22.5. Virtual Private Networking

22.5. Virtual Private Networking After reading the previous pages, you might assume that its a piece of cake for business people to connect to their corporate networks across the Internet from wherever they happen to be: their homes
Nội dung trích xuất từ tài liệu:
22.5. Virtual Private Networking22.5. Virtual Private NetworkingAfter reading the previous pages, you might assume that its a piece of cake for businesspeople to connect to their corporate networks across the Internet from wherever theyhappen to be: their homes, hotel rooms, or local Starbucks. But even though the steps onthe preceding pages work fine if youre dialing into your home machine, theyll probablyfail miserably when you want to connect to a corporate network. Theres one enormousobstacle in your way: Internet security.The typical corporate network is guarded by a team of steely-eyed administrators forwhom Job Number One is preventing access by unauthorized visitors. They perform thisjob primarily with the aid of a super-secure firewall that seals off the companys networkfrom the Internet.So how can you tap into the network from the road? One solution is to create a hole in thefirewall for each authorized user — software that permits incoming Internet traffic onlyfrom specified IP addresses like your Macs. Unfortunately, this setup isnt bulletproof,security-wise. Its also a pain for administrators to manage.Another solution: You could dial directly into the corporate network, modem-to modem.Thats plenty secure, but it bypasses the Internet, and therefore winds up being expensive.(Want proof? Try this simple test: Make a call from the Tokyo Hilton to thePoughkeepsie Sheet Metal home office. Have a look at your hotel bill when you checkout.)Fortunately, theres a third solution thats both secure and cheap: the Virtual PrivateNetworke, or VPN. Running a VPN allows you to create a super-secure tunnel fromyour Mac, across the Internet, and straight into your corporate network. All data passingthrough this tunnel is heavily encrypted; to the Internet eavesdropper, it looks like somuch undecipherable gobbledygook.And its cheap—whether youre accessing the Internet via your home DSL, a local ISPnumber from a hotel, or wirelessly from your stool at Starbucks.Remember, though, that VPN is a corporate tool, run by corporate nerds. You cant usethis feature without these pieces in place: • A VPN server. This is a big deal. If your tech department tells you they dont have one, then thats that—no tunneling for you. If they do have one, then youll need to know the type of server it is. Mac OS Xs VPN software can connect to VPN servers that speak PPTP (Point to Point Tunneling Protocol) and L2TP/IPsec (Layer 2 Tunneling Protocol over the IP Security Protocol), both relatives of the PPP language spoken by modems. Most corporate VPN servers work with at least one of these protocols. Youll also need to know the Internet address of your VPN server (for example, http://vpn.ferrets-r-us.com). • An account on the remote network that allows VPN access.Your remote network can be set up in many different ways, but in every case, youll still need to confirm with your network administrator that your account on it allows VPN access. • All necessary account information. Make sure you have all the scraps of connection information youll need to dial in. That would include your user (account) name, at the very least. You may also need an NT Domain name; VPN servers are often part of Microsoft Windows NT networks, which wont let you in until you know this domain name. Some networks also may require that you type in the currently displayed password on an RSA SecurID card,which your administrator will provide. This James Bondish, credit card–like thing displays a password that changes every few seconds, making it rather difficult for hackers to learn the password. (If your network doesnt require a SecurID card, youll need a standard password instead.) Finally, if your office offers L2TP connections, youll need yet another password called a Shared Secret to ensure that the server youre connecting to is really the server that you intend to connect to.22.5.1. Setting Up the VPN ConnectionIf youre lucky, your companys network geek has provided you with a VPN settings file,a little double-clickable icon that automatically opens the Network pane of SystemPreferences and fills in the blanks for you. If not, you can do all that manually: 1. Open System Preferences. Click Network. Click the + button below the list of connections at the left side. The Select an interface sheet appears. 2. From the pop-up menu, choose VPN. Now a new pop-up menu appears, called VPN Type; youre supposed to choose either L2TP (Layer 2 Tunneling Protocol) or PPTP (Point to Point Tunneling Protocol). Find out which system your companys network uses. Tip: Leopard doesnt work with the third popular type, called IPSec (IP Security). If yo ...