Introduction

In previous chapters, you have discovered how you can enhance authentication by using third-party open source software, such as Kerberos, one-time passwords in everything (OPIE), and the public-key cryptography methods of Open Secure Shell (OpenSSH). You also learned how to employ encryption between hosts by using the application-layer security methods of OpenSSH. In this chapter, you will go a step further to deploy secure authentication and strong encryption at the network layer to establish network security by using virtual private networks (VPNs). VPNs offer certain advantages over other network security protocols, as you will find in this chapter. You will learn about the many solutions provided by VPNs in today s Internet workplace, such as providing secure transmissions between two hosts, routers, or both. We explain the Internet Protocol Security Architecture (IPSec), which is quickly becoming the standard protocol for VPNs. You will finish up the chapter by creating your own VPN by using Free Secure Wide Area Network (FreeS/WAN).

Secure Tunneling with VPNs

A VPN provides a private data network over public telecommunication infrastructures, such as the Internet. It provides both secure authentication and encryption. It creates a data tunnel between devices so that all data transmitted between the devices is secure, regardless of what programs the devices are running. After a secure tunnel is established, data can be transmitted securely between the hosts.

Three basic types of VPN solutions exist: telecommuter, router-to-router, and host-to-host. A telecommuter VPN can be used to securely connect a host to a network...