Справочник Пользователя для Moxa ANT-WSB-ANM-05
www.moxa.com info@moxa.com
50
2009 Industrial Wireless Guidebook
Cellular Networks
3
3.3 Security
One of the major concerns faced by system integrators when adopting an Ethernet solution is the security and
confidentiality of data transmissions over the network. Wireless networks are especially vulnerable because
they need to transmit data through open air and are vulnerable to sniffing. To protect the security of wireless
connections, one of the most commonly seen solutions is the VPN.
confidentiality of data transmissions over the network. Wireless networks are especially vulnerable because
they need to transmit data through open air and are vulnerable to sniffing. To protect the security of wireless
connections, one of the most commonly seen solutions is the VPN.
The Virtual Private Network (VPN)
A VPN is a computer network that links up two or more networks or nodes by using open connections or
virtual circuits. Many people believe that a VPN offers sufficient data transmission security. However, a VPN, by
itself, does not guarantee information security. In response to the lack of security when tunneling through the
network, L2TP and IPSec are often used to enhance network security.
virtual circuits. Many people believe that a VPN offers sufficient data transmission security. However, a VPN, by
itself, does not guarantee information security. In response to the lack of security when tunneling through the
network, L2TP and IPSec are often used to enhance network security.
Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used in a VPN. L2TP is sent in a UDP datagram. It
contains no security feature on its own so it is often implemented along with IPSec.
contains no security feature on its own so it is often implemented along with IPSec.
IPSec is an open communication standard created to ensure data transmission security over public networks.
IPSec is also a Layer 4 security protocol, which is the most widely used way to ensure security for it is a more
balanced solution than Layer 1 and Layer 7 security control.
IPSec is also a Layer 4 security protocol, which is the most widely used way to ensure security for it is a more
balanced solution than Layer 1 and Layer 7 security control.
IPSec uses either Authentication Header (AH) or Encapsulating Security Payload (ESP). AH can protect
packet headers and data integrity but provides no encryption functionality. On the other hand, ESP provides
encryption and conserves the integrity of the packet, but cannot protect the outermost IP header as AH can.
ESP is the most commonly used protocol in a VPN because encryption is more of an important requirement in
a VPN while header protection is not.
packet headers and data integrity but provides no encryption functionality. On the other hand, ESP provides
encryption and conserves the integrity of the packet, but cannot protect the outermost IP header as AH can.
ESP is the most commonly used protocol in a VPN because encryption is more of an important requirement in
a VPN while header protection is not.
IPSec also contains the Internet Key Exchange protocol that is used to negotiate IPSec Connection Settings,
authentication endpoints, and secret keys, as well as to define the security parameters, manage updates, and
more.
authentication endpoints, and secret keys, as well as to define the security parameters, manage updates, and
more.
As far as the data compression technologies go, IPSec uses IP Payload Compression Protocol (IPComp) to
compress data before encryption; this also allows communication to be carried out in a more efficient way.
compress data before encryption; this also allows communication to be carried out in a more efficient way.
Firewall
Except for data encryption, using a firewall is the most common method to protect both wired and wireless
connections from outside attacks. There are multiple ways in which the firewall acts to deny cyber attacks
including inspecting data packets for suspicious contents or filtering IP addresses.
connections from outside attacks. There are multiple ways in which the firewall acts to deny cyber attacks
including inspecting data packets for suspicious contents or filtering IP addresses.
The most protection a firewall can offer is to set up a list of accessible IP addresses that limits access from
WANs. In most M2M applications, this is the most effective and direct way to protect a LAN from WAN attacks.
WANs. In most M2M applications, this is the most effective and direct way to protect a LAN from WAN attacks.
Moxa’s OnCell IP router offers two kinds of firewall protection for users to choose from. One way is to filter
WAN IP addresses to accept or deny WAN connectivity requests. Another way is to set up a virtual server that
allows remote users to access the Host or FTP services via a public IP address, and automatically redirects
them to local servers in the LAN. This firewall feature will filter out any unrecognized packet to protect your
LAN.
WAN IP addresses to accept or deny WAN connectivity requests. Another way is to set up a virtual server that
allows remote users to access the Host or FTP services via a public IP address, and automatically redirects
them to local servers in the LAN. This firewall feature will filter out any unrecognized packet to protect your
LAN.