The configuration and deployment of a virtual private network obviously involves more than just a packet filtration router. Otherwise, all you would have is a smoked glass window hiding your data from the rest of the world. The real concept of this book, and that of the VPN, is the secure communication between two distinct networks over a public medium, done in such a way that they seem to be sharing a LAN from either end. Thus far, our discussion of firewalling techniques only covers half of the equation. Firewalls either allow or deny traffic based on the source and destination, but once the traffic makes it into your network, the disciplines of authentication and encryption add further protection by securing the conversation.

Encryption can be regarded as a method for altering data into a form that is unusable by anyone other than the intended recipient, who has the means necessary to decrypt it. The input to an encryption algorithm is typically called clear text, while the output is referred to as ciphertext or crypt text. The encryption process protects the data by making the assailant work too hard or too long to get at what’s being hidden. As we will discover, cryptographic routines use mathematics to alter the data in such a way that the process is difficult and expensive to reverse. As with all things, there are sometimes several ways to peel a banana.

Another important topic that we will discuss in this section—a topic that is closely linked ...