A firewall provides a strong barrier between your private network and the Internet . You can set firewalls to restrict the number of open ports , what type of packets are passed through and which protocols are allowed through . You should already have a good firewall in place before you implement a VPN , but a firewall can also be used to terminate the VPN sessions .

Fig2: A fire wall consisting of two packet filters and an application gateway

3.IPSec -

Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better encryption algorithms and more comprehensive authentication . IPSec has two encryption modes : tunnel and transport . Tunnel encrypts the header and the payload of each packet while transport only encrypts the payload. Only systems that are IPSec compliant can take advantage of this Protocol . Also , all devices must use a common key and the firewalls of each network must have very similar security policies set up. IPSec can encrypt data between various devices , such as :

Router to router

Firewall to router

PC to router

PC to server

A software firewall can be installed on the computer in your home that has an Internet connection . This computer is considered a gateway because it provides the only point of access between your home network and the Internet .

4. AAA Server - AAA (authentication , authorization and accounting)

servers are used for more secure access in a remote-access VPN environment . When a request to establish a session comes in from a dial up client , the Request is proxies to the AAA server . AAA then checks the following :

Who you are (authentication)

What you are allowed to do (authorization)

What you actually do (accounting) The accounting information is especially useful for tracking client. Use for security auditing , billing or reporting purposes .

REFRERNCES

--

1.The New Lexicon Webster's Encyclopedic Dictionary of the English Language. New York: Lexicon.

1.Cryptography And Network Security -- William Stallings

2.R.T. Morris, 1985. A Weakness in the 4.2BSD Unix TCP/IP Software. Computing & Science Technical Report No. 117, AT&T Bell

Laboratories, Murray Hill, New Jersey . 3.COMPUTER NETWORKS ---ANDREW S. TENAUNBAUM

4.S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.