资料来源 : Free On-Line Dictionary of Computing
Virtual Private Network
(VPN) The use of {encryption} in the
lower {protocol layers} to provide a secure connection through
an otherwise insecure network, typically the {Internet}. VPNs
are generally cheaper than real private networks using private
lines but rely on having the same encryption system at both
ends. The encryption may be performed by {firewall} software
or possibly by {routers}.
Link-level (layer 2 and 3) encryption provides extra
protection by encrypting all of each {datagram} except the
link-level information. This prevents a listener from
obtaining information about network structure. While
link-level encryption prevents traffic analysis (a form of
attack), it must encrypt/decrypt on every {hop} and every
path.
Protocol-level encryption (layer 3 and 4) encryption encrypts
protocol data but leaves protocol and link headers clear.
While protocol-level encryption requires you to
encrypt/decrypt data only once, and it encrypts/decrypts only
those sessions that need it, headers are sent as clear text,
allowing traffic analysis.
Application (layer 5 up) encryption is based on a particular
application and requires that the application be modified to
incorporate encryption.
{Cisco
(http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/cnfg_nts/rsm/rsm_pa/4801encr.htm)}.
(1999-11-15)