After Hours

General discussion

Locked

In my own words...

By Justin Fielding ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

HSDPA is go...

by Justin Fielding In reply to In my own words...

High-Speed Downlink Packet Access (HSDPA) is approaching launch
in Europe. 
HSDPA is a third generation (3G) high-speed data service, with a maximum
bandwidth of 14Mbps!  <a href="http://www.cellular-news.com/story/14487.php">O2</a>,
the UK based telecoms company
have announced that they will be launching the service for the Isle of Man on the 1<sup>st</sup> of November.  Another high-speed technology which is just
starting to emerge is <a href="http://skylink.telabria.com/default.php?id=8&p=0">WiMax</a>.  This wireless broadband service is now being
offered in the South East of England?currently offering services up to 10Mbps.  One <a href="http://www.wispcentric.com/index.php?option=com_content&task=view&id=1030&Itemid=0">potential problem</a> for WiMax is the limited
amount of licensed radio bandwidth available. 
It is possible for the service to run on unlicensed public frequencies,
but this raises quality of service issues. 
HSDPA runs on current cellular infrastructure which bypasses this issue
and should make rollout faster and less expensive.  There is much debate over which of these two
technologies will gain the upper hand, I guess only time can really tell.  Still, both technologies are offering
exciting new prospects in all areas from mobile business solutions to in-car
entertainment.

Collapse -

Get the basics of a secure VPN

by Justin Fielding In reply to In my own words...

<p>Virtual Private Networks (VPNs) seem to be
a hot topic lately--a week doesn't go by without a new article or white paper being
released on the subject. For many business users, having instant access to data
while on the move is now seen as a necessity rather than a luxury. Gone are the
days of slow and troublesome dial-up connections; we're now in the age of
broadband! These days high-speed internet access is cheap and offers speeds
which could only have been dreamt of ten years ago; Wi-Fi hotspots offer access
from most coffee shops, city centers and airports! Another form of VPN is that
which connects two private networks, using public networks as a bridge. A
gateway on each of the private networks faces the Internet, data is then transferred
between the two gateways via this low-cost public infrastructure. This allows
branch offices to effectively share data and work together without the
horrendous costs involved in hiring private lines.<br />
<br />
The advantages of allowing data access via
public networks are clear: high-speed and low cost. Where's the catch? Well, as
per usual the issue is that of security. It's all very well utilizing public
networks, but they are just that--public, and since anyone could be viewing the
data you transmit, we have to assume that they are. Let's take a look at two
protocols developed to address security in this area.</p>
<p>Point-to-Point-Tunnelling
Protocol (PPTP) was developed by Microsoft to enable remote users to securely
access corporate networks. It was first introduced in Windows NT 4 and the
source code was made available so that other third parties could develop
compatible software. Here's a full description of <a href="http://msdn.microsoft.com/library/default.asp?url=/archive/en-us/dnarwebtool/html/understanding_pptp.asp">PPTP</a>,
the key point being "PPTP encapsulates the
encrypted and compressed PPP packets into IP datagrams for transmission over
the Internet." One thing
which makes PPTP a good choice for remote or roaming users is that all versions
of Windows (NT4 to XP) have an inbuilt client program, meaning there is no need
for additional software installation. Windows Server can be used; however, for those
not already using Windows Server, a better solution may be Poptop. <a href="http://www.poptop.org/">Poptop</a> is an open source PPTP server which
can be hosted on a Linux platform, <a href="http://www.cyberguard.com/">Cyberguard</a>
even use Poptop in their embedded VPN solutions.</p>
<p>IP Security (<a href="http://www.tcpipguide.com/free/t_IPSecurityIPSecProtocols.htm">IPSec</a&gt
is a standard for authenticating and encrypting IP packets; working on the
network layer to create a secure tunnel between two nodes, via a public
network. The two main parts of the IPSec standard are the Encapsulating
Security Payload (ESP) protocol and Internet Key
Exchange (IKE) protocol. ESP takes care of data encryption and integrity, while
IKE uses public key or pre-shared secret techniques to authenticate each host
and set up a secure session. Giants such as <a href="http://www.microsoft.com/windowsserver2003/technologies/networking/ipsec/default.mspx">Microsoft</a>
and <a href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html">Cisco</a>
have adopted IPSec and support its use.<br />
<br />
In a small to medium enterprise, cost is
normally a big consideration. I personally use OpenBSD to provide for our
company's VPN needs--OpenBSD takes a paranoid approach with proactive security
and integrated cryptography, and best of all, it's free! All of the tools
needed for creating point-to-point VPN connections are included as default; Poptop
is also available in the OpenBSD ports (selection of linux/unix packages ported
to the BSD platform). The system manual pages give <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vpn&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html">full
instructions</a> on setting up your VPN; this can look a little in-depth and
over complex but once you have an understanding of what's happening, it's
really quite simple. The inbuilt firewall, Packet Filter, is a very simple but
powerful, making OpenBSD a good multipurpose platform; DHCP, DNS, FTP, VPN,
PPTP can all be run with proven reliability and security. The configuration of
Poptop is a little more difficult; it took me 3-4 days of reading mailing list
archives and manuals to actually get it working, but now that I know how, it
doesn't take long to set up a new server.<br />
<br />
As you can see from a quick Google search,
there are many companies offering different VPN solutions, all based around the
same underlying technology. Most of them don't come cheap and that's not even
taking in to account consultancy fees, etc. I hope I've shown here that
implementing a secure VPN solution (whether it be for remote/roaming users or
interoffice communication) doesn't have to be expensive or particularly
difficult.</p>
<p>If there's any interest in the topic, I
would consider writing a tutorial on setting up an OpenBSD network gateway with
VPN and PPTP. Please post your comments and let me know?</p>

