Methodologies for Compromising VPNs
In this section we vicariously take on the role of the people we are trying to thwart: those who want to inspect, intercept, and interfere with the transmission of your data.
Basic Firewalling
Services that you will likely offer to the Internet include mail (such as the POP, SMTP, and IMAP protocols), World Wide Web (HTTP and HTTPS protocols), and a host of other things including DNS, FTP, video or audio streaming, and network time. Our discussion of services plays directly into the first section, where we begin to explore one of the introductory yet powerful ways for protecting data (firewalls).
Although they are not tangible like data files that contain customer credit card numbers, services that you choose to offer your customers on the Internet play a huge role in defining the form the firewall takes and what types of data you think will assist the customer. Before even embarking on the creation of the firewall, you need to develop an overall data strategy. What do customers have access to? What do normal employees have access to? What can advanced security folks see and do? Once you have spent some time in detailing the blueprint for your network, you can begin to create the doors and windows that permit visitors.
Some popular services are sometimes dangerous to run, and come with security dilemmas that we can never seem to shake, but are so important that we would argue against removing them. The application that receives the most attention ...
Get Virtual Private Networks, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.