(VPN) The use of encryption
in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet
. VPNs are generally cheaper than real private networks using private lines but rely on having the same encryption system at both ends. The encryption may be performed by firewall
software or possibly by routers
Link-level (layer 2 and 3) encryption provides extra protection by encrypting all of each datagram
except the link-level information. This prevents a listener from obtaining information about network structure. While link-level encryption prevents traffic analysis (a form of attack), it must encrypt/decrypt on every hop
and every path.
Protocol-level encryption (layer 3 and 4) encryption encrypts protocol data but leaves protocol and link headers clear. While protocol-level encryption requires you to encrypt/decrypt data only once, and it encrypts/decrypts only those sessions that need it, headers are sent as clear text, allowing traffic analysis.
Application (layer 5 up) encryption is based on a particular application and requires that the application be modified to incorporate encryption.