Table of contents

3. Security and Reliability

    Table of contents
    to the older version or return to version archive.

    Combined revision comparison

    Comparing version 20:26, 22 Feb 2013 by genya with version 01:08, 2 Mar 2013 by yagi.

    ...

    What is Hardware VPN Products?Inside Hardware VPN Products

    ...

    Any Smart Cards or USB Tokens which are compatible to PKCS#117 are supported.

    ...

    All user objects which are defined on the Virtual HubHUB by the administrator can be grouped. Groups can be created and a group can hold multiple users. It is very convenient to define the security policy or packet filtering policy to a group of several users.

    ...

    You can set up the packet filter rules on the Virtual HubHUB of the VPN Server. The number of rules can be placed up to 4096 entries. Packet filter function is also called "Access Lists" .

    ...

    You can find some Ethernet switch produces on the contemporary market have DHCP spoofing functions in order to enforce a client computer to be assigned only the IP address which the DHCP server appointed. SoftEther VPN's Virtual HubHUB implements the exactly same features on it.

    ...

    A Virtual HubHUB on the VPN Server has FDB of MAC addresses. It also has IP Address tables. But some malicious VPN Client users might send random MAC addresses or IP addresses in source field of packets for the purpose to DoS attack (denial-of-service attack). It will consume the precious resource of VPN Server, especially the capacity of RAM. So use this security policy to limit the maximum numbers of both MAC Address and IP Address which is related on a user's VPN Session.

    ...

    Monitoring Function is a tapping function for all packets which are flowed in the Virtual HubHUB. This function can be used by network administrators of its VPN network. So this function is disabled by default, although an administrator can enable it if he wishes.

    ...

    You can use any kind of IDS (Intrusion Detection System) in order to detect potential security breaches on the network. You can attach IDS software to the VPN Server's Virtual HubHUB with the monitoring function.

    ...

    All packets which are flowed via the Virtual HubHUB on the Virtual Server can be logged as a log file on the hard disk of VPN Server. But if you log all packets to record on the disk, the disk will be full soon. Then SoftEther VPN Server has a filtering function to determine what kind of packets is to be logged. And you can choose whether entire packet's payloads must be logged, or only important headers of packets must be logged. Due to processing by software, all packets will be logged without missing.

    ...

    3.12. Virtual HubHUB Admin Delegation

    A VPN Server can have a lot of Virtual HubsHUBs. And the administrator of the entire of VPN Server can entrust someone as an appropriate administrator of a Virtual HubHUB, and can delegate the role of it to him.

    In this situation, the entire VPN Server's administrator specifies the administration password for dedicated to particular Virtual HubHUB, and tells that password to someone to delegate. Then delegated person can access and manage the Virtual HubHUB. But he still can't manage other Virtual HubsHUBs on the same server. Security functions and databases such as for user objects and packet filter rules are separated between Virtual HubsHUBs completely.

    ...

    Version from 20:26, 22 Feb 2013

    This revision modified by genya (Ban)

    ...

    Inside Hardware VPN Products

    ...

    Any Smart Cards or USB Tokens which are compatible to PKCS#7 are supported.

    ...

    All user objects which are defined on the Virtual HUB by the administrator can be grouped. Groups can be created and a group can hold multiple users. It is very convenient to define the security policy or packet filtering policy to a group of several users.

    ...

    You can set up the packet filter rules on the Virtual HUB of the VPN Server. The number of rules can be placed up to 4096 entries. Packet filter function is also called "Access Lists" .

    ...

    You can find some Ethernet switch produces on the contemporary market have DHCP spoofing functions in order to enforce a client computer to be assigned only the IP address which the DHCP server appointed. SoftEther VPN's Virtual HUB implements the exactly same features on it.

    ...

    A Virtual HUB on the VPN Server has FDB of MAC addresses. It also has IP Address tables. But some malicious VPN Client users might send random MAC addresses or IP addresses in source field of packets for the purpose to DoS attack (denial-of-service attack). It will consume the precious resource of VPN Server, especially the capacity of RAM. So use this security policy to limit the maximum numbers of both MAC Address and IP Address which is related on a user's VPN Session.

