OpenVPN

OpenVPN

Open­VPN is a vir­tu­al pri­vate net­work (VPN) pro­to­col and soft­ware for both client and serv­er applications.

It imple­ments tech­niques to cre­ate secure point-to-point or site-to-site con­nec­tions in rout­ed or bridged con­fig­u­ra­tions and remote access facil­i­ties enabling peer authen­ti­ca­tion using pre-shared secret keys, cer­tifi­cates or usernames/passwords.

  • While pre-shared secret key is the eas­i­est to imple­ment, cer­tifi­cate-based is the most robust and rich­est in fea­tures. In ver­sion 2.0, username/password authen­ti­ca­tions can be enabled, both with or with­out cer­tifi­cates, yet it requires you to rely on third-par­ty modules.
  • It can also use the HMAC pack­et authen­ti­ca­tion fea­ture to add an addi­tion­al lay­er of secu­ri­ty to the con­nec­tion (known as HMAC fire­wall) and hard­ware accel­er­a­tion to improve the encryp­tion performance.
  • When used in a mul­ti­client-serv­er con­fig­u­ra­tion, it also allows the serv­er to release authen­ti­ca­tion cer­tifi­cates for every client by using sig­na­tures and cer­tifi­cate authority.
  • It makes strong use of the OpenSSL encryp­tion library. As it lets OpenSSL do all the encryp­tion and authen­ti­ca­tion work, Open­VPN can use all the ciphers avail­able in the OpenSSL pack­age. In com­bi­na­tion with the TLS pro­to­col, it can thus pro­vide many secu­ri­ty and con­trol fea­tures and is also capa­ble of tra­vers­ing fire­walls and net­work address trans­la­tors (NATs).
  • Open­VPN is a free soft­ware, released under the terms of the GNU Gen­er­al Pub­lic License ver­sion 2 (GPLv2).
  • Open­VPN runs best over User Data­gram Pro­to­col (UDP) but can also run over Trans­mis­sion Con­trol Pro­to­col (TCP) trans­ports if UDP con­nec­tions fail.

    Tags: , , , , , , , , , ,

    all entries sort­ed aplhabetically

    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    Any ques­tions about this?
    Ask us!

      I have read and accept the Pri­va­cy Pol­i­cy*

      All per­son­al data that you sub­mit us via this form will be processed by Data Con­troller IGRID, S.L. and saved into CONTACTS pro­cess­ing activ­i­tie, with the pur­pose of answer­ing your inquiry, via email or phone, and for a lat­er fol­low up. Pro­cess­ing shall be law­ful because you give us your con­sent for these spe­cif­ic pur­pos­es. Your per­son­al data will not be dis­closed to third par­ties unless forced by law. You have right to access to, rec­ti­fy, or delete your per­son­al data, and oth­er rights as explained in our Pri­va­cy Policy

      Cyber Security

      IEC 62351 is a stan­dard devel­oped to han­dle the secu­ri­ty of TC 57 series of pro­to­cols includ­ing IEC 60870–5 series, IEC 60870–6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series.

      The dif­fer­ent secu­ri­ty objec­tives include the authen­ti­ca­tion of data trans­fer through dig­i­tal sig­na­tures, pre­ven­tion of eaves­drop­ping and play­back as well as spoof­ing, and intru­sion detection.

      IPsec (IP for “Inter­net Pro­to­col” and sec for “secure”) is a group of pro­to­cols to ensure the integri­ty, con­fi­den­tial­i­ty and authen­ti­ca­tion of data com­mu­ni­ca­tions over an IP network.

      IPsec is com­mon­ly used as a base for VPNs (Vir­tu­al Pri­vate Net­works), encrypt­ing the IP pack­ets and authen­ti­cat­ing the source where the pack­ets come from.

      Ter­mi­nal Access Con­troller Access-Con­trol Sys­tem Plus (TACACS+) is a pro­to­col devel­oped by Cis­co to han­dle authen­ti­ca­tion, autho­riza­tion, and account­ing (AAA) ser­vices and was released as an open stan­dard begin­ning in 1993.

      It is an exten­sion of its pre­de­ces­sor TACACS, encrypt­ing the full con­tent of each pack­et and pro­vides gran­u­lar con­trol (com­mand by com­mand autho­riza­tion) whilst oper­at­ing over TCP.

