Characteristics of Internet VPN technology

Source: Internet
Author: User
Keywords VPN
Tags access aliyun application application layer application server authentication block client

As the architecture in the application layer of Internet VPN, the system effectively shielded the VPN server network structure, but also shielded the common http://www.aliyun.com/zixun/aggregation/10370.html "> network attack means, The system accesses the credit network according to the authorization and authentication. More importantly, in the system client, you can specify a specific application to initiate the connection, connect to the server, complete the application of the agent process, according to this control, the system can prevent the virus program from the VPN tunnel to the VPN server, effectively protect the server data resources virus threat.

Because Internet VPN is getting through the lower network, once invaded, the entire network will be exposed, and after the tunnel is built, the remote PC is as physically running on the corporate LAN as it is, opening the door to access to all resources for remote visitors and exposing the entire network to security risks for the corporate network. So it is very easy to be the target of hacker attack. And once the client is exploited by hackers, they will access the enterprise's internal system via VPN. This kind of hacker behavior is more and more common, and the consequence is more and more serious.

For example, if an employee accesses an enterprise resource from a home computer through a corporate VPN, before and after he creates a tunnel, because his personal home computer is generally short of security precautions and has a low level of security, if the hacker invades the unprotected PC, he has access to the company's local area network through Internet VPN tunnels. , and this access computer once poisoned also very easy through the VPN in the entire intranet transmission.

As a VPN for the schema at the session level, in the VPN server, the system effectively shielded the network structure, also shielding the common network attack means, such as Ping, UDP, ICMP packets, etc., the system according to the authorization and authentication access to the credit network; On a VPN client, you can specify a specific application to initiate the connection, Connect to the VPN server, to complete the application of the agent process, according to this control, not only can realize the fine access control function, it is important to prevent the virus and hacker programs can not be transmitted through the VPN tunnel to the VPN server, effectively protect the server-side data resources by the security measures weak remote end of the threat.

Internet VPN requires that a remote user must properly use client software or access devices, restrict access to specific access devices, client programs, user authentication mechanisms and predefined security relationships, and not allow access from the public Internet, thereby providing a higher level of security. At the same time provide no user any interference can automatically the client machine hardware information as a user authentication mechanism, the perfect implementation of easy-to-use, economical and safe solution. Internet VPN, because there is no client at all, allows internet VPNs to allow users to access the corporate network with insecure computers that are vulnerable to keystroke logging software and Trojan horses that pose a threat to the corporate network. Internet VPN clients pose a risk to the corporate network when users initiate access on the Internet. To avoid this flaw, peripherals such as hardware key must be enabled to do the auxiliary authentication tool, which increases its overall cost of purchase and also weakens the convenience features of internet VPNs.

In addition, the proxy mechanism of Internet VPN realizes the logical isolation between the application server and the Internet. In a device that supports multiple VLANs of ports, the application server needs only to communicate with one of the VLAN's, and the application server does not have to have a network connection with any other third party.
Article transferred from Wilton: www.wholeton.com.cn

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.