Collapse -

Get the basics of a secure VPN

by akash In reply to Get the basics of a secur ...

<p>Hi..</p>
<p>I woululd realy be intested in a tutrial on how to get one started. Iam a small business in South Africa and the creation of a VPN using existing providers is extremely expensive. With the security precaustions mention I'm sure the value of such a too to many small buiness locally (in SA) will be tremndous.</p>
<p>Akash</p>

Collapse -

Get the basics of a secure VPN

I have enjoyed reading this article.  It was straightforward and to the point.  I am interested in learning VPN but have been too intimidated by some of the other articles I have read.  Can someone suggest an article or tutorial on setting up a VPN and troubleshooting one that is easy reading like this article?

Collapse -

Get the basics of a secure VPN

by Oprig_HR In reply to Get the basics of a secur ...

For those looking for open source vpn, I recommend openvpn: http://openvpn.net<br />
<br />
Very easy to setup and a nice Windows installer for clients.<br />

Collapse -

Get the basics of a secure VPN

by LukCAD In reply to Get the basics of a secur ...

<p>Hi!</p>
<p>I just started use it. It is so simple, really. I wonder myself, your article is in time.</p>
<p>Sincerely, LukCAD</p>

Collapse -

Get the basics of a secure VPN

by Blinkr In reply to Get the basics of a secur ...

I, also, would be interested in a tutorial.<br />
<br />
If possible, I would like to see someone create a good tutorial on
subnetting. I have alot of them by googling, but they still leave some
holes that need to be cleared up.<br />
<br />
Just my $.000000000000000002 worth!!!<br />

Collapse -

Get the basics of a secure VPN

by jamilkeg In reply to Get the basics of a secur ...

Thanks, yours was a concise yet interesting article. However, a (brief)
comparison between PPTP and IPSec would have helped more.<br />
<br />
Hopefully you will consider writing the tutorial on <font><font class="qdesc">OpenBSD
network gateway with
VPN and PPTP (and maybe IPSec?), as I am much more familiar with Linux
(perhaps it would also be a good variant of your article?)</font></font><br />
<br />
jamg<br />

Collapse -

Get the basics of a secure VPN

by gario In reply to Get the basics of a secur ...

<p>Blinkr.............</p>
<p>I think I may have just the presentation on Subnetting.......................</p>

Collapse -

Get the basics of a secure VPN

by jhoffman In reply to Get the basics of a secur ...

I am a network admin for a small company that provides computer and
network support to approx. 200 customers and i have found that it is
deffinatley the case that more and more companies want Remotely
accessible networks.  I have tried a number of different solutions
all with their own pros and cons, and I would be very interested in a
tutorial on using OpenBSD as a VPN solution.  

Related Discussions

Related Forums