Internet Load Balancers logo
LiveZilla Live Help
##
Free White Paper

Load Balancers and Virtual Private Network (VPN)

VPN Load Balancing Technologies

An important addition designed to offer all the features in an enhanced format is the Virtual Private Network (VPN) Load Balancing functionality. The software makes use of the built in Internet Protocol Security (IPSEC) support to access a network of VPN tunnels that is established between two desired locations. The merits of this technology are:

  • Doubling of the VPN bandwidth.
  • Helps in remaining protected in case of the link failure even when one link collapses at each site. This software also offers in-built or additional ADSL ports.

Functions of the VPN Load Balancing Technologies

The following functionalities bring out the link with Load Balancing.

1) Security

VPN can provide the necessary security function. For instance, a VPN device can be positioned on the side of a heavily trafficked site, with static routes directing VPN related traffic through the VPN appliance. The main traffic travels through the load balancer.

A less expensive device can be purchased in the case of the lower traffic level as it would allow only view a fraction of the traffic it would, otherwise.

2) Encryption:

3) VPN provides IPSec tunnels between two locations for encrypting the unencrypted traffic over the public and insecure links. This is not a part of web site as such but is used for system administration.

  • Advanced Encryption Standard is another option of encryption adopted by the U.S. government. This standard comprises of three block ciphers – AES-128, AES-192 and AES-256 that is adopted from larger collections that is published originally as Rijnadel. These ciphers has a 128 bit block size with key sizes that are of 128, 192 and 256 bits respectively. The predecessor of AES is the Data Encryption Standard.(DES).
  • The Data Encryption Standard (DES) is a block cipher that refers to a form of shared secret encryption, selected by National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976. It is based on a symmetric key algorithm that makes use of a 56 bit key.

A triple DES (3DES) offers a simple method of enlarging the key size with the objective of protecting against attacks – thus a form of security. This basically has three independent keys with a length of 168 bits. Due to the meet in the middle attack the effective security it offers is just 112 bits. It is actually the keying option 2 reduces the key size to 112 bits that is prone to plain text (known or chosen) attacks.The question now arises on how to carry out the security function. Authentication, a necessary process explains the concern that is explained below. The categories of authentication and security functions are provided concisely.

Authentication

1) Verification is necessary to carry out the security functions. The following explains the various types of authentication.

SHA

This stands for Secure Hash Algorithm. The three SHA algorithms are structured in different ways and are separated as SHA-0, SHA-1 and SHA-2. Of the three SHA-1 is used widely in different security applications and protocols.

SHA-1

The Secure Hash Standard states a Secure Hash Algorithm (SHA-1). This could be used to produce a reduced representation of a message that is known as a message digest. This is required for usage with the Digital Signature Algorithm (DSA). This is as it is specified in the Digital Signature Standard and when a secure hash algorithm is needed for Federal applications.

The transmitter and the receiver make use of the SHA-1 for computing and verifying a digital signature. SHA-1 is most prevalently used among the existing SHA hash functions. It is used for widely applied security systems and protocols.

2) MD 5-

Message-Digest algorithm 5 (MD 5) is a cryptographic hash function whose use is wide spread with a 128 bit hash value. It is commonly used to check the integrity of files and is made use of in a wide range of security applications.

Applications of MD5

  • Error checking function- MD5 is widely used to give an assurance of a transferred file that it arrives in an intact form. The MD5 provides for error-checking functionality and recognizes either a corrupt or an incomplete download that becomes more likely while downloading larger files.
  • Password Protection - MD5 is used to store passwords, widely. To alleviate the attacks, user can add a salt (salt comprises of the random bits that are used as one of the inputs to a key derivation function, the other input being a password) to the passwords before moving forward with hashing them.

3) Perfect forward Secrecy

A Perfect forward secrecy (or PFS) (in an authenticated key-agreement protocol using public key crptography) is the property that makes sure that a session key that is derived from a set of long-term public and private keys will not be agreed if in case one of the private keys is compromised.

4) RSA

This stands for Rivest, Shamir and Adleman who initially described it. In cryptology, it is an algorithm for public key encryption. It is the first algorithm that was known to be suitable for signing, encryption, and one of the first advances in public key cryptography.

RSA finds best uses in e-commerce protocols and is secure given long keys and use of updated implementation.

5) Pre-Shared Key-

In cryptography, a pre shared key (PSK) is a shared secret that was once shared between parties making use of some secure channel before the need for its usage. These systems use symmetric key cryptographic algorithms.

The characteristics or the nature of this secret or key are defined by the system using it. Some system designs need that such keys are in a specific format. Systems in the cryptographic processes that are used to secure the traffic between the systems use the secret mentioned there in.

It finds applications in WiFi encryption like WEP or WPA that involves both the wireless access points and clients who share the same key. This means that the crypto systems that rely on one or more keys for confidentiality, the key or keys must be difficult for attack. One possible attack against keys is the brute force key space search attack. However, a long key can resist the attack unless the attacker has enough computer powers.

Nevertheless, both parties hold the pre-shared keys to the communication that has some chances of compromise at an end without the other person’s knowledge. Tools to help a user choose strong passwords, although they do so over a network connection is unsafe as no one can find out about eavesdropping on the whole interaction.

The selection of keys by cryptographic algorithms is different. This implies that any pattern should be avoided - as such, a pattern might allow an attacker with a lesser effort attack than a brute force search. This means a random key choice to compels attackers to put in their efforts, however this is difficult in practice. In general and as a rule, except a Cryptographically secure pseudorandom number generator, any software program must be avoided.

6) Public key certificates

A Public key certificate is an electronic document that uses a digital signature to bring together a public key with identity. This includes the name of a person, an organization, address and so on. The certificate is used to verify if a public key belongs to an individual.

In a public key infrastructure (PKI) scheme, the signature is of a certificate authority (CA), where as in a web of trust scheme, the signature is of the user or other users (endorsements). In either of the cases, the signatures on a certificate are attestations by the signer indicating that the identity details and the public key belong together.