Chapter 26. Using a VPN

One problem frequently faced on the Internet at large is encryption. Many common protocols, such as Telnet and FTP, were not designed with data security in mind; they send data, often including usernames and passwords, in an unencrypted form. Such practices are sometimes tolerable on a local network, where you can control access to the network hardware, but they're very risky on the Internet at large, where your data may pass through a dozen or more routers between client and server.

WARNING

Don't assume that data on your local network is safe. A cracker controlling a compromised computer or a disgruntled local user can wreak considerable havoc using local network access. Using encrypted protocols locally may be justified. The Kerberos suite (described in Chapter 6, Authenticating Users via Kerberos) can be a useful local security tool.

Users sometimes want to use local network resources from a distance ”for instance, from home or when traveling. One approach to allowing such access without imposing too great a security risk is to implement a Virtual Private Network (VPN). This is a way of giving remote users access to local network resources as if they were themselves local. VPNs set up virtual network interfaces in both a VPN server and a VPN client system used by the remote user, and link those interfaces across the Internet in an encrypted fashion. VPNs can be used to link individual computers or entire remote networks to a local network. This chapter describes the basics of VPN configuration and use, including two common VPN protocols, PPTP and FreeS/WAN.