Appendix E: Maximizing Vpn Security - Cisco Linksys BEFVP41 v2 User Manual

EtherFast Cable/DSL VPN Router with 4-Port 10/100 Switch

Appendix E: Maximizing VPN Security

Just as you maximized your network security with a firewall router, you should also maximize security for your
data with the VPN Router.
IPSec is compatible with most VPN endpoints and ensures privacy and authentication for data, while
authenticating user identification. With IPSec, authentication is based upon the PC's IP Address. This not only
confirms the user's identity but also establishes the secure tunnel at the network layer, protecting all data that
passes through.
By operating at the network layer, IPSec is independent of any applications running on the network. This way, it
doesn't harm your PC's performance and still allows you to do more with greater security. Still, it is important to
note that IPSec encryption does create a slight slowdown in network throughput, due to encrypting and
decrypting data.
Some VPNs will still leave the IP headers decrypted. These headers contain the IP Addresses for the users at both
ends of the VPN tunnel and can be utilized by the hacker in future attacks. The VPN Router, however, does not
leave the IP headers decrypted. Using a method called PFS (Perfect Forward Secrecy), not only are the IP headers
encrypted but the secret keys used to secure the tunnel are encrypted as well.
All of this protection actually comes at a lower cost than most VPN endpoint software packages. The VPN Router
will allow the users on your network to secure their data over the Internet without having to purchase the extra
client licenses that other VPN hardware manufacturers and software packages will require. With VPN functions
handled by the router, rather than your PC (which software packages would require), this frees up your PCs to
perform more functions, more efficiently. An additional benefit is that you aren't required to reconfigure any of
your network PCs.
As secure as the VPN Router makes your data, there are still more ways to maximize security. The following are a
few suggestions on how to increase data security beyond the VPN Router.
1. Maximize security on your other networks. Install firewall routers for your Internet connections, and use the
most up-to-date security measures for wireless networking.
2. Narrow the scope of your VPN tunnel as much as possible. Rather than allowing a range of IP Addresses, use
the addresses specific to the endpoints required.
3. Do not set the Remote Security Group to Any, as this will open the VPN to any IP Address. Host a specific IP
address.
Appendix E: Maximizing VPN Security
throughput: the amount of data moved successfully
from one node to another in a given time period
63