Source : Free On-Line Dictionary of Computing

Virtual Private Network
     
         (VPN) The use of {encryption} in the
        lower {protocol layers} to provide a secure connection through
        an otherwise insecure network, typically the {Internet}.  VPNs
        are generally cheaper than real private networks using private
        lines but rely on having the same encryption system at both
        ends.  The encryption may be performed by {firewall} software
        or possibly by {routers}.
     
        Link-level (layer 2 and 3) encryption provides extra
        protection by encrypting all of each {datagram} except the
        link-level information.  This prevents a listener from
        obtaining information about network structure.  While
        link-level encryption prevents traffic analysis (a form of
        attack), it must encrypt/decrypt on every {hop} and every
        path.
     
        Protocol-level encryption (layer 3 and 4) encryption encrypts
        protocol data but leaves protocol and link headers clear.
        While protocol-level encryption requires you to
        encrypt/decrypt data only once, and it encrypts/decrypts only
        those sessions that need it, headers are sent as clear text,
        allowing traffic analysis.
     
        Application (layer 5 up) encryption is based on a particular
        application and requires that the application be modified to
        incorporate encryption.
     
        {Cisco
       
     (http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/cnfg_nts/rsm/rsm_pa/4801encr.htm)}.
     
        (1999-11-15)