Download presentation
Presentation is loading. Please wait.
Published byAubrie Flynn Modified over 9 years ago
1
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager
2
1Gold 11 1Gold 11 Using LapLink in a Secure Environment Currently, corporations using LapLink 2000, LapLink Host and LapLink Gold (version 3.x) must modify their network security to successfully connect (inbound) through a firewall or router. Firewalls must have ports 1547 and 389 open for inbound and any port over 1024 open for outbound TCP/IP trafficFirewalls must have ports 1547 and 389 open for inbound and any port over 1024 open for outbound TCP/IP traffic Routers must have port forwarding enabled, with port 1547 mapped to the single computer running LapLink behind the firewall/routerRouters must have port forwarding enabled, with port 1547 mapped to the single computer running LapLink behind the firewall/router Security can be increased by using LapLink features, such as the Log-in List and CryptoAPI data encryption; however, any open ports on the firewall decrease the overall security of the networkSecurity can be increased by using LapLink features, such as the Log-in List and CryptoAPI data encryption; however, any open ports on the firewall decrease the overall security of the network The result … Many end users are left without LapLink’s remote access benefits and features because the Corporation’s network security requirements have greater priority. The new Firewall Service in LapLink Gold 11 addresses these concerns.
3
2Gold 11 2Gold 11 Benefits of the Firewall Service Network administrators do not open any ports or compromise firewall in any way Routers do not need port forwarding to find the computer running LapLink on the local network Packet filtering does not stop data packets at the external IP address Multiple computers behind the firewall can now run LapLink and receive connections from public networks such as the Internet
4
3Gold 11 3Gold 11 Limits of the Firewall Service This service is designed to work through one firewall. If both computers are behind firewalls, connection attempts will fail unless firewall configuration changes are made on the guest (remote) computer. To connect in through a firewall and use a DSL or cable modem connection on the guest computer, port forwarding must be configured for the DSL/cable modem. This service does not support firewalls that require “stateful inspection” of the connection or password authentication at the firewall.
5
4Gold 11 4Gold 11 Firewall Service Overview Firewall Service provides secure connections into computers behind firewalls and routers Computers running LapLink Gold 11 send publicly available information (such as IP address and LapLink computer names) to a server maintained by LapLink Inc. Server acts as a ‘proxy’ …sending messages, but no private customer data Final connection does not go through the LapLink firewall server Connections can not be spoofed because of ‘shared secret’ that includes the originating IP address
6
5Gold 11 5Gold 11 The computer behind the corporate firewall (Sally@Work) sends this information to the LapLink firewall server: Internet address (aka the ILS name, as configured in LapLink’s Internet Directory Options) IP address of the firewall LapLink computer name The firewall server and the computer keep the HTTP connection active so the port stays open through the corporate firewall. Notes: Notes: The LapLink computer name and the ILS name can be different. Some firewalls may send the computer’s IP address if 1:1 NAT is in use. Sally@work 198.102.199.x xx Sally@work How LapLink Connects through the Firewall … the magic!
7
6Gold 11 6Gold 11 Sally@work 198.102.199.x xx Sally@work The computer outside the firewall (George@Home) sends a message to the firewall server asking if it knows about the computer it wants to connect with (aka Sally@work). If the firewall server does know Sally@Work, it sends Sally@Works’s external firewall IP address and the LapLink computer name to George@Home. George@Home will use this information to help authenticate Sally@Work later. Sally@wor k 198.102.199.x xx Sally@work
8
7Gold 11 7Gold 11 Sally@work 198.102.199.x xx Sally@work 198.102.199.x xx Sally@work George@Home sends another message to the firewall server asking for a connection to Sally@Work. The message includes Sally@Work’s ILS name, George@Home’s IP address and LapLink computer name. Sally@work 64.20.240.22 1 George@Ho me
9
8Gold 11 8Gold 11 The firewall server matches the ILS names. Sally@work 198.102.199.x xx Sally@work 198.102.199.x xx Sally@work 64.20.240.22 1 George@Ho me Sally@work=Sally@work
10
9Gold 11 9Gold 11 The firewall server sends a message to Sally@Work requesting a connection to George@Home. The message sends George@Home’s IP address and LapLink computer name. Sally@work 198.102.199.x xx Sally@work 198.102.199.x xx Sally@work 64.20.240.221 George@Hom e Sally@work=Sally@work 64.20.240.221 George@Hom e
11
10Gold 11 10Gold 11 Sally@Work makes an outgoing connection to George@Home’s IP address, and sends her LapLink computer name, and the login name and password George@Home gave to her for her Address Book. Sally@work 198.102.199.x xx Sally@work 198.102.199.x xx Sally@work 64.20.240.221 George@Hom e Sally@work=Sally@work 64.20.240.221 George@Hom e Sally@work Sally *******
12
11Gold 11 11Gold 11 Sally@work 198.102.199.x xx Sally@work 198.102.199.x xx Sally@work 64.20.240.221 George@Hom e Sally@work=Sally@work 64.20.240.221 George@Hom e Sally@work Sally ******* George@Home checks Sally@Work’s IP address, the LapLink computer name and the login and password. George@Home uses the information that came from the firewall server, and his LapLink Log-in list to authenticate Sally@Work. If everything matches, the connection reverses and George@Home connects back to Sally@Work through the port that Sally@Work’s connection to George@Home opened. 198.102.199.xxx Sally@work Sally ******* LapLink opens File Transfer, or other LapLink services
13
12Gold 11 12Gold 11 Configuring the Firewall Service Tutorial George works from home and needs to transfer his files to Sally at her office. In this tutorial, you’ll learn how, using LapLink Gold 11, George now securely connects to Sally’s computer without the network administrator compromising the security of the firewall by opening a port. At the office, Sally configures LapLink in three areas. At the office, Sally configures LapLink in three areas. She changes LapLink’s Security to allow George to connect to her computer using LapLink services (for example, file transfer and remote control). She creates an entry in LapLink’s Address Book that tells the Firewall service it’s okay to let George connect to her. She publishes an Internet address to the Internet Directory Locator so that she doesn’t need to worry about knowing the IP address of her computer when George needs to connect to her. Some of the information she uses must match George’s computer, so she collaborates with him at some stages.
