A virtual private network is only as good as its encryption capabilities.
Encryption
- In
symmetric-key encryption, all computers (or users) share the same key used to both encrypt and decrypt a message. - In
public-key encryption, each computer (or user) has a public-private key pair. One computer uses its private key to encrypt a message, and another computer uses the corresponding public key to decrypt that message.
In a VPN, the computers at each end of the tunnel encrypt the data entering the tunnel and decrypt it at the other end. However, a VPN needs more than just a pair of keys to apply encryption. That's where protocols come in. A site-to-site VPN could use either
IPSec is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server. IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:
- Encapsulated Security Payload
(ESP) encrypts the packet's payload (the data it's transporting) with a symmetric key. - Authentication Header
(AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender's identity) until it gets to its destination.
Networked devices can use IPSec in one of two encryption modes. In
In a remote- access VPN, tunneling typically relies on
- L2F (Layer 2 Forwarding) -- Developed by Cisco; uses any authentication scheme supported by PPP
- PPTP (Point-to-point Tunneling Protocol) -- Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP
- L2TP (Layer 2 Tunneling Protocol) -- Combines features of PPTP and L2F and fully supports IPSec; also applicable in site-to-site VPNs
Throughout this article, we've looked at the types of VPNs and the components and protocols that they use. Over time, people have developed new and better technologies to use in networks, which improves the features of existing VPNs. VPN-specific technologies, though, such as tunneling protocols, haven't changed much in that time, perhaps because current VPNs do such a good job at to keep businesses connected around the world.
Sources
- Cisco. "How Virtual Private Networks Work." Oct. 13, 2008. (April 4, 2011)http://www.cisco.com/application/pdf/paws/14106/how_vpn_works.pdf
- Friedl, Stephen J. "Steve Friedl's Unixwiz.net Tech Tips: An Illustrated Guide to IPSec." Aug. 24, 2005. (April 4, 2011)http://www.unixwiz.net/techtips/iguide-ipsec.html
- Microsoft. "TechNect: VPN Tunneling Protocols." 2011. (April 3, 2011)http://technet.microsoft.com/en-us/library/cc771298(WS.10).aspx
- Pandya, Hiten M. "FreeBSD Handbook: Understanding IPSec." The FreeBSD Documentation Project. (April 4, 2011)http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html