Virtual Private Networks (VPNs)

A virtual private network (VPN) is a private network that uses public networks — the most notable being the Internet — to connect nodes and transport data without compromising security. Though VPNs come in many flavors, their means and ends are similar: All use encryption and other security mechanisms to ensure that only authorized users can access the network and that data cannot be intercepted as it crosses the public wires — or, with increasing frequency, the wireless spectrum.

SSL VPNs
One such security mechanism is Secure Sockets Layer (SSL), a protocol for transmitting private documents over the Internet. Besides its use in VPNs, SSL — which uses a private key to encrypt data transferred over a network connection — is also widely used by web sites to receive confidential user information, such as credit card numbers.

IPSec VPNs
IPSec (short for "IP Security") — a set of protocols developed by the Internet Engineering Task Force to support secure exchange of packets at the IP layer — is widely used in implementing VPNs.

IPSec supports two encryption modes. Transport mode encrypts only the data portion (the payload) of each packet, leaving the header untouched. Tunnel mode, more secure, encrypts both. An IPSec-compliant device on the receiving end of the transaction decrypts each packet sent.

For this to happen in an IPSec-based deployment, the sending and receiving devices must share a public key. This is achieved through a protocol with the unconversational acronym ISAKMP/Oakley. Its cumbersome moniker aside, this key management protocol performs an essential function: making it possible for the receiver to obtain a public key and authenticate the sender using digital certificates.