14
13Gold 11 13Gold 11 Here are the steps Sally follows to change LapLink’s Security: 1. 1.From LapLink’s Options menu, click Security. Or click the Security icon on the Link bar. 2. 2. On the General tab, click Log-in List Only (Protected System).
15
14Gold 11 14Gold 11 3. 3.Click Log-in List, and then click Add. 4. 4.Type a log-in name and a password. 5. 5.Click any LapLink services that you want this user to use when connected to this computer. 6. 6.Click Apply, and then OK until the Security dialog box closes. Note: Alternatively, you can set LapLink’s Security to Anybody (Public System). If you do so, click Public Privileges and set the LapLink services that you want everyone to use.
16
15Gold 11 15Gold 11 Here are the steps Sally follows to change LapLink’s Address Book: 1. 1.From LapLink’s Options menu, click Address Book. Or click the Address Book icon on the Link bar. 2. 2.Click Add. 3. 3.In the Description field, add information that meaningfully describes to you what this connection does. 4.In the Computer Name, add the LapLink computer name of the computer that is connecting to you from outside the firewall. Note: This is information that came from George. He found it by going to LapLink’s Options menu, and clicking Computer name. George used george@home.) 5.In the Connection field, click Firewall.
17
16Gold 11 16Gold 11 6. 6.In the Security Information to send fields, type the login name and password that you need to connect to the other computer. (This information also came from George. He has changed his LapLink Log- in List to let Sally connect to him.) 7. 7.Click OK and then Close. Here are the steps Sally follows to publish her Internet Address to the Internet Directory Locator: 1. 1.From LapLink’s Options menu, click Internet Directory Options. 2. 2.In the Internet address field, type a name that uniquely describes this computer. This can be an email name or something else.
18
17Gold 11 17Gold 11 3.In Options, click both boxes. 4.Under Directory server, confirm that the LapLink directory server is selected. 5.Click Apply and then OK. 6.Watch for the icon to appear in the LapLink status tray. If necessary, go to LapLink’s Connect menu and click Publish My Internet Address. Note: Click Don’t show me this message again if you want LapLink to automatically publish your address. Sally’s computer at work is now configured for George to connect to her. She needs to remember to leave LapLink running, and make sure that her computer has access to the Internet.
19
18Gold 11 18Gold 11 At home, George configures LapLink in these two areas: He changes LapLink’s Security to match Sally’s ‘firewall’ Address Book entry. He creates an entry in LapLink’s Address Book that has Sally’s Internet Address and the log-in name and password she assigned for him. Here are the steps George follows to change LapLink’s Security, matching his Log-in List to Sally’s Address Book: 1. 1.From LapLink’s Options menu, click Security. Or click the padlock icon on the Link Bar. 2. 2.On the General tab, click Log-in List Only (Protected System). 3. 3.Click Log-in List, and then click Add.
20
19Gold 11 19Gold 11 4. 4.Type the log-in name and password. Note: This is the information he gave to Sally for her Address Book. 5. 5. For Services, click Firewall. (This is what tells Sally’s computer it’s okay for George to connect.) 6. 6. Click Apply, and then OK until the Security dialog closes.
21
20Gold 11 20Gold 11 Here are the steps George follows to create his Address Book entry: 1.From LapLink’s Options menu, click Address Book. Or click the Address Book icon on the Link bar. 2.Click Add. 3.In the Description field, add information that meaningfully describes to you what this connection does. 4.In the Computer Name, type the LapLink computer name of the computer that you are connecting to inside the firewall. ( Note: This is information that came from Sally. She found it by going to LapLink’s Options menu, and clicking Note: This is information that came from Sally. She found it by going to LapLink’s Options menu, and clicking Computer name. Sally used sally@work.) 5.In the Connection field, click Internet.
22
21Gold 11 21Gold 11 6. 6.For Services, click any LapLink service that you want to use. George is using File Transfer. Note: If you don’t have permission to use a service, you’ll see a message stating that Access is Denied. 7. 7.In the Security Information to send fields, type the login name and password that you need to connect to the other computer. (This information came from Sally’s Log-in List.) 8. 8.Click OK and then Close.
23
22Gold 11 22Gold 11 Here are the steps George follows to connect to Sally: 1. 1.From LapLink’s Connect Over menu, click Internet. 2. 2.Highlight the Address Book entry for the computer inside the firewall. (In George’s case, this is Sally’s Firewall @ work.) 3. 3.Click OK.
24
23Gold 11 23Gold 11 When the computers have connected, the file transfer (or other service) window appears on your screen. Here is what George saw.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.