Beruflich Dokumente
Kultur Dokumente
An encryption key tells the computer what computations to perform on data in order
to encrypt or decrypt the data.
There are two main encryption models:
symmetric-key encryption, based on the same key used to both encrypt and
decrypt a message shared among all users.
public-key encryption, each computer (or user) has a public-private key pair.
The private key from one computer (or user) encrypts the message, while the
other computer uses the corresponding public key to decrypt that message.
ENCRYPTION PROTOCOLS
While the tunnel itself is not encrypted, but encoding can be added, a VPN needs more
than just a pair of keys in order to apply encryption. This is where protocols come in.
IPSec or Internet Protocol Security is a widely used protocol for securing traffic on IP
networks, including the Internet. IPSec can encrypt data between various devices,
including router to router, firewall to router, desktop to router, and desktop to server.
In a nutshell, IPsec provides mechanism, not policy: rather than define such-and-such
encryption algorithm or a certain authentication function, it provides a framework that
allows an implementation to provide nearly anything that both ends agree upon
(source: Friedl).
IPSec consists of two sub-protocols which provide the instructions a VPN needs to
secure its packets:
Encapsulated Security Payload (ESP) encrypts the packet's payload (the
data it's transporting) with a symmetric key.
Authentication Header (AH) uses a hashing operation on the packet header
to help hide certain packet information (like the sender's identity) until it reaches
destination.
VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together.
In a remote- access VPN, tunneling typically relies on Point-to-point
Protocol (PPP)
However, when trying to determine the VPN app. of choice for you, you might meet
one of these three protocols based on PPP: