From Virtual Private Networks: Making the Right Connection
Chapter 5: Encryption
Encryption is what puts the "private" in virtual private networks. Without encryption, information fowing over a public network such as the Internet is transmitted openly. Such traffic can be intercepted and read by common sniffing techniques, making it anything but private. Readily available programs such as protocol analyzers or the network diagnostic tools built into some of today's operating systems can easily see the information as it is sent. Encrypting the data ensures that it won't be read by unauthorized users, ensuring confidentiality; confidentiality, authentication, and integrity are the three properties of a cryptosystem.
In this chapter, we'll look at the two basic types of encryption, known as secret key, or symmetric, encryption and public key, or asymmetric, encryption. The importance of key length in security will be discussed, along with the danger of relying strictly on key length to judge the strength of a cryptosystem. We'll see how the different types of encryption are used to build systems that provide for secure key exchanges and effective and fast encryption of VPN sessions. Finally, we'll discuss authentication, or the use of what are known as digital signatures so that the recipient can be certain of whom the data came from and that it hasn't been tampered with.
One important point to be made here is that when we refer to "users" in this chapter, we're not necessarily talking about individual people. Every entity on a VPN that needs to exchange data with other...
Copyright Morgan Kauffmann Publishers, Inc. 1999 under license agreement with Books24x7

Products & Services
Data Security Software
Data security software restricts access to stored data and processes on a computer or server. These applications are designed to prevent data loss, corruption, or disclosure of sensitive information.
WiFi and WiMAX Wireless Chips
WiFi wireless chips and WiMAX wireless chips are used in fixed broadband wireless access networks that use point-to-multipoint architecture.
VoIP Software
VoIP software is used to conduct telephone-like voice conversations across IP-based networks.
Network Security Services
Network security services determine vulnerability of networks to outside intruders, as well as maintain anti-viral and firewall updates and usage.
Communications Software
Communications and network software is used for the setup and management of digital communication networks such as LAN and WAN computer networks, electronic mail, FAX, audio and video networks, wireless communication systems, etc.

Topics of Interest

Chapter 6: User Authentication, Authorization, and Key Management Overview Encryption is only as effective as the system that controls the access to keys. In a VPN, as with almost any network, there...

2.7 Asymmetric Cryptosystems and Digital Signatures We now turn our attention to asymmetric cryptosystems. We review basic concepts of public key encryption, digital signatures, the necessary...

Glossary AH (authentication header) In the IPSec protocol, the optional header that contains information for authenticating the data in the packet. asymmetric encryption A system of encryption,...

Keeping Secrets with Cryptography Cryptography is the practice of encryption and decryption. The purpose is simple: encrypted data is encrypted so that if someone sees the data he can't do anything...

1. Security provided by Infrastructure or Application Images and videos (often denoted as visual data) are data types which require enormous storage capacity or transmission bandwidth due to the...