240 likes | 346 Views
LapLink Gold 11 Firewall Service. How Connections are Created A Detailed Overview for the IT Manager. Using LapLink in a Secure Environment.
E N D
LapLink Gold 11Firewall Service How Connections are Created A Detailed Overview for the IT Manager
Using LapLink in a Secure Environment Currently, corporations using LapLink 2000, LapLink Host and LapLink Gold (version 3.x) must modify their network security to successfully connect (inbound) through a firewall or router. • Firewalls must have ports 1547 and 389 open for inbound and any port over 1024 open for outbound TCP/IP traffic • Routers must have port forwarding enabled, with port 1547 mapped to the single computer running LapLink behind the firewall/router • Security can be increased by using LapLink features, such as the Log-in List and CryptoAPI data encryption; however, any open ports on the firewall decrease the overall security of the network The result … Many end users are left without LapLink’s remote access benefits and features because the Corporation’s network security requirements have greater priority. The new Firewall Service in LapLink Gold 11 addresses these concerns.
Benefits of the Firewall Service • Network administrators do not open any ports or compromise firewall in any way • Routers do not need port forwarding to find the computer running LapLink on the local network • Packet filtering does not stopdata packets at the external IP address • Multiple computers behind the firewall can now run LapLink and receive connections from public networks such as the Internet
Limits of the Firewall Service • This service is designed to work through one firewall. If both computers are behind firewalls, connection attempts will fail unless firewall configuration changes are made on the guest (remote) computer. • To connect in through a firewall and use a DSL or cable modem connection on the guest computer, port forwarding must be configured for the DSL/cable modem. • This service does not support firewalls that require “stateful inspection” of the connection or password authentication at the firewall.
Firewall Service Overview • Firewall Service provides secure connections into computers behind firewalls and routers • Computers running LapLink Gold 11 send publicly available information (such as IP address and LapLink computer names) to a server maintained by LapLink Inc. • Server acts as a ‘proxy’ …sending messages, but no private customer data • Final connection does not go through the LapLink firewall server • Connections can not be spoofed because of ‘shared secret’ that includes the originating IP address
How LapLink Connects through the Firewall … the magic! Sally@work 198.102.199.xxx Sally@work • The computer behind the corporate firewall (Sally@Work) sends this information to the LapLink firewall server: • Internet address (aka the ILS name, as configured in LapLink’s Internet Directory Options) • IP address of the firewall • LapLink computer name • The firewall server and the computer keep the HTTP connection active so the port stays open through the corporate firewall. • Notes: The LapLink computer name and the ILS name can be different. • Some firewalls may send the computer’s IP address if 1:1 NAT is in use.
The computer outside the firewall (George@Home) sends a message to the firewall server asking if it knows about the computer it wants to connect with (aka Sally@work). If the firewall server does know Sally@Work, it sends Sally@Works’s external firewall IP address and the LapLink computer name to George@Home. George@Home will use this information to help authenticate Sally@Work later. Sally@work 198.102.199.xxx Sally@work Sally@work 198.102.199.xxx Sally@work
Sally@work 198.102.199.xxx Sally@work Sally@work 198.102.199.xxx Sally@work George@Home sends another message to the firewall server asking for a connection to Sally@Work. The message includes Sally@Work’s ILS name, George@Home’s IP address and LapLink computer name. Sally@work 64.20.240.221 George@Home
Sally@work 64.20.240.221 George@Home Sally@work 198.102.199.xxx Sally@work Sally@work 198.102.199.xxx Sally@work Sally@work=Sally@work The firewall server matches the ILS names.
Sally@work=Sally@work Sally@work 64.20.240.221 George@Home Sally@work 198.102.199.xxx Sally@work Sally@work 198.102.199.xxx Sally@work The firewall server sends a message to Sally@Work requesting a connection to George@Home. The message sends George@Home’s IP address and LapLink computer name. 64.20.240.221 George@Home
Sally@work=Sally@work Sally@work 64.20.240.221 George@Home Sally@work 198.102.199.xxx Sally@work Sally@work 64.20.240.221 George@Home 198.102.199.xxx Sally@work Sally@Work makes an outgoing connection to George@Home’s IP address, and sends her LapLink computer name, and the login name and password George@Home gave to her for her Address Book. Sally@work Sally *******
Sally@work=Sally@work Sally@work 64.20.240.221 George@Home Sally@work 198.102.199.xxx Sally@work Sally@work 64.20.240.221 George@Home 198.102.199.xxx Sally@work Sally@work Sally ******* George@Home checks Sally@Work’s IP address, the LapLink computer name and the login and password. George@Home uses the information that came from the firewall server, and his LapLink Log-in list to authenticate Sally@Work. If everything matches, the connection reverses and George@Home connects back to Sally@Work through the port that Sally@Work’s connection to George@Home opened. 198.102.199.xxx Sally@work Sally ******* LapLink opens File Transfer, or other LapLink services
Configuring the Firewall Service Tutorial George works from home and needs to transfer his files to Sally at her office. In this tutorial, you’ll learn how, using LapLink Gold 11, George now securely connects to Sally’s computer without the network administrator compromising the security of the firewall by opening a port. At the office, Sally configures LapLink in three areas. She changes LapLink’s Security to allow George to connect to her computer using LapLink services (for example, file transfer and remote control). She creates an entry in LapLink’s Address Book that tells the Firewall service it’s okay to let George connect to her. She publishes an Internet address to the Internet Directory Locator so that she doesn’t need to worry about knowing the IP address of her computer when George needs to connect to her. Some of the information she uses must match George’s computer, so she collaborates with him at some stages.
