拨号和虚拟专用专用设置

虚拟专用网 (Virtual Private Network)

A Virtual Private Network or VPN is a private telecommunications network was established between subjects using a system of public broadcasting and shared such as the Internet. The purpose of VPN is to give companies the same opportunity to rent private lines at a lower cost by using shared public networks.

虚拟专用网络或VPN是使用公共广播和共享系统(例如Internet)在对象之间建立的专用电信网络。 VPN的目的是为公司提供通过共享公共网络以较低成本租用专线的相同机会。

VPN功能 (VPN Features)

The networks use VPN connections that require authentication to ensure that only authorized users can access, to ensure the security data sent across the Internet will not be intercepted or used by others not authorized, they use encryption.

网络使用需要身份验证的VPN连接，以确保只有授权用户才能访问，以确保通过Internet发送的安全数据不会被未经授权的其他人截取或使用，它们使用加密。

VPNs secure protocols shall therefore ensure that encrypt the traffic transiting the VPN. In addition to encryption, a secure VPN to provide its protocols of the mechanisms that prevent security breaches such as identity theft or alteration of digital messages.

因此，VPN安全协议应确保对通过VPN的流量进行加密。 除加密外，安全VPN还提供其机制的协议，以防止安全漏洞，例如身份盗用或数字消息的更改。

The term VPN is a generic term and not a brand. In particular, there is no body that regulates the designation of a product as a VPN, so that individual producers can use at will.

术语VPN是通用术语，而不是品牌。 特别是，没有任何机构来规范将产品指定为VPN，以便各个生产者可以随意使用。

However, there are several independent bodies, widely recognized certifying interoperability and security of computer systems, such as ICSA Labs. A device or software, that includes the trademark of ICSA Labs IPSec VPN, has certainly undergone a series of objective tests and replicable, which ensures compatibility with all other implementations certified and an adequate level of security. It is now generally accepted that a properly designed VPN has a degree of security comparable to that of a dedicated network. Using a VPN, using an Internet connection, for example, is able to connect to the private network from outside your office.

但是，有几个独立的机构，例如ICSA Labs，被公认为计算机系统的互操作性和安全性。 带有ICSA Labs IPSec VPN商标的设备或软件当然已经经过一系列客观测试和可复制性，以确保与经认证的所有其他实现方式的兼容性以及足够的安全性。 现在，人们普遍认为，经过适当设计的VPN具有与专用网络相当的安全性。 使用VPN(例如，使用Internet连接)可以从办公室外部连接到专用网络。

Generally, a VPN consists of two parts: one inside the network, and therefore protected, which preserves the transmission, and a less reliable and secure which is outside the private network, such as via the Internet. The VPN is usually a firewall between the computer of the employee or a customer and the terminal or network server. The employee, for example, when establishing the connection with the firewall, it must authenticate the data that wants to transmit, via an authentication service inside.

通常，VPN由两部分组成：一部分在网络内部，因此受到保护(保留了传输)，而可靠性和安全性较差(例如通过Internet)在专用网络外部，可靠性较低。 VPN通常是员工或客户的计算机与终端或网络服务器之间的防火墙。 例如，员工在与防火墙建立连接时，必须通过内部的身份验证服务对要传输的数据进行身份验证。

An authenticated user may be provided with special privileges to access resources that are generally not accessible to all users. Most programs require that all the client’s IP VPN traffic will pass through a “tunnel” between the virtual networks using the Internet as a means of connection. From the point of view this means that while the VPN connection is active, all access outside the secure network must pass through the same firewall as if the user were physically connected within the secure network. This reduces the risk that external users can access the private network of the company.

可以向已认证的用户提供特殊特权，以访问通常不是所有用户都可以访问的资源。 大多数程序都要求所有客户端的IP VPN通信都将使用Internet作为连接手段，通过虚拟网络之间的“隧道”。 从角度来看，这意味着在VPN连接处于活动状态时，安全网络外部的所有访问都必须通过相同的防火墙，就好像用户已物理连接到安全网络中一样。 这降低了外部用户可以访问公司专用网络的风险。

The security of the VPN connection is crucial, because the network on which the other computers are working may not be secure, or only partially. The VPN must guarantee a level of security that protects the computers of employees who are working simultaneously on the same network, among which one could be infected with a virus, worm or Trojan.

