Pre-shared key (PSK) authentication in VPNs
A pre-shared key is a string of characters that is used as an authentication key. You can use pre-shared keys for site-to-site VPN authentication and with third-party VPN clients.
Both gateways create a hash value based on the pre-shared key and other information. The hash values are then exchanged and verified to authenticate the other party. As its name suggests, the pre-shared key has to be distributed beforehand to all devices that use it. Pre-shared keys must be transferred confidentially because their security benefit is immediately lost if the key is exposed to unauthorized parties.
The pre-shared keys must also be long and random to be secure. Short or predictable pre-shared keys can be easily broken in brute-force attacks. Administrators must also remember to renew the pre-shared keys periodically to maintain a high level of security. Forcepoint NGFW includes tools for generating sufficiently long, random pre-shared keys for VPN components. The keys are automatically transferred to any NGFW Engines that need them using the secure management communications channel.