- data integrity
VPN secures traffic over the internet between devices by adding additional headers to the packet with encrypted data. Algorithms are used to encrypt and decrypt the data.
Types of VPNs
- intranet - connects all computers at two sites of the same organization using one vpn at each site.
- extranet - connects all computers at two sites of different but partnering organizations
- access - connects remote roaming uses to the company network.
- ASA Adaptive Security Appliances
- PIX firewall
- VPN concentrators
- VPN client
- Data Encryption Standard ( DES ) - 56 key length
- Triple DES (3DES) - 53 x 3 key length
- Advanced Encryption Standard (AES ) 128 and 256 key length
IPsec Key Exchange
DH Diffie-Hellman creator of dynamic key exchange
DH-1 - 768-bit
DH-2 - 1024 bit
DH-5 - 1536-bit
Authentication Header AH - performs the message integrity checks for IPsec
Encapsulating security payload ESP - defines rules for performing authentication, message integrity, encryption and antireplay.
ESP can perform authentication and message integrity however AH was created to improve the process and provides a much better solution. AH does not handle encryption or antireplay.