PPTP is an easy-to-implement solution, but it also provides the lowest level of security. If you are configuring a VPN connection into a sensitive network, you shouldn't use PPTP. It's an acceptable solution for home wireless implementations if you are using it to secure the connection between the wireless client and your network. However, WPA is much easier to implement devices come with PPTP servers built in and may be used for remote access to your private network.
L2TP is a more secure, and also more complex, protocol than PPTP. The most important thing to remember is when you use L2TP, you need to use IPSec in conjunction with it to provide encryption to the tunnel. L2TP establishes the tunnel, and IPSec policies dictate the encryption rules. In a Microsoft environment, L2TP and IPSec is much more difficult to configure than PPTP; however, if you require the security they provide, you need to master these configuration challenges.
SSH is a little different than the previous two, in that it is implemented within an application. The most popular and secure version of SSH is SSH2 (Secure Shell version 2), and it is often used to secure FTP and Telnet traffic. By default, FTP and Telnet send their authentication packets as clear text. On a wireless network without encryption, this is a huge problem. You can either enable encryption or use an SSH-compatible FTP or Telnet client and server.
Even on a wired network, it is dangerous to use standard FTP or Telnet as an administrator. Though it may be more difficult to intercept than it is on the wireless LAN, data can be intercepted on the wired network. The best practice is to use secure channels any time you perform administrative functions. Use SSH-compatible admin tools or create a VPN connection in which you perform the administrative functions.
The most common implementation of VPN technology, as it relates to wireless LANS, is in public hotspots. Public hotspots generally use unencrypted communications with wireless clients because it allows for simpler configuration. Imagine if users who wanted to connect to the hotspot had to configure WEP keys or WPA passphrases. They would be required to go to a service desk and acquire the needed information.
Then they would have to reconfigure their wireless client to use these settings. The complexity would keep many novice users from taking advantage of the hotspot and would reduce the benefits of providing the service in the first place.
Reality Overtakes Fiction: We Are Already at War, Albeit Electronic, But War All the Same An Explanation of CISPA for Small Businesses Protect Your Privacy With Reputation Management Top 5 Reasons to Check Website Security Why Ignoring IDS Could Lead to Substantial Damage for Businesses
0 comments:
Post a Comment