VPN Overview of Common Terms

Previous page
Table of content
Next page

A VPN is a means to securely and privately transmit data over an unsecured and shared network infrastructure. VPNs secure the data that is transmitted across this common infrastructure by encapsulating the data, encrypting the data, or both encapsulating the data and then encrypting the data. In the context of VPN deployments, encapsulation is often referred to as tunneling, as it is a method that effectively transmits data from one network to another transparently across a shared network infrastructure.

A common encapsulation method found in VPNs today is Generic Routing Encapsulation (GRE). IP-based GRE is defined in IETF RFC 2784 as a means to enclose the IP header and payload with a GRE-encapsulation header. Network designers use this method of encapsulation to hide the IP header as part of the GRE-encapsulated payload. In doing so, they separate or "tunnel" data from one network to another without making changes to the underlying common network infrastructure. Although GRE tunnels have primitive forms of authentication, as we'll explore in later chapters when discussing dynamic multipoint VPN (DMVPN) deployments, they currently provide no means to provide confidentiality, integrity, and non-repudiation natively. Nevertheless, GRE tunneling is a fundamental component of many different IP Security Protocol (IPsec) designs, and will be discussed frequently in subsequent chapters.

Note

Although IPSec-processed data is encrypted, it is also encapsulated with either Encapsulating Standard Protocol (ESP) or Authentication Headers (AH).


Encryption refers to the act of coding a given message into a different format, while decryption refers to decoding an encrypted message into its original unencrypted format. For encryption to be an effective mechanism for implementing a VPN, this encrypted, encoded format must only be decipherable by those whom the encrypting party trusts. In order to deliver upon these requirements, encryption technologies generally require the use of a mathematical operation, usually referred to as an algorithm, or cipher, and a key. Although generally complex in nature, mathematical functions are known. It is the symmetric key, or as you'll see in the case of asymmetric cryptography, the private key, that is to be kept unknown to would-be attackers. The key is the primary way to keep the encrypted tunnel secure. This book discusses these two common types of cryptographic operations: symmetric key encryption and asymmetric key encryption. Other types of encryption discussed in the framework of this book include secure hashes and digital signatures.



Previous page
Table of content
Next page
IPsec Virtual Private Network Fundamentals
IPSec Virtual Private Network Fundamentals
ISBN: 1587052075
EAN: 2147483647
Year: N/A
Pages: 113
Authors: James Henry Carmouche
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
SQL Tips & Techniques (Miscellaneous)
The CISSP and CAP Prep Guide: Platinum Edition
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Data Structures and Algorithms in Java
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy