111 lines
8.2 KiB
HTML
111 lines
8.2 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Virtual Private Networks (VPN) for secure private communications" />
|
||
|
<meta name="abstract" content="You can use a Virtual Private Network (VPN) to communicate privately and securely within your organization." />
|
||
|
<meta name="description" content="You can use a Virtual Private Network (VPN) to communicate privately and securely within your organization." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzaj45zhcryptointro.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzaj45zhcryptointro.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzaja/rzajagetstart.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzaj45zxaddingvpn" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Virtual Private Networks (VPN) for secure private communications</title>
|
||
|
</head>
|
||
|
<body id="rzaj45zxaddingvpn"><a name="rzaj45zxaddingvpn"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Virtual Private Networks (VPN) for secure private communications</h1>
|
||
|
<div><p>You can use a Virtual Private Network (VPN) to communicate privately
|
||
|
and securely within your organization.</p>
|
||
|
<p><img src="./delta.gif" alt="Start of change" />With the rise in the use of virtual private networks (VPN) and
|
||
|
the security they provide, JKL Toy company is exploring options to transmit
|
||
|
data over the Internet. They have recently acquired another small toy manufacturing
|
||
|
company that they intend to operate as a subsidiary of themselves. JKL will
|
||
|
need to pass information between the two companies. Both companies use iSeries™ servers
|
||
|
and using a VPN connection can provide the security that they need to communicate
|
||
|
between the two networks. Creating a VPN is more cost-effective than using
|
||
|
traditional nonswitched lines.<img src="./deltaend.gif" alt="End of change" /></p>
|
||
|
<p>Using VPN connections you can control and secure connections with branch
|
||
|
offices, mobile employees, suppliers, business partners, and others.</p>
|
||
|
<p><img src="./delta.gif" alt="Start of change" />These are some of the users who can benefit from using VPNs
|
||
|
for connectivity:<img src="./deltaend.gif" alt="End of change" /></p>
|
||
|
<ul><li>Remote and mobile users.</li>
|
||
|
<li>Home office to the branch office or other off-site locations.</li>
|
||
|
<li>Business-to-business communications.</li>
|
||
|
</ul>
|
||
|
<p><img src="./delta.gif" alt="Start of change" />Security risks occur if you do not limit user access to sensitive
|
||
|
systems. Without limiting who can access a system, you may increase the chances
|
||
|
that company information is not kept confidential. You need a plan that will
|
||
|
allow only those who need to share information about a system to access that
|
||
|
system. A VPN allows you to control network traffic while providing important
|
||
|
security features such as authentication and data privacy. Creating multiple
|
||
|
VPN connections allows you to control who can access which systems for each
|
||
|
connection. For example, Accounting and Human Resources may link through their
|
||
|
own VPN.<img src="./deltaend.gif" alt="End of change" /></p>
|
||
|
<p><img src="./delta.gif" alt="Start of change" />When you allow users to connect to system over the Internet,
|
||
|
you may be sending sensitive corporate data across public networks, which
|
||
|
can expose this data to attack. One option for protecting transmitted data
|
||
|
is to use encryption and authentication methods for ensuring privacy and security
|
||
|
from outsiders. VPN connections provide a solution for a specific security
|
||
|
need: securing communications between systems. VPN connections provide protection
|
||
|
for data that flows between the two endpoints of the connection. Additionally,
|
||
|
you can use Packet rules security to define what IP packets are allowed across
|
||
|
the VPN.<img src="./deltaend.gif" alt="End of change" /></p>
|
||
|
<p><img src="./delta.gif" alt="Start of change" />You can use VPN to create secure connections to protect traffic
|
||
|
that flows between controlled and trusted endpoints. However, you still must
|
||
|
be wary about how much access you provide to your VPN partners. A VPN connection
|
||
|
can encrypt data while it travels over public networks. But, depending on
|
||
|
how you configure it, data flowing across the internet may not be transported
|
||
|
through a VPN connection. In such a case, the data would not be encrypted
|
||
|
as it flows across the internal networks that communicate through
|
||
|
the connection. Consequently, you should carefully plan how to set up each
|
||
|
VPN connection. Ensure that you give your VPN partner access to only those
|
||
|
hosts or resources on your internal network that you want them to access.<img src="./deltaend.gif" alt="End of change" /></p>
|
||
|
<p>For instance, you may have a vendor that needs to obtain information about
|
||
|
what parts you have in stock. You have this information in a database that
|
||
|
you use to update web pages on your intranet. You would like to allow this
|
||
|
vendor to access these pages directly through a VPN connection. But you do
|
||
|
not want the vendor to be able to access other system resources, such as the
|
||
|
database itself. Fortunately, you can configure your VPN connection such that
|
||
|
traffic between both endpoints is restricted to port 80. Port 80 is the default
|
||
|
port that HTTP traffic uses. Consequently, your vendor can send and receive
|
||
|
HTTP requests and responses over the connection only.</p>
|
||
|
<p>Because you can restrict the type of traffic that flows across the VPN
|
||
|
connection, the connection provides a measure of network level security.
|
||
|
However, VPN does not work in the same manner that a firewall does to regulate
|
||
|
traffic into and out of your system. Also, a VPN connection is not the only
|
||
|
means available to secure communications between your iSeries and other systems. Depending
|
||
|
on your security needs, you may find that using SSL is a better fit.</p>
|
||
|
<p>Whether a VPN connection provides the security that you need depends on
|
||
|
what you want to protect. Also, it depends on the trade-offs that you are
|
||
|
willing to make to provide that security. As with any decision that you make
|
||
|
about security, you should consider how a VPN connection supports your security
|
||
|
policy.</p>
|
||
|
<p></p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaj45zhcryptointro.htm" title="Use this information to learn about the security measures that you can use to protect your data as it flows across an untrusted network, such as the Internet. Learn more about security measures for using the Secure Sockets Layer (SSL), iSeries Access Express, and Virtual Private Network (VPN) connections.">Transmission security options</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzaj45zhcryptointro.htm" title="Use this information to learn about the security measures that you can use to protect your data as it flows across an untrusted network, such as the Internet. Learn more about security measures for using the Secure Sockets Layer (SSL), iSeries Access Express, and Virtual Private Network (VPN) connections.">Transmission security options</a></div>
|
||
|
<div><a href="../rzaja/rzajagetstart.htm">Virtual private networks (VPN)</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|