Monday, 12 March 2012

provided bypass VPN

Some of the services that could be provided at theIPSS by the NSP, based on information contained inthe TCP header, are discussed in this section.TCP performance enhancements for wirelessnetworks. In wireless networks, bandwidth and losscharacteristics across wireless links affect end-to-endTCP performance, which in turn, decreases the effective client throughput for applications based on TCP.When implemented between the client and theserver, a TCP proxy can match the TCP characteristicsto the wireless link characteristics, thereby improving end-to-end TCP performance. This matching ispossible because the TCP/IP headers are visible at theIPSS.Stateful firewall. Normally, an enterprise willallow all TCP packets to go out of the enterprise, butwill only allow TCP packets to come in to the enterprise if the corresponding TCP connection has beeninitiated from within the enterprise This is anexample of stateful-firewall functionality and requiresthat TCP state be maintained on a per-session basis.Because the TCP and the IP packet headers are visibleat the IPSS, it is possible to maintain TCP state at theIPSS; hence, the IPSS can provide stateful-firewallfunctionality for traffic to/from the VPN client device.In a sense, stateful-firewall functionality is a prerequisite for other network-based VPN services, becausewithout it clients whose VPN sessions are terminatedat the IPSS are vulnerable to external attacks

No comments:

Post a Comment

Note: only a member of this blog may post a comment.