What is a vpn? 13.3, The benefi ts of ipsec 13.4 – Westermo MR Series User Manual

386

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

DES (192-bit key)

13.2.2

Again, this is a well-established and accepted protocol but as it involves encrypting the data three
times using DES with a different key each time, it has a very high processor overhead. This also
renders it almost impossible for casual hackers to attack and very difficult to break in any meaning-
ful time frame, even for well-equipped and knowledgeable parties.

AES (128-bit key)

13.2.3

Also known as Rijndael encryption, AES is the new “de-facto” standard adopted by many USA and
European organisations for sensitive applications. It has a relatively low processor overhead com-
pared to DES and it is therefore possible to encrypt at higher data rates. As with 3-DES, it is almost
impossible for casual hackers to attack and is very difficult to break in any meaningful time frame,
even for well-equipped and knowledgeable parties.

To put these into perspective, common encryption programs that are considered “secure” (such as
PGP) and on-line credit authorisation services (such as Web-based credit card ordering) generally
use 128-bit encryption.

Note:
Data rates are the maximum that could be achieved but may be lower if other applications are
run ning at the same time or small IP packet sizes are used.

What is a VPN?

13.3

VPNs (Virtual Private Networks) are networks that use the IPSec protocols to provide one or
more secure routes or “tunnels” between endpoints. Users are issued either a shared “secret” key
or “public/ private” key pair that is associated with their identity. When a message is sent from one
user to another, it is automatically “signed” with the user’s key. The receiver uses the secret key or
the sender’s public key to decrypt the message. These keys are used during IKE exchanges along
with other information to create session keys that only apply for the lifetime of that IKE exchange.

The Benefi ts of IPSec

13.4

IPSec is typically used to attain confidentiality, integrity, and authentication in the transport of data
across inherently insecure channels. When properly configured, it provides a highly secure virtual
channel across cheap, globally available networks such as the Internet, or creates a “network within
a network” for applications such as passing confidential information between two users across a
private network.