VPN
A Virtual Private Network (VPN) is a technology that allows a secure and encrypted connection between a private network and a remote device.
- This allows the remote machine to access the private network directly, providing secure and confidential access to the network's resources and services.
- Another reason is that VPNs allow employees to access the private network and its resources remotely from anywhere, as long as they have an internet connection.
VPN typically uses the ports TCP/1723 for [Point-to-Point Tunneling Protocol PPTP VPN connections.
(This protocol is not considered secure anymore)
At the TCP/IP layer, a VPN connection typically uses the Encapsulating Security Payload (ESP) protocol to encrypt and authenticate the VPN traffic.
IPsec: Internet Protocol Security:
It is a powerful and widely-used security protocol that provides encryption and authentication for internet communications and works by encrypting the data payload of each IP packet and adding an authentication header (AH), which is used to verify the integrity and authenticity of the packet.
IPsec uses a combination of two protocols to provide encryption and authentication:
AH- This protocol provides integrity and authenticity for IP packets but does not provide encryption. It adds an authentication header to each IP packet, which contains a cryptographic checksum that can be used to verify that the packet has not been tampered with.Encapsulating Security Payload (ESP): This protocol provides encryption and optional authentication for IP packets.
IPsec can be used in two modes.
| Mode | Description |
|---|---|
Transport Mode |
In this mode, IPsec encrypts and authenticates the data payload of each IP packet but does not encrypt the IP header. This is typically used to secure end-to-end communication between two hosts. |
Tunnel Mode |
With this mode, IPsec encrypts and authenticates the entire IP packet, including the IP header. This is typically used to create a VPN tunnel between two networks. |