Here are the steps Sally follows to change LapLink’s Security: • From LapLink’s Options menu, click Security. Or click the Security icon on the Link bar. • On the General tab, click Log-in List Only (Protected System).
Click Log-in List, and then click Add. • Type a log-in name and a password. • Click any LapLink services that you want this user to use when connected to this computer. • Click Apply, and then OK until the Security dialog box closes. Note: Alternatively, you can set LapLink’s Security to Anybody (Public System). If you do so, click Public Privileges and set the LapLink services that you want everyone to use.
Here are the steps Sally follows to change LapLink’s Address Book: • From LapLink’s Options menu, click Address Book. Or click the Address Book icon on the Link bar. • Click Add. • In the Description field, add information that meaningfully describes to you what this connection does. • In the Computer Name, add the LapLink computer name of the computer that is connecting to you from outside the firewall. • Note: This is information that came from George. He found it by going to LapLink’s Options menu, and clicking Computer name. George used george@home.) • In the Connection field, click Firewall.
In the Security Information to send fields, type the login name and password that you need to connect to the other computer. (This information also came from George. He has changed his LapLink Log-in List to let Sally connect to him.) • Click OK and then Close. Here are the steps Sally follows to publish her Internet Address to the Internet Directory Locator: • From LapLink’s Options menu, click Internet Directory Options. • In the Internet address field, type a name that uniquely describes this computer. This can be an email name or something else.
In Options, click both boxes. • Under Directory server, confirm that the LapLink directory server is selected. • Click Apply and then OK. • Watch for the icon to appear in the LapLink status tray. If necessary, go to LapLink’s Connect menu and click Publish My Internet Address. Note: Click Don’t show me this message again if you want LapLink to automatically publish your address. Sally’s computer at work is now configured for George to connect to her. She needs to remember to leave LapLink running, and make sure that her computer has access to the Internet.
At home, George configures LapLink in these two areas: • He changes LapLink’s Security to match Sally’s ‘firewall’ Address Book entry. • He creates an entry in LapLink’s Address Book that has Sally’s Internet Address and the log-in name and password she assigned for him. Here are the steps George follows to change LapLink’s Security, matching his Log-in List to Sally’s Address Book: • From LapLink’s Options menu, click Security. Or click the padlock icon on the Link Bar. • On the General tab, click Log-in List Only (Protected System). • Click Log-in List, and then click Add.
Type the log-in name and password. Note: This is the information he gave to Sally for her Address Book. • For Services, click Firewall. (This is what tells Sally’s computer it’s okay for George to connect.) • Click Apply, and then OK until the Security dialog closes.
Here are the steps George follows to create his Address Book entry: • From LapLink’s Options menu, click Address Book. Or click the Address Book icon on the Link bar. • Click Add. • In the Description field, addinformation that meaningfully describes to you what this connection does. • In the Computer Name, type the LapLink computer name of the computer that you are connecting to inside the firewall. ( Note: This is information that came from Sally. She found it by going to LapLink’s Options menu, and clicking Computer name. Sally used sally@work.) • In the Connection field, click Internet.
For Services, click any LapLink service that you want to use. George is using File Transfer. Note: If you don’t have permission to use a service, you’ll see a message stating that Access is Denied. • In the Security Information to send fields, type the login name and password that you need to connect to the other computer. (This information came from Sally’s Log-in List.) • Click OK and then Close.
Here are the steps George follows to connect to Sally: • From LapLink’s Connect Over menu, click Internet. • Highlight the Address Book entry for the computer inside the firewall. (In George’s case, this is Sally’s Firewall @ work.) • Click OK.
When the computers have connected, the file transfer (or other service) window appears on your screen. Here is what George saw.