To ensure that your VPN is secure, limiting user access is only one piece of the equation; once the user is authenticated, the data itself needs to be protected as well. Without a mechanism to provide data privacy, information flowing through the channel will be transmitted in clear text, which can easily be viewed or stolen with a packet sniffer. Most modern VPNs use some kind of cryptosystem, in order to scramble data into cipher text, which is then decrypted into readable text by the recipient.

The type of encryption available is highly varied. However, there are two basic cryptographic systems: symmetric and asymmetric. Symmetric cryptography tends to be much faster to deploy, and are commonly used to exchange large packets of data between two parties who know each other, and use the same private key to access the data.

Asymmetric systems are far more complex and require a pair of mathematically related keys - one public and one private - in order to be accessed. This method is often used for smaller, more sensitive packets of data, or during the authentication process.

As a general rule, longer encryption keys are the strongest. The bit length of the algorithm determines the amount of effort required to crack the system using a "brute force" attack, where computers are combined to calculate all the possible key permutations. Currently, some countries have governmental restrictions on encryption strength in a VPN, such as Japan, which may require multiple key lengths in an international tunneling solution.

In the United States, many different encryption schemes are available. The Data Encryption Standard (DES) is a 20-year old, thoroughly tested system that uses a complex symmetric algorithm, although it is considered less secure than recent systems. Triple DES and 3DES use multiple passes of the original version to increase the key length, thus strengthening security. Other methods, like Encapsulated Security Payload or Outer Cipher Block Chaining, can be used to further scramble the data, and maintain or verify its integrity. Although an unbreakable algorithm has yet to be developed, a sophisticated encryption system will greatly minimize the chance of any security gaps.

Most VPN devices, whether hardware- or software-based, use some sort of encryption scheme, and may vary in cost according to the strength of the system used. There are many different products for encrypting tunnels, from trusted companies like Check Point Software, Digital Equipment Corp., Morning Star Technologies, and PSINet, for example. It is important to keep in mind that adding strong third-party encryption to your VPN can slow down transmission speeds.

Some products also feature selective encryption, allowing administrators to decide whether or not to encrypt a subset of traffic, based on the data being accessed. In some cases, you may choose to apply a tougher algorithm to particularly important packets coming off the server. The combination of selective encryption and access control would allow the user to create a specific encrypted session to the VPN application of choice, ensuring the safety of the data as well as guaranteeing network security.