Defining Network Infrastructures and Network Security | 171 There you have it: a basic VPN connection. What we did is a simulation because we only did it on a LAN between computers. Still, if the Internet were involved, the process would work the same way. Some companies actually implement LAN VPN connections for added security. Keep in mind that every time you encrypt, encapsulate, or otherwise change data, it slows down the network and uses more resources. When you are finished with the exercise, reset all systems back to normal. SHOW VPN FUNCTIONALITY ON A ROUTER GET READY. VPN devices can also come in the form of appliances and routers. For example, the D-Link DIR-655 router we used previously can be set up to accept incoming VPN con- nections with the PPTP or L2TP protocols. Let’s examine where to go on the router to set this up. 1. Access the D-Link DIR-655 router at the following link: http:support.dlink.comemulatorsdir655133NAlogin.html 2. Log in no password is required.

3. Click the Setup link at the top of the screen.

4. Click the Manual Internet Connection setup button.

5. In the Internet Connection Type drop-down menu, select PPTP Username

Password. This will modify the rest of the details of the page. Note that you can also select L2TP from this list. 6. Scroll down to PPTP Internet Connection Type. 7. From here, you need to select either static or dynamic IP. If you have received a static IP address from your ISP, select the Static IP radio button and enter the IP information. If you are receiving a dynamic IP from the ISP, select the Dynamic IP radio button. This will gray out the PPTP IP Address, PPTP Subnet Mask, and PPTP Gateway IP Address fields. Figure 8-6 Ipconfig showing results of VPN adapter 172 | Lesson 8 At this point, you can have the router forward PPTP requests to a server for example, the VPN server we set up in the previous exercise. Or, you could simply enter a user- name and password.

8. Enter a username and password. Then verify the password.

9. Save the configuration. This doesn’t really save any information because it is an

emulator, but this would work the same way on an actual router. At this point, external users would not be able to connect to your network without a username, password, and VPN adapter utilizing PPTP.

10. Log off the DIR-655.

This is one way for small offices and home offices to create an intranet of their own. By only accepting secure connections from users who know the proper username and password, you weed out the public Internet users. This, in addition to security devices and zones on the perimeter of your network, can help keep your data safe. ■ Understanding Security Devices and Zones Security devices such as firewalls are the main defense for a company’s networks, whether they are LANs, WANs, intranets, or extranets. Perimeter security zones such as demilitarized zones DMZs help keep certain information open to specific users or to the public while keeping the rest of an organization’s data secret. THE BOTTOM LINE CERTIFICATION READY How do you define and configure a firewall? 1.1 Defining Firewalls and Other Perimeter Security Devices Firewalls are used to protect a network from malicious attack and unwanted intrusion. They are the most commonly used type of security device in an organization’s perimeter. Firewalls are primarily used to protect one network from another. They are often the first line of defense in network security. There are several types of firewalls; some run as software on server computers, some run as stand-alone dedicated appliances, and some work as just one function of many on a single device. They are commonly implemented between the LAN and the Internet, as shown in Figure 8-7. Figure 8-7 A firewall 10.254.254.249 Firewall LAN 87.69.11.124 Generally, there is one firewall, with the network and all associated devices and computers residing “behind” it. By the way, if a device is “behind” the firewall, it is also considered to be “after” the firewall, and if the device is “in front of ” the firewall, it is also considered to be “before” the firewall. In Figure 8-7, you can see that the firewall has a local address of 10.254.254.249, which connects it to the LAN. It also has an Internet address of 87.69.11.124, which allows