As remote users, field geological survey workers need to securely transmit data with their geological survey and research institutions. Applying virtual private network technology can ensure the security of data transmission when using public networks. This article discusses the classification and key points of virtual private networks Technology, by analyzing the network topology of a geological institute, a virtual private network solution was provided, and the virtual private network server based on Windows Server 2003 was configured in detail.
Remote data transmission has become an indispensable form of modern geological survey and research work. On the one hand, with the increasing degree of digitization of field data collection, it is often necessary to remotely transmit data collected in the field to the offices of geological survey and research institutions in a timely manner. The network is used for data storage and processing; on the other hand, during the field geological survey, it is sometimes necessary to call relevant technical information from the office intranet and database of the geological survey agency. Since most of the data obtained from geological survey work is precious first For hand-held data, it is necessary to ensure its security during remote data transmission. If the Internet network is used for data transmission, it is difficult to ensure the security of the data. Therefore, establishing an economical, efficient, fast and secure network system for remote data transmission has become The urgent need for remote working.
1 Remote data transmission solution
When the Internet was not yet popular, only taxation, electricity, banking and other systems could afford the cost of setting up and using dedicated lines. With the development of technology, it has become very economical to use virtual private network technology to build a dedicated network, and the speed can reach the level of dedicated lines. .
For mobile users, when remote data transmission is required, direct dial technology is traditionally used. However, direct dial technology solutions are suitable for small-scale, geographically close access, and are not suitable for remote office users who frequently travel. For mobile users , the dedicated line method is powerless because the location of the user is uncertain and temporary. The virtual private network technology solution is suitable for geographically distributed and large-volume access [1], and can solve the actual needs of remote data transmission. . More importantly, virtual private network technology can fully protect the data security of mobile remote users.
There are two main ways to build a virtual private network through the Internet: one is to purchase professional routers and other equipment, and the other is to use professional software. Compared with the former, the latter is more economical, simpler to configure, and has the same effect as the former’s virtual private network. The network is the same. The virtual private network can be established according to the actual situation and needs of the original network. In summary, the solution for remote data transmission uses a virtual private network, and the actual needs are considered when establishing it.
2 About VPN technology
2.1 Definition of VPN Virtual Private Network (VPN) uses access servers, routers and special equipment to establish a private network on public networks (including IP networks, public telephone networks, frame relay networks and ATM networks, etc.). Data is transmitted in the public network through a secure tunnel. A virtual private network is an extension of a private network (DDN dedicated line or telephone dial-up line). It uses the public network to build its own network. In other words, the user is not aware that he is using The public network obtains the services of the private network. Objectively speaking, it can be considered that VPN is a network communication environment with private and dedicated characteristics. It is achieved through virtual networking technology rather than the means of building a physical private network. Through VPN Data can be transmitted securely between two computers through a public network. Since VPN can be constructed using the original IP network, Frame Relay network, ATM network, etc., it can greatly reduce network construction costs.
2.2 VPN Classification There are many ways to classify VPN. Depending on the application environment, VPN can be divided into 3 basic types [3]: Remote access VPN refers to corporate employees accessing the corporate internal network through remote dial-up through the public network) ; Intranet VPN (referring to the enterprise connecting the LAN of each branch and the LAN of the headquarters through a public network); Extranet VPN (referring to the enterprise connecting their respective intranet VPNs to form a large virtual network in order to facilitate information exchange) corporate intranet).
2.3 VPN security technology Since VPN transmits private information, data security is the most important thing for VPN users. Currently, VPN mainly uses 4 technologies to ensure security, namely tunnel technology, encryption technology, key management technology and identity Authentication technology[1].
Tunneling technology is the key technology of VPN. Tunneling is a way of transmitting data between networks through the Internet. The transmitted data is encapsulated in the corresponding tunnel protocol before transmission, and is decrypted when it reaches the other end. Packet. Protocols related to tunneling technology are divided into Layer 2 Tunneling Protocol and Layer 3 Tunneling Protocol. The Layer 2 Tunneling Protocol first encapsulates various network protocols into PPP (Point-to-Point Protocol), and then modifies the data. Packed into a tunnel protocol, the data packets formed by this double-layer encapsulation method are transmitted by the second layer protocol; the third layer tunnel protocol is to directly load various network protocols into the tunnel protocol, and the data packets formed by the third layer protocol are Transmission. The second layer tunneling protocols mainly include PPTP (Point-to-Point Tunneling Protocol), L2TP (Layer 2 Tunneling Protocol), etc. The third layer tunneling protocols mainly include IPSec. Among them, PPTP provides security for users who use telephone to access the Internet. VPN services, L2TP can be used on IP networks, Frame Relay, X.25 or ATM networks. IPSec provides protection for the IP layer and its upper layer protocols, and is transparent to users and applications.
Encryption technology means that the sender encrypts the data before sending it, and the receiver decrypts the data when it reaches the receiver. Encryption algorithms such as DES, 3DES, IDEA, etc.
The main task of key management technology is to safely transfer keys on public data networks without being stolen, which can significantly improve the security of VPN. The current main key exchange and management standards include IKE (Internet Key Exchange), SKIP ( Internet Simple Key Management) and Oakley.
User identity authentication technology is mainly used in remote access situations. When a dial-up user requests to establish a session, the user’s identity must be authenticated to determine whether the user is a legitimate user and which resources can be used. Identity authentication technology is the most Commonly used is to use name and password or card.
2.4 VPN products There are many types of VPN products that support VPN, including firewalls with VPN function, routers with VPN function, dedicated VPN equipment, software VPN systems, etc. Users who use VPN can choose VPN products according to their own circumstances. Generally speaking, When choosing a VPN product, you should mainly examine the performance in the following aspects: whether it integrates a firewall; the maximum number of connections it can support; the VPN system’s requirements for clients; and network management functions.
Keywords: Internet of Things gateway