Virtual Private Network Notes

VPN fundamentals

  • privacy
  • authenication
  • data integrity
  • antireplay
VPN secures traffic over the internet between devices by adding additional headers to the packet with encrypted data. Algorithms are used to encrypt and decrypt the data.

Types of VPNs
  • intranet - connects all computers at two sites of the same organization using one vpn at each site.
  • extranet - connects all computers at two sites of different but partnering organizations 
  • access - connects remote roaming uses to the company network.
VPN Devices
  • Router
  • ASA Adaptive Security Appliances
  • PIX firewall
  • VPN concentrators
  • VPN client
Encryption Algorithms
  • Data Encryption Standard ( DES ) - 56 key length 
  • Triple DES (3DES) - 53 x 3 key length 
  • Advanced Encryption Standard (AES ) 128 and 256 key length 
IPsec Key Exchange

DH Diffie-Hellman creator of dynamic key exchange

DH options

DH-1 - 768-bit
DH-2 - 1024 bit
DH-5 - 1536-bit

Authentication Header AH - performs the message integrity checks for IPsec

Encapsulating security payload ESP - defines rules for performing authentication, message integrity, encryption and antireplay.

ESP can perform authentication and message integrity however AH was created to improve the process and provides a much better solution. AH does not handle encryption or antireplay.