LogoENEnglish

بخشی از مجموعه

مفاهیم، انواع و معماری‌های شبکه‌های کامپیوتری

~2 دقیقه مطالعه • بروزرسانی ۱۳ مرداد ۱۴۰۴

Types of VPN Architectures

1. Site-to-Site VPN

  • Secure communication between branch offices over public internet
  • Traffic encrypted with IPsec protocol
  • No manual configuration required on end-user devices

2. Client-to-Site VPN

  • Allows remote workers to securely connect to enterprise network
  • Requires VPN client software
  • Multi-factor authentication recommended

3. Clientless VPN

  • Browser-based access using SSL/TLS encryption
  • No need to install VPN software
  • Ideal for limited, quick access

Split Tunnel vs Full Tunnel

  • Split Tunnel: Corporate traffic via VPN, internet traffic direct
  • Full Tunnel: All traffic routed through VPN for inspection
  • Full Tunnel preferred for better security

Secure Protocols

TLS (Transport Layer Security)

  • Modern replacement for SSL
  • Use TLS 1.2 or higher for secure browser and VPN connections

SSH (Secure Shell)

  • Encrypted alternative to Telnet for remote management
  • Public key cryptography ensures secure authentication

Remote Access Solutions

Remote Desktop / RDP / RDP Gateway

  • Graphical connection to remote desktops via RDP protocol
  • Use RDP Gateway for secure SSL tunnels
  • Firewall and certificate configuration required

VNC / Virtual Desktop

  • Cross-platform desktop sharing using VNC protocol
  • Virtual desktops hosted in the cloud for centralized management

Device Management Practices

Out-of-Band Management

  • Control servers through dedicated interfaces (e.g., iLO, iDRAC)
  • Remote access even when systems are powered off

Authentication & Authorization Controls

  • Deploy AAA servers (e.g., RADIUS, TACACS+)
  • Implement role-based access and 2FA

📋 Remote Access Security Overview Table

SolutionDescriptionSecurity Measures
Site-to-Site VPNBranch office connection over public internetIPsec, firewall rules
Client-to-Site VPNRemote access for employees2FA, VPN client software
Clientless VPNBrowser-based secure accessTLS 1.2+, limited access scope
RDP / GatewayGUI access to remote desktopSSL, port restrictions
VNCCross-platform desktop sharingEncryption, IP filtering
Out-of-Band ManagementNetwork-independent device controlStrong encryption, access limits

نوشته و پژوهش شده توسط دکتر شاهین صیامی

مقاله بعدی