VPN vs Port Forwarding



Similar documents
8 Steps for Network Security Protection

8 Steps For Network Security Protection

Multi-Homing Dual WAN Firewall Router

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Firewall VPN Router. Quick Installation Guide M73-APO09-380

VPN Lesson 2: VPN Implementation. Summary

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Configuring Routers and Their Settings

Tank Gauges and Security on the Internet

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide Copyright 2015 Peplink

Enable VPN PPTP Server Function

Appendix C Network Planning for Dual WAN Ports

Connecting EWS using DDNS

NF3ADV VoIP Setup Guide (for TPG)

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

NF1Adv VOIP Setup Guide (for Pennytel)

Chapter 4 Firewall Protection and Content Filtering

Chapter 9 Monitoring System Performance

Skills Assessment Student Training Exam

Question How do I access the router s web-based setup page? Answer

Connecting to the Internet. LAN Hardware Requirements. Computer Requirements. LAN Configuration Requirements

F-SECURE MESSAGING SECURITY GATEWAY

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Chapter 6 Using Network Monitoring Tools

NF1Adv VOIP Setup Guide (for Generic VoIP Setup)

VPN PPTP Application. Installation Guide

Understand Wide Area Networks (WANs)

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Phone: Fax: Box: 230

Using a VPN with Niagara Systems. v0.3 6, July 2013

Document No. FO1001 Issue Date: Draft: Work Group: FibreOP Technical Team October 1, 2013 Final:

Custom Integration Solutions

BiPAC 7404V series. VoIP/(802.11g) ADSL2+ (VPN) Firewall Router. Quick Start Guide

Quick Installation Guide

Device Interface IP Address Subnet Mask Default Gateway

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Network Configuration Settings

Welcome to SoftLayer. Welcome. How to Get Started. Portal Overview. Support Guidelines. Technical Resources. First 48 Hours

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Optimum Business SIP Trunk Set-up Guide

Sweex Wireless BroadBand Router + 4 port switch + print server

Step 1: Checking Computer Network Settings:

Configuring Global Protect SSL VPN with a user-defined port

UIP1868P User Interface Guide

Using Innominate mguard over BGAN

Network Setup Guide. 1 Glossary. 2 Operation. 1.1 Static IP. 1.2 Point-to-Point Protocol over Ethernet (PPPoE)

Gigabit Multi-Homing VPN Security Router

WestermoConnect User Guide. VPNeFree Service

If you have questions or find errors in the guide, please, contact us under the following address:

Chapter 1 Configuring Basic Connectivity

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

1 PC to WX64 direction connection with crossover cable or hub/switch

Edgewater Routers User Guide

NF5 VOIP Setup Guide (for Generic)

V310 Support Note Version 1.0 November, 2011

Using Cisco UC320W with Windows Small Business Server

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

Wireless VPN White Paper. WIALAN Technologies, Inc.

Firmware Release Notes

Using a Wireless Bridge to Provide Remote Network Connectivity

Savvius Insight Initial Configuration

Using a Firewall General Configuration Guide

Web Authentication Application Note

How To Check If Your Router Is Working Properly

VPN Configuration Guide. Dell SonicWALL

Symphony Network Troubleshooting

BROADBAND INTERNET ROUTER USER S MANUAL. Version Page 1 of 13 -

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

ZyXEL ZyWALL P1 firmware V3.64

User Guide. XBR-2300 Luxul Xen Enterprise Dual-WAN Router. luxul.com. Simply Connected. Use the XBR-2300 to:

Stateful Inspection Technology

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

How to Configure an Initial Installation of the VMware ESXi Hypervisor

How To Industrial Networking

Configuring Network Address Translation (NAT)

Lab Organizing CCENT Objectives by OSI Layer

StarMOBILE Network Configuration Guide. A guide to configuring your StarMOBILE system for networking

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

Edgewater Routers User Guide

Multi-Homing Security Gateway

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

C-more Remote HMI App

Chapter 6 Using Network Monitoring Tools

PFSENSE Load Balance with Fail Over From Version Beta3

Model:BL-WDR Mbps Wireless Dual Band 11AC Router

HKBN Wi-Fi Service User Guide

Prestige 623R-T. Quick Start Guide. ADSL Dual-link Router. Version 3.40

Domain 3.0 Networking... 1

Chapter 8 Router and Network Management

Using a VPN with CentraLine AX Systems

If you need additional assistance please contact our Technical Support Center at 24 hours a day, 7 days a week.

Setting Up Scan to SMB on TaskALFA series MFP s.