VPN连接的安全性至关重要，因为其他计算机正在使用的网络可能不安全，或仅部分安全。 VPN必须保证一定的安全级别，以保护在同一网络上同时工作的员工的计算机，其中可能感染了病毒，蠕虫或特洛伊木马。

VPN类型 (Types of VPN)

• TRUSTED VPN受信任的VPN
• SECURE VPN安全VPN
• HYBRID VPN混合VPN

受信任的VPN (Trusted VPN)

Ensuring that the network is trusted VPN provides security that no unauthorized third party may use the circuit of the customer. This implies that the customer has its own IP address and its own security policy.

确保网络是受信任的VPN提供的安全性是未经授权的第三方不得使用客户的电路。 这意味着客户拥有自己的IP地址和自己的安全策略。

The circuit travels through one or more “switches” of communication that can be compromised by those who want to disrupt network traffic. The customer of a VPN is therefore expected that the provider (ISP) maintains the integrity of the VPN circuit to prevent intruders.

电路经过一个或多个通信“开关”，这些开关可能会受到那些希望破坏网络流量的人的破坏。 因此，VPN的客户应该期望提供商(ISP)保持VPN电路的完整性以防止入侵者。

Companies that use a Trusted VPN want to be sure that their data moves through a series of routes that have specific properties and which are controlled by an ISP (Internet Service Provider). The customer then has confidence that the paths through which these data are kept safe move according to the criteria of a previous agreement, although generally the customer does not know what are the paths used by the provider of Trusted VPN.

使用Trusted VPN的公司希望确保其数据通过一系列具有特定属性并由ISP(互联网服务提供商)控制的路由。 然后，客户有信心确保这些数据安全通过的路径根据先前协议的标准移动，尽管通常客户不知道Trusted VPN提供商使用的路径是什么。

可信VPN要求 (Trusted VPN Requirements)

No one outside of the provider of Trusted VPN can affect the creation or modification of the VPN route. No one outside of the trust can change any part of the VPN. No one outside of the provider of Trusted VPN can modify the data input or those removed from the path of the VPN.

Trusted VPN提供商之外的任何人都不会影响VPN路由的创建或修改。 信任之外的任何人都不能更改VPN的任何部分。 Trusted VPN提供商之外的任何人都不能修改数据输入或从VPN路径中删除的数据。

The data traveling in different pathways that are shared by multiple customers of the supplier, the path must be specified by the VPN and no one except the trusted provider can edit the various data. The location and the address used in a trusted VPN must be established before the VPN is created.

由供应商的多个客户共享的，以不同路径传播的数据，该路径必须由VPN指定，并且除了受信任的提供者之外，没有人可以编辑各种数据。 在创建VPN之前，必须先建立可信VPN中使用的位置和地址。

The customer must know what they expect from the supplier, so that both can plan and create the network for which they are collaborating.

客户必须知道他们对供应商的期望，以便双方都能计划并创建他们正在合作的网络。

Trusted VPN使用的技术 (Technologies used by the Trusted VPN)

The technologies used are divided into Layer 2 and Layer 3;

所使用的技术分为第二层和第三层。

第2层 (Layer 2)

• Circuits ATM (Asynchronous Transfer Mode)电路ATM(异步传输模式)
• Transmission circuits传输电路
• Layer 2 transport over MPLSMPLS上的第2层传输

第三层 (Layer 3)

• MPLS with limited distribution information of the route through BGP (Border Gateway Protocol).具有通过BGP(边界网关协议)的路由的有限分发信息的MPLS。

Continued…

继续…

翻译自: https://www.eukhost.com/blog/webhosting/virtual-private-network-part-1/

拨号和虚拟专用专用设置