What makes the Internet ‘inherently insecure’?
The original purpose of the Internet (Arpanet as it was) was to enable computer systems at different locations around the world to communicate with each other. Routers could determine how to reach the remote destination via multiple intermediate networks or routers. This provided both cost saving and resilience. The cost saving was because it replaced costly point-to-point links and resilience because, in the event of one route failing, the desired destination could probably be reached via another route. The end result is that your data gets from Point-A to Point-Z, and it’s all automatic and fast so that you don’t need to worry that your data is actually travelling through points B,C,D,E,F,G etc. on the way.
When all Arpanet network members were owned by the American military, it was less of an issue that their data traffic might pass through other offices or networks as all offices were supposedly secure too. Since the evolution of the Internet, however, access is shared by millions of users and hundreds of thousands of ISPs, and your data could be passing through networks of anyone, and someone with sinister motives can capture, store and use that data.
The diagram on the right shows how the Internet works. Every device on the Internet, whether it’s your own PC or a huge web service like Google has an IP address. The intermediate networks pass your data to the next ‘hop’ on the way to your destination. If you follow the red or green lines, you can see that your data is passing through several other public routers, Network Switches, and therefore through the hands of many unknown networks, any of whom could monitor and store your data without you ever knowing.
Using Insecure Guest/Public Internet connections
For example, if you go to a coffee shop or hotel or any other place with public or guest Internet access, any computers using that same access have access to all of your sent and received data because they are on the same network. Any user can ‘sniff’ and capture your data, including emails and website data. Even if the network is using wireless encryption, anyone else can still see your data because they too know the encryption key. Some websites and mail servers will use encryption (e.g. TLS/HTTPS) which reduces the risk – your data is encrypted, though sniffers can still see which IP addresses you visit.
A common use of VPNs, therefore, is to provide security to all of your traffic when using these public Internet facilities. You can force all of your Internet data down the encrypted VPN tunnel and then make use of your HQ’s Internet connectivity for onward communication.
Creating a VPN
A VPN endpoint is considered to be the end of each tunnel where the data is encrypted/decrypted by your VPN device inside your private network. DrayTek routers can create VPN tunnels and endpoints at each site as required. The two remote networks must be within different private IP address ranges in order that the PCs and router at one site can determine that traffic is intended for the other site. For example, one network might be numbered in the IP subnet range 192.168.1.xxx and the other in 192.168.3.xxx.
Your VPN router is configured to know the network addresses of all remote networks and the VPN credentials (encryption keys, passwords, remote locations) so data can be passed through the right tunnel. There are several commonly used methods for encryption and encapsulation (tunnelling). The simplest is PPTP although that only has optional encryption, which isn’t considered very secure. VPN tunnels use passwords for login, or a pre-shared key which is a secret phrase or sequence of characters entered into the VPN device at each end. IPSec tunnelling, using AES encryption is the most common method of tunnelling and encryption used today. These are highly secure encryption methods, with AES in particular considered ‘military strength’.
Teleworker VPNs
For mobile users – a person using a single laptop or another device remotely, you do not need to have another Draytek VPN router to create a VPN tunnel into your office. You can use a software VPN client which is built into all modern operating systems.) to create a teleworker VPN connection.
A professionally designed Network solution can Secure Your Data Network, Video Conferencing, IP CCTV System and IP Telephone Systems from Intruders. It is very important to secure your Network communications with a professional IT Company in Dubai Because the most valuable asset of the business is its Data. Imagine if your competitors can hear your business communication and Read your business emails, then you are out of business in no time.