admin管理员组文章数量:1534214
2024年3月22日发(作者:)
附录
一、英文原文
A New Virtual Prevate Network for Today's Mobile
World
Karen Heyman
Virtual private networks were a critical technology for turning the Internet into an
important business tool. Today’s VPNs establish secure connections between a
remote user and a corporate or other network via the encryption of packets sent
through the Internet, rather than an expensive private network. However, they
traditionally have linked only a relatively few nodes that a company’s IT department
controls and congures. This is not adequate for the many organizations that now must
let managers, employees, partners, suppliers, consultants, ecommerce customers, and
others access networks from their own PCs, laptops, publicly available computers like
those at airport kiosks, and even mobile devices, many not controlled by the
organization. VPNs based on Internet Protocol security (IPsec) technology were not
designed for and are not well-suited for such uses. Instead of restricting remote users
who should not have access to many parts of a company¡ network, explained Graham
Titterington, principal analyst with market-research firm Ovum, IPsec [generally]
connects users into a network and gives the same sort of access they would have if
they were physically on the LAN.¡± Organizations are thus increasingly adopting
VPNs based on Secure Sockets Layer technology from vendors such as Aventail,
Cisco Systems, F5 Networks, Juniper Networks, and Nortel Networks. SSL VPNs
enable relatively easy deployment, added Chris Silva, an analyst at Forrester Research,
a market-researchrm. A company can install the VPN at its head quarters and push
any necessary software to users, who then access the network via their browsers, he
explained. Organizations thus do not have to manage, update, or buy licenses for
multiple clients, yielding lower costs, less maintenance and support, and greater
simplicity than IPsec VPNs,Silva said. From a remote-access perspective, IPsec is
turning into a legacy technology,¡± said Rich Campagna, Juniper¡ SSL VPN product
manager Nonetheless, IPsec VPNs are still preferable for some uses, such as linking a
remote, company-controlled node, perhaps in a branch ofce, with the corporate
network. Both VPN flavors are likely to continue to ourish, with the choice Published
by the IEEE Computer Society
An early attempt to create a VPN over the Internet used multiprotocol label
switching, which adds labels to packets to designate their network path. In essence, all
packets in a data set travel through designated tunnels to their destinations. However,
MPLS VPNs don't encrypt data. IPsec and SSL VPNs, on the other hand, use
encrypted packets with cryptographic keys exchanged between sender and receiver
over the public Internet. Once encrypted, the data can take any route over the Internet
to reach it's nal destination. There is no dedicated pathway. US Defense Department
contractors began using this technique as far back as the late 1980s, according to Paul
Hoffman, director of the VPN Consortium ().
Introducing IPsec
Vendors initially used proprietary and other forms of encryption with their VPNs.
However, to establish a standard way to create interoperable VPNs, many vendors
moved to IPsec, which the Internet Engineering Task Force (IETF) adopted in 1998.
With IPsec, a computer sends a request for data from a server through a gateway,
acting essentially as a router, at the edge of its network. The gateway encrypts the
data and sends it over the Internet. The receiving gateway queries the incoming
packets, authenticates the sender's identity and designated network-access level, and if
everything checks out, admits and decrypts the information. Both the transmitter and
receiver must support IPsec and share a public encryption key for authentication.
December 2007
17
Firewall Terminal services Decrypted traffic
File and media server
Internet SSL encrypted Remote user: traffic Business partner Kiosk user
Temporary staff Traveling staff Telecommuter
Desktop
SSL VPN: Authentication Authorization Decryption Integrity check
Web proxy Web server E-mail server
版权声明:本文标题:外文翻译--当代移动世界的新型VPN 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/xitong/1711054644a297366.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论