VPN means "Virtual Private Network". It is a generic concept which designates a part of a bigger network (e.g. the Internet at large) which is logically isolated from the bigger network through non-hardware means (that's what "virtual" means): it is not that we are using distinct cables and switches; rather, isolation is performed through use of cryptography.

2020年2月5日 · Trusted Users vs. Trusted Path/Location. When you use a site-to-site VPN, the VPN usually just authenticates it's two endpoints and not the connections, users, or machines that use the VPN. So the VPN on it's own isn't adequate security. It's just one of many layers of a defense-in-depth strategy.

2014年7月17日 · It is usually easier to configure an SSL VPN with more granular control over access permissions, which can provide a more secure environment for remote access in some cases. Furthermore, SSL/TLS is inherently supported by modern devices, and can usually be deployed without the need for specialist client-side software, or with lightweight ...

2016年9月29日 · The first two issues also apply if you're using a VPN, they're not unique to TLS-based use. For these reasons it may be worth running an application server close to the PostgreSQL database and bundling up application data requests into structured forms with json/protobuf/whatever requests and responses.

2020年8月10日 · This makes SSL VPN ideal for client-to-site VPNs. On the other hand, IPsec VPN (especially IKEv2) can negotiate connections faster, so there might be performance advantages. This performance and reliability perspective makes IPsec VPN ideal for site-to-site VPNs, as they typically don't have to deal with NAT traversal.

VPN, on the other hand, is usually done via an appliance or via a non-root daemon, limiting the attack surface. VPN also dramatically simplifies access to restricted resources other than just SSH -- e.g. internal-only websites. While you can port-forward using SSH, it is a lot more hassle compared to using a VPN.

2020年1月10日 · Aside from possible implementation bugs, which VPN concept aims to offer more protection by design? SSL VPN (implementation example - OpenVPN) L2TP/IPSEC (implementation example - Strong Swan) After reading this review, I can't understand how to compare designed security levels of both beyond what the author says. That is, I'm looking for …

2017年3月21日 · Therefore, in the presence of a VPN, SSL is redundant only if all the following characteristics are met: the VPN provides confidentiality and integrity as well as SSL would (i.e. with correctly used cryptography); all machines which may connect to the VPN are trusted; authentication can be delegated to the VPN layer.

2018年1月12日 · Only, in theory users would need to explicitly trust the VPN provider for inspecting SSL traffic similar to what is done in companies. But, if you for example install the VPN software provided by the VPN provider, this software could actually silently trust the computer the VPN provider for SSL interception so that you don't realize that the ...

2020年11月23日 · VPN’s do NOT protect you end-to-end. A VPN is basically a second encryption layer to wrap your normal traffic in, it is encrypted until the VPN endpoint (or exit node). This will “Protect the traffic from being readable” by any intermediate (your ISP mainly). They will see traffic is going from you to the VPN but nothing more.