    ...

    Monitoring Function is a tapping function for all packets which are flowed in the Virtual HUB. This function can be used by network administrators of its VPN network. So this function is disabled by default, although an administrator can enable it if he wishes.

    ...

    You can use any kind of IDS (Intrusion Detection System) in order to detect potential security breaches on the network. You can attach IDS software to the VPN Server's Virtual HUB with the monitoring function.

    ...

    All packets which are flowed via the Virtual HUB on the Virtual Server can be logged as a log file on the hard disk of VPN Server. But if you log all packets to record on the disk, the disk will be full soon. Then SoftEther VPN Server has a filtering function to determine what kind of packets is to be logged. And you can choose whether entire packet's payloads must be logged, or only important headers of packets must be logged. Due to processing by software, all packets will be logged without missing.

    ...

    3.12. Virtual HUB Admin Delegation

    A VPN Server can have a lot of Virtual HUBs. And the administrator of the entire of VPN Server can entrust someone as an appropriate administrator of a Virtual HUB, and can delegate the role of it to him.

    In this situation, the entire VPN Server's administrator specifies the administration password for dedicated to particular Virtual HUB, and tells that password to someone to delegate. Then delegated person can access and manage the Virtual HUB. But he still can't manage other Virtual HUBs on the same server. Security functions and databases such as for user objects and packet filter rules are separated between Virtual HUBs completely.

    ...

    Current version

    This revision modified by yagi (Ban)

    ...

    What is Hardware VPN Products?

    ...

    Any Smart Cards or USB Tokens which are compatible to PKCS#11 are supported.

    ...

    All user objects which are defined on the Virtual Hub by the administrator can be grouped. Groups can be created and a group can hold multiple users. It is very convenient to define the security policy or packet filtering policy to a group of several users.

    ...

    You can set up the packet filter rules on the Virtual Hub of the VPN Server. The number of rules can be placed up to 4096 entries. Packet filter function is also called "Access Lists" .

    ...

    You can find some Ethernet switch produces on the contemporary market have DHCP spoofing functions in order to enforce a client computer to be assigned only the IP address which the DHCP server appointed. SoftEther VPN's Virtual Hub implements the exactly same features on it.

    ...

    A Virtual Hub on the VPN Server has FDB of MAC addresses. It also has IP Address tables. But some malicious VPN Client users might send random MAC addresses or IP addresses in source field of packets for the purpose to DoS attack (denial-of-service attack). It will consume the precious resource of VPN Server, especially the capacity of RAM. So use this security policy to limit the maximum numbers of both MAC Address and IP Address which is related on a user's VPN Session.

    ...

    Monitoring Function is a tapping function for all packets which are flowed in the Virtual Hub. This function can be used by network administrators of its VPN network. So this function is disabled by default, although an administrator can enable it if he wishes.

    ...

    You can use any kind of IDS (Intrusion Detection System) in order to detect potential security breaches on the network. You can attach IDS software to the VPN Server's Virtual Hub with the monitoring function.

    ...

    All packets which are flowed via the Virtual Hub on the Virtual Server can be logged as a log file on the hard disk of VPN Server. But if you log all packets to record on the disk, the disk will be full soon. Then SoftEther VPN Server has a filtering function to determine what kind of packets is to be logged. And you can choose whether entire packet's payloads must be logged, or only important headers of packets must be logged. Due to processing by software, all packets will be logged without missing.

    ...

    3.12. Virtual Hub Admin Delegation

    A VPN Server can have a lot of Virtual Hubs. And the administrator of the entire of VPN Server can entrust someone as an appropriate administrator of a Virtual Hub, and can delegate the role of it to him.

    In this situation, the entire VPN Server's administrator specifies the administration password for dedicated to particular Virtual Hub, and tells that password to someone to delegate. Then delegated person can access and manage the Virtual Hub. But he still can't manage other Virtual Hubs on the same server. Security functions and databases such as for user objects and packet filter rules are separated between Virtual Hubs completely.

    ...