WRVS4400N User Guide

10

Why do I need a VPN?

Planning Your Virtual Private Network (VPN)

Planning Your Virtual Private Network

(VPN)

Why do I need a VPN?

Computer networking provides a flexibility not available when using an archaic, paper-based

system. With this flexibility, however, comes an increased risk in security. This is why firewalls

were first introduced. Firewalls help to protect data inside of a local network. But what do you

do once information is sent outside of your local network, when e-mails are sent to their

destination, or when you have to connect to your company's network when you are out on the

road? How is your data protected?

That is when a VPN can help. VPNs are called Virtual Private Networks because they secure data

moving outside of your network as if it were still within that network.

When data is sent out across the Internet from your computer, it is always open to attacks. You

may already have a firewall, which will help protect data moving around or held within your

network from being corrupted or intercepted by entities outside of your network, but once

data moves outside of your network—when you send data to someone via e-mail or

communicate with an individual over the Internet—the firewall will no longer protect that

data.

At this point, your data becomes open to hackers using a variety of methods to steal not only

the data you are transmitting but also your network login and security data. Some of the most

common methods are as follows:

1) MAC Address Spoofing

Packets transmitted over a network, either your local network or the Internet, are preceded by a

packet header. These packet headers contain both the source and destination information for

that packet to transmit efficiently. A hacker can use this information to spoof (or fake) a MAC

address allowed on the network. With this spoofed MAC address, the hacker can also intercept

information meant for another user.

2) Data Sniffing

Data “sniffing” is a method used by hackers to obtain network data as it travels through

unsecured networks, such as the Internet. Tools for just this kind of activity, such as protocol

analyzers and network diagnostic tools, are often built into operating systems and allow the

data to be viewed in clear text.

3) Man in the middle attacks

Once the hacker has either sniffed or spoofed enough information, he can now perform a “man

in the middle” attack. This attack is performed, when data is being transmitted from one

network to another, by rerouting the data to a new destination. Even though the data is not

received by its intended recipient, it appears that way to the person sending the data.

These are only a few of the methods hackers use and they are always developing more. Without

the security of your VPN, your data is constantly open to such attacks as it travels over the

Downloaded from

www.Manualslib.com

manuals search engine

WRVS4400N User Guide

11

What is a VPN?

Planning Your Virtual Private Network (VPN)

Internet. Data travelling over the Internet will often pass through many different servers around

the world before reaching its final destination. That's a long way to go for unsecured data and

this is when a VPN serves its purpose.

What is a VPN?

A VPN, or Virtual Private Network, is a connection between two endpoints—a VPN Router, for

instance—in different networks that allows private data to be sent securely over a shared or

public network, such as the Internet. This establishes a private network that can send data

securely between these two locations or networks.

This is done by creating a “tunnel”. A VPN tunnel connects the two PCs or networks and allows

data to be transmitted over the Internet as if it were still within those networks. Not a literal

tunnel, it is a connection secured by encrypting the data sent between the two networks.

There are two popular ways to establish a secured tunnel over the Internet — IPsec (IP Security)

and SSL (Secure Sockets Layer). IPsec runs on top of the IP layer and SSL runs over HTTP

sessions. IPsec provides better data throughput and SSL offers ease of use without the need of

VPN client applications. The Wireless-N Gigabit Security Router supports IPsec VPN for

maximum throughput on data security.

VPN was created as a cost-effective alternative to using a private, dedicated, leased line for a

private network. Using industry standard encryption and authentication techniques—IPsec,

short for IP Security—the VPN creates a secure connection that, in effect, operates as if you

were directly connected to your local network. Virtual Private Networking can be used to create

secure networks linking a central office with branch offices, telecommuters, and/or

professionals on the road (travelers can connect to a VPN Router using any computer with the

Linksys VPN client software.)

