VPNs (Virtual Private Network) try to provide the same security as leased lines. This includes:
Privacy – prevents anyone on the internet from being able to intercept the packet data
Authentication – Verifies the sender
Integrity – Verifies the data has not changed
Anti-Replay – prevent man-in-the-middle from resending packets to pose as legitimate source
Types of VPNs:
Intranet – Site to Site within an organization
Extranet – Site to Site to another organization
Access – Allows access to corporate network from legitimate users across the internet
IPSec uses dynamic key exchange using IKE (Internet Key Exchange – RFC 4306). IKE uses the Diffie-Hellman process.
IPSec can use AH (Authentication Header) or ESP (Encapsulating Security Payload). ESP Encrpyts. AH does not.