外文翻译--当代移动世界的新型VPN

admin管理员组

文章数量:1534214

2024年3月22日发(作者：)

附录

一、英文原文

A New Virtual Prevate Network for Today's Mobile

World

Karen Heyman

Virtual private networks were a critical technology for turning the Internet into an

important business tool. Today’s VPNs establish secure connections between a

remote user and a corporate or other network via the encryption of packets sent

through the Internet, rather than an expensive private network. However, they

traditionally have linked only a relatively few nodes that a company’s IT department

controls and congures. This is not adequate for the many organizations that now must

let managers, employees, partners, suppliers, consultants, ecommerce customers, and

others access networks from their own PCs, laptops, publicly available computers like

those at airport kiosks, and even mobile devices, many not controlled by the

organization. VPNs based on Internet Protocol security (IPsec) technology were not

designed for and are not well-suited for such uses. Instead of restricting remote users

who should not have access to many parts of a company¡ network, explained Graham

Titterington, principal analyst with market-research firm Ovum, IPsec [generally]

connects users into a network and gives the same sort of access they would have if

they were physically on the LAN.¡± Organizations are thus increasingly adopting

VPNs based on Secure Sockets Layer technology from vendors such as Aventail,

Cisco Systems, F5 Networks, Juniper Networks, and Nortel Networks. SSL VPNs

enable relatively easy deployment, added Chris Silva, an analyst at Forrester Research,

a market-researchrm. A company can install the VPN at its head quarters and push

any necessary software to users, who then access the network via their browsers, he

explained. Organizations thus do not have to manage, update, or buy licenses for

multiple clients, yielding lower costs, less maintenance and support, and greater

simplicity than IPsec VPNs,Silva said. From a remote-access perspective, IPsec is

turning into a legacy technology,¡± said Rich Campagna, Juniper¡ SSL VPN product

manager Nonetheless, IPsec VPNs are still preferable for some uses, such as linking a

remote, company-controlled node, perhaps in a branch ofce, with the corporate

network. Both VPN flavors are likely to continue to ourish, with the choice Published

by the IEEE Computer Society

An early attempt to create a VPN over the Internet used multiprotocol label

switching, which adds labels to packets to designate their network path. In essence, all

packets in a data set travel through designated tunnels to their destinations. However,

MPLS VPNs don't encrypt data. IPsec and SSL VPNs, on the other hand, use

encrypted packets with cryptographic keys exchanged between sender and receiver

over the public Internet. Once encrypted, the data can take any route over the Internet

to reach it's nal destination. There is no dedicated pathway. US Defense Department

contractors began using this technique as far back as the late 1980s, according to Paul

Hoffman, director of the VPN Consortium ().

Introducing IPsec

Vendors initially used proprietary and other forms of encryption with their VPNs.

However, to establish a standard way to create interoperable VPNs, many vendors

moved to IPsec, which the Internet Engineering Task Force (IETF) adopted in 1998.

With IPsec, a computer sends a request for data from a server through a gateway,

acting essentially as a router, at the edge of its network. The gateway encrypts the

data and sends it over the Internet. The receiving gateway queries the incoming

packets, authenticates the sender's identity and designated network-access level, and if

everything checks out, admits and decrypts the information. Both the transmitter and

receiver must support IPsec and share a public encryption key for authentication.

December 2007

17

Firewall Terminal services Decrypted traffic

File and media server

Internet SSL encrypted Remote user: traffic Business partner Kiosk user

Temporary staff Traveling staff Telecommuter

Desktop

SSL VPN: Authentication Authorization Decryption Integrity check

Web proxy Web server E-mail server

本文标签： 翻译移动外文世界