There are two basic ways to create a VPN connection:

•

VPN Router to VPN Router

•

Computer (using the Linksys VPN client software) to VPN Router

The VPN Router creates a “tunnel” or channel between two endpoints, so that data

transmissions between them are secure. A computer with the Linksys VPN client software can

be one of the two endpoints (refer to “Appendix C: Using the Linksys QuickVPN Software for

Windows 2000 or XP”). If you choose not to run the VPN client software, any computer with the

built-in IPsec Security Manager (Microsoft 2000 and XP) allows the VPN Router to create a VPN

tunnel using IPsec (refer to “Appendix C: Configuring IPsec between a Windows 2000 or XP PC

and the Router”). Other versions of Microsoft operating systems require additional, third-party

VPN client software applications that support IPsec to be installed.

NOTE:

You must have at least one VPN Router on one end

of the VPN tunnel. At the other end of the VPN tunnel, you

must have a second VPN Router or a computer with the

Linksys VPN client

Downloaded from

www.Manualslib.com

manuals search engine

WRVS4400N User Guide

12

What is a VPN?

Planning Your Virtual Private Network (VPN)

VPN Router to VPN Router

An example of a VPN Router-to-VPN Router VPN would be as follows. At home, a telecommuter

uses his VPN Router for his always-on Internet connection. His router is configured with his

office's VPN settings. When he connects to his office's router, the two routers create a VPN

tunnel, encrypting and decrypting data. As VPNs utilize the Internet, distance is not a factor.

Using the VPN, the telecommuter now has a secure connection to the central office's network,

as if he were physically connected. For more information, refer to “Appendix C: Configuring a

Gateway-to-Gateway IPsec Tunnel.”

VPN Router to VPN Router

Computer (using the Linksys VPN client software) to VPN Router

The following is an example of a computer-to-VPN Router VPN. In her hotel room, a traveling

businesswoman dials up her ISP. Her notebook computer has the Linksys VPN client software,

which is configured with her office's IP address. She accesses the Linksys VPN client software

and connects to the VPN Router at the central office. As VPNs utilize the Internet, distance is not

a factor. Using the VPN, the businesswoman now has a secure connection to the central office's

network, as if she were physically connected.

VPN Router to VPN Computer

For additional information and instructions about creating your own VPN, please visit Linksys’s

website at www.linksys.com. You can also refer to “Appendix B: Using the Linksys QuickVPN

Software for Windows 2000 or XP” and “Appendix C: Configuring a Gateway-to-Gateway IPsec

Tunnel.”

Downloaded from

www.Manualslib.com

manuals search engine

WRVS4400N User Guide

13

The Front Panel

Getting to Know the Router

Getting to Know the Router

The Front Panel

The Router’s LEDs are located on the front panel of the Router.

Front of Router

Status LED/Color

Description

Power/

Green

The POWER LED lights up when the Router is powered on.

The LED flashes when the Router runs a diagnostic test.

Diag/

Red

The DIAG LED lights up when the system is not ready. The

LED light goes off when the system is ready. The Diag LED

blinks during Firmware upgrades.

IPS/

Green/Red

The IPS LED lights up when the IPS function is enabled. The

LED light is off when the IPS functions are disabled. The IPS

LED flashes green when an external attack is detected. The

IPS LED flashes red when an internal attack is detected.

Wireless/

Green

The WIRELESS LED lights up when the wireless module is

enabled. The LED is off when the wireless module is disabled.

The WIRELESS LED flashes green when the data is

transmitting or receiving on the wireless module.

Downloaded from

www.Manualslib.com

manuals search engine

WRVS4400N User Guide

14

The Front Panel

Getting to Know the Router

1-4 (ETHERNET)/

Green

For each port, there are three LEDs. If the corresponding LED

is continuously lit, the Router is connected to a device at the

speed indicated through the corresponding port (1, 2, 3, or

4). The LED flashes when the Router is actively sending or

receiving data.

INTERNET/

Green

The INTERNET LED lights up the appropriate LED depending

upon the speed of the device that is attached to the Internet

port. If the Router is connected to a cable or DSL modem,

typically the 10 LED will be the only LED lit up (i.e. 10Mbps).

The LED Flashes during activity.

Status LED/Color

Description

Downloaded from

www.Manualslib.com

manuals search engine