Transcription:

VPN vs Port Forwarding

VPN vs Port Forwarding: Which Method is best for delivering Remote Access to home or Small Office Networks Martin Boulter, Luxul Customer Services Manager Installers of home and small office networks are often asked by customers for the ability to access their private local-area network () remotely via the Internet. Such remote connections are convenient and often necessary for frequent travelers, as well as for geographically dispersed locations or employees. Installers and service providers might also use a remote network connection to provide better customer service, troubleshoot network problems and resolve issues without the need to send a technician onsite. There are several methods for implementing a remote network connection. The two most common methods are Port Forwarding and Virtual Private Networking (VPN). In this article, these two methods will be discussed and compared. Which method an installer elects to use may depend upon the features supported by the equipment being installed. A professional grade router such as Luxul s XBR-2300 (which supports both methods) is typically required. Port Forwarding and VPN Definitions Port Forwarding: Allows remote computers to pass data to a specific computer or service within a private local-area network () by mapping traffic crossing specific ports to specified devices on the network. With Port Forwarding, the router is set to listen on a specific port for inbound traffic. If that port is contacted, information is then forwarded to the mapped internal resource. VPN (Virtual Private Network): A VPN allows the user to access the private local-area network () as if physically connected at the site. Unlike Port Forwarding, a VPN provides multiple levels of security through tunneling protocols and security procedures such as password verification and encryption. a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 p: 801-822-5450 luxul.com 1

Image 1: Luxul XBR-2300 Enterprise Dual- Router Router 0 11001001010 Image 2: Port Forwarding Router 0 11001001010 011001000011 00110110010 0 0 11001001010 Image 3: VPN 2

Port Forwarding Pros Easy to configure. Only requires device IP Address and the Port it is listening on. Ability to create multiple rules. Most routers will allow the creation of multiple port forwarding rules even to the same device. Forwards the user to the private network without requiring a password Works with Dynamic DNS VPN Pros Moderately simple configuration. User information is required, but no need for internal resource information. 1st Level of Security: There is only one open port which is username and password protected. 2nd Level of Security: All traffic to and from private network is encrypted. 3rd Level of Security: Internal resources are password protected. Allows access to all ports and internal resources not just the few devices for which rules are created. Works with Dynamic DNS Most OS s and devices natively support the most popular VPN types without additional client software. Port Forwarding Cons Not secured in any way. Unless data from the internal network resource is encrypted, all data being passed is open for anyone to see. Hackers can easily scan for open ports that can be used for breaking into internal systems Rules must be created for each device and internal resource Changing or adding rules may require additional site visits. VPN Cons Connecting to internal resources is now a two step process. The user must login to the VPN connection and then to the internal resource. Uses secure username and password, which can be forgotten. Traffic to and from the internal network may be slightly slower due to the encryption process. Some VPN setups may require separate client software to connect. a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 p: 801-822-5450 luxul.com 3

SYS SFP1 RESET POWER 24-Port Gigabit Ethernet Smart Switch 2 4 6 8 10 12 14 16 18 20 22 24 SFP2 SPEED 1 3 5 7 9 11 13 15 17 19 21 23 SPEED SPEED: 10/100Mbps 1000Mbps LINK/ACT LINK/ACT 2 4 6 8 10 12 14 16 18 20 22 24 1 3 5 7 9 11 13 15 17 19 21 23 23 24 SFP1 SFP2 XMS-1024 While there are positive and negative aspects of both methods, there are some major differences when it comes to security. Port Forwarding passes all data in what is referred to as the clear, which means packets can be captured and analyzed without much effort providing a rather open door into the system for a skilled hacker. On the other hand, while a VPN requires additional steps to connect to the network, it provides superior security. Plus, with a VPN, all of the data is encrypted making the information much more difficult to use if somehow it is intercepted. Although Port Forwarding makes sense in certain applications and installations, to minimize security risks, Luxul normally recommends using a VPN. We also do our best to make VPN setup as simple and hassle free as possible. A typical VPN setup using a Luxul XBR-2300 router requires only three steps: Initialize the VPN Server: This step includes setting the VPN Server IP address, creating a DHCP pool to be used by connecting clients, and choosing the desired encryption type. Create User Accounts: Input a user name, create a password for the user, and select if the user will have access to the local network or just to the router. Configure the Client Device: Most Operating Systems now natively support a VPN client that is capable of connecting to the most popular VPN types. For client devices with native VPN support, all that is required is Server Address, User Name, and Password. More information about setting up a VPN can be found at: luxul.com/how-to-videos The need for secure remote access to private resources is no longer limited to large corporations with satellite locations or mobile employees. A growing number of homeowners and small business owners now have the same requirement. At the same time, many service providers use remote access to their customer s network as a way to improve customer service while minimizing costs. By understanding how to configure and use a VPN, savvy network installers have one more tool for adding value to their customers. REMOTE VPN Image 4: Typical VPN Topology 4