrappers or xinetd (described in
Starting Servers), or restrictions set in individual server programs. A VPN
allows a remote computer to look to local computers as if it were local, thus
simplifying the configuration of potentially dozens of servers. The tricky task
of determining what remote systems should have access as if they were local is
isolated to the VPN server. Encrypting
nonencrypted protocols The P in VPN stands for Private, so a VPN that doesn't include some sort of
encryption to provide privacy isn't much of a VPN. By encrypting normally
nonencrypted protocols like NFS and Telnet, a VPN allows you to transfer data
over the Internet in a fairly straightforward way, at least from the point of
view of the client and server. These clients and servers need no special
security configuration, but benefit from the encryption provided by the VPN. Of
course, there are encrypted protocols you might use instead of a VPN, and if
you're only looking for encryption on one or two protocols, these may be easier
to set up than a VPN.One common use for a VPN is in linking
multiple offices at distant locations. If your company has offices in Boston and San
Francisco , you can use a VPN to tie them together,
giving employees secure access to servers at one location from the other.
or firewall computers. Instead of or in addition to performing ordinary routing,
though, the VPN routers set up an encrypted link over which they can transfer
data destined for each other.
Figure 26.1. A VPN is
usually implemented by routers that are capable of encrypting data destined for
particular targets.
align=left border=0> Although
technology. You can link three, four, or more networks via a VPN.
Another use of a VPN is to grant individual
users access to a larger network. This application is common to serve
telecommuters and traveling employees. An individual can link a home computer
or notebook to a larger network via a broadband or even a dial-up connection to
get the benefit of the main office's servers. The VPN router in this scenario
communicates directly with the individual remote systems; essentially, they are
VPN routers as well, but they route only their own traffic for the remote
system. This situation is illustrated in
Figure 26.2. VPN systems
can link individual clients to a host network.
consider your bandwidth needs. Particularly when linking multiple remote
networks to a central one, the large central network may need a great deal of
external bandwidth to handle the demands from the remote sites. Many protocols
that are common on local networks, such as file-sharing protocols and X,
transfer vast quantities of data. These transfers may be reasonable on a
100Mbps local Ethernet connection, but over a slower Internet link, such as a
1.5Mbps T1 line, the local protocols may be unacceptably slow. If any of your
connections use low-end broadband connections, such as Asymmetric Digital
Subscriber Line (ADSL) accounts for telecommuters, you should remember that
some such accounts are asymmetric in nature. Typically, upstream bandwidth is
much lower than downstream bandwidth. ADSL, for instance, frequently uses
6001,500Kbps downstream speeds tied to 100300Kbps upstream speeds. This may
be acceptable for some VPN uses, but not for others. Worse, travelers will
probably be limited to analog modem speeds of no more than 56Kbps, and often
less.VPNs are not without their drawbacks, even
over fast external connections. For one thing, although they're designed as a
secure way to link networks, if they're implemented improperly they can
actually degrade your security. Consider a
telecommuter who connects to a larger network via a VPN. If the larger network
is protected by firewalls and similar measures, it should be fairly safe. The
home computer, though, may not be very well protected against intrusion. If a
cracker breaks into this system, it serves as a gaping hole through the larger
network's firewall. These security risks are covered in more detail in the
upcoming section, "
tedious to configure, particularly in conjunction with firewalls. If your need
for linking telecom muters, traveling individuals, or remote offices is
limited, you might find it simpler to use one or two secure protocols, such as
SSH.