      Open­VPN is a vir­tu­al pri­vate net­work (VPN) pro­to­col and soft­ware for both client and serv­er applications.

      It imple­ments tech­niques to cre­ate secure point-to-point or site-to-site con­nec­tions in rout­ed or bridged con­fig­u­ra­tions and remote access facil­i­ties enabling peer authen­ti­ca­tion using pre-shared secret keys, cer­tifi­cates or usernames/passwords.

      Pub­lic key infra­struc­ture (PKI) refers to a range of tech­nolo­gies for authen­ti­cat­ing users and devices in order to secure the dig­i­tal trans­fer of infor­ma­tion for a range of net­work activ­i­ties such as e‑commerce, inter­net bank­ing and con­fi­den­tial email.

      It includes a set of roles, poli­cies, hard­ware, soft­ware and pro­ce­dures need­ed to cre­ate, man­age, dis­trib­ute, use, store and revoke dig­i­tal cer­tifi­cates and man­age pub­lic-key encryption.

      Oth­er Chapters

      Expert Cyber Security 

      iGrid T&D enforces sev­er­al lay­ers of secu­ri­ty mea­sures guid­ed by the propo­si­tions of the IEC 62351 stan­dard to pro­tect its devices from all kinds of threats.

      Our hard­ened devices fea­ture Role Based Access Con­trol (RBAC) to avoid intrin­sic risks such as secu­ri­ty holes and unau­tho­rized actions by authen­ti­cat­ed users.
      In addi­tion to end-to-end encryp­tions via TSL/SSL, HTTPS, SSH and stan­dard pro­ce­dures for VPNs (e.g. Open­VPN), its com­mu­ni­ca­tion can also be secured with net­work con­trol meth­ods such as fire­walls, IP fil­ters, ACL or TCP port blocks.

      iGW‑S Substation Gateway

      Pow­er­ful and reli­able sub­sta­tion gate­way, able to run either in stand­alone or redun­dant modes, with an embed­ded Eth­er­net switch (4 ports) and IEC 61850 client and serv­er capabilities.

      iRTU – With I/Os for Direct Data Acquisition 

      Com­pact and scal­able bay con­troller which can act as IEC 61850 client or serv­er, fea­tur­ing con­fig­urable I/O boards for direct data acqui­si­tion, high-pre­ci­sion time­stamp­ing and an option­al Eth­er­net switch for addi­tion­al Eth­er­net ports.

      iControl SCADA

      High-per­for­mance SCADA for the visu­al­iza­tion and con­trol of sub­sta­tion data. It is able to run either in client/server or stand­alone modes, pro­vid­ing advanced func­tion­al­i­ties such as hot-stand­by redun­dan­cy, auto­mat­ic line col­or­ing, events noti­fi­ca­tion (via e‑mail and sms), SQL log­ging, and reports generation.

      iGrid Solutions and Applications

      Automation with IEC 61850 

      The IEC 61850 stan­dard is enabling new opor­tu­ni­ties for ven­dor inter­op­er­abil­i­ty and advanced sub­sta­tion automa­tion. Find out how you can take advan­tage of IEC 61850 with easy-to-use and adapt­able solu­tions for a sim­ple migra­tion or retrofit.

      IEC 61850 Automation

      HV Substation Automation

      Pow­er­ful sub­sta­tion automa­tion sys­tems often han­dle numer­ous com­mu­ni­ca­tion pro­to­cols and media with­in one net­work, which can result in expen­sive and com­plex projects.  Avoid these prob­lems with inter­op­er­a­ble tech­nol­o­gy and smart con­fig­u­ra­tion tools.

      HV Sub­sta­tion Automation

      MV Distribution Grid Automation

      It is often dif­fi­cult to find the exact solu­tion you need in a MV appli­ca­tion, lead­ing to high­er costs than nec­es­sary. With our scal­able and adapt­able solu­tions you will be able to only pay for what you real­ly need, with­out com­prim­is­ing on qual­i­ty or security.

      MV Dis­tri­b­u­tion Grid Automation

      Photovoltaic Power Station

      Using an open and scal­able SCADA sys­tem to mon­i­tor and con­trol a PV plant comes with many ben­e­fits on sev­er­al lev­els. Find out how advanced com­mu­ni­ca­tion tech­nol­o­gy affects PV oper­a­tion, main­te­nance, sys­tem design, invest­ment secu­ri­ty, profits…

      Pho­to­volta­ic Generation