VPN, Port Mapping & Security
Introduction
Consider a client application, making a connection to a server application using TCP/IP
on a specific port.
- First : all data from the client to the server, and visa versa, is transmitted
over the line. If this line passes internet over a high speed connection, possible
data can be captured by hackers.
- Second : the application port on TCP/IP is possibly blocked by the internet provider or
by firewalls.
VPN avoids those problems :
- we gateway the server application to localhost
- we do port mapping on the client side and re-map the port to the application
defined port
- we do client IP access control filtering, both on the client side as on
the server side
- we do client hard-disk access control on the server side
- we do 4 levels of encryption on the packets itself
- we do customer defined encryption key implementation
Principles
Consider next virtual example :
- a server application – IP address 123.456.789.001 – accepts calls to port 1067.
- a client application sets up an IP connection to 123.456.789.001:1067
All data can be hacked on internet !
Now we install VPN :
- on the client machine
- on the server machine
We configure next rule – called port mapping -
- on the client machine : VPN accepts any call on port 1067,
verifies the caller authorization - and
if accepted -, routes this call to then virtual 123.456.789.001:1068 application
on the server machine :
- we block external calls to the real application, listening on port 1067,
using a firewall
- VPN accepts any call on port 1068,
verifies the caller authorization - and if
accepted -, routes this call to the real 123.456.789.001:1067 application
Conclusion : the client application sets up a call to localhost –
127.0.0.1 port 1067 – and establish a transparent connection to
123.456.789.001 port 1067. Exactly the same procedure as before, but now next
security rules apply:
- the call from the client application to localhost is
authorized on the client machine
the call from the client to the server is authorized on the server machine
communication between the client side running VPN and the server side running VPN
is well controlled
the encryption level
of any further communication between both VPN’s secures communication packets
against hacker attacks – 4 levels of encryption are implemented by default, even
user defined encryption is possible -
Done !
Information
