A virtual private network (VPN), uses the Internet to provide secure (encrypted) communications between remote locations or users within the same network.
There are two types of VPNs: IPSec and SSL.
IPSec is the most commonly used protocol to establish secure connections between networks and connect hosts in virtual private networks. Within IPSec, there are several subsidiary protocols that perform specific functions, such as the following:
- Authentication Header (AH): This provides proof of origin for IP packets, protecting them against replay attacks.
- Encapsulation Security Protocol (ESP): This protocol provides the origin authenticity, integrity, and confidentiality of the transmitted data.
- Security Association: This is the set of algorithms used to encrypt and authenticate the transmitted data. Because SA is associated with data transmission in one direction, two-way communications are secured by a pair of security associations. Security associations are established using Internet Security Association and Key Management Protocol (ISAKMP), which can be implemented by several means. When testing the security of VPN, one of the most vulnerable configurations relies on pre-shared secrets, Internet Key Exchange (IKE).
