What is VPN?
The commonly used initials “VPN” stand for the term Virtual Private Network. In its most basic definition a VPN is a network of computers which is kept private and secure despite being spread across unsecured public networks, such as the internet. They can be thought of in contrast to ring-fenced networks of computers behind a single firewall, situated in a single location, using dedicated on-site connections (i.e., LANs - Local Area Networks) or private networks of computers in disparate locations, connected using privately leased lines. VPNs therefore allow businesses and individuals to share sensitive information across computers, or other devices, in varying locations without the need to deploy distinct physical connections, and without compromising the security of those devices or their LANs.
There are two broad classifications of VPN. The first, remote-access, describes a scenario in which an individual computing device establishes a connection with another or with an existing LAN. The second, site-to-site, involves two distinct LANs forming a connection across public networks to create a virtualised LAN.
In practice VPNs can utilise a number of varying technologies and protocols to create secure connections on which data can be transferred. At their heart, though, lies the idea of creating a secure tunnel through a public network, within which all information can be passed; essentially a virtualised equivalent of a physical network connection or a leased line for example.
How it Works
To create these tunnels, VPNs typically combine both end-point authentication and data encryption, preventing unauthorised users gaining access to the networks or intercepting data whilst in transit across public networks.
In terms of encryption, data is transferred in data packets (small units of data) in which the core data itself is encrypted; as can be the outer layers which contain information about where the packet has come from and where it is destined for. Depending on the level of security, it may be possible, if intercepted, to determine which network gateway router or VPN server that the packet has been sent from, or is heading to, from its outer layer, but the individual device destination and origin will be encrypted on an inner layer, with the core data encrypted within that. The information detailing the packet’s specific destination on the receiving network will only be decrypted by the receiving network, whilst the core data itself will only be decrypted by that specified destination device. The technologies and protocols involved in these processes include Internet Protocol Security (IPSec), Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for data packet encryption and ‘tunnelling’.
As an alternative to data packet encryption, however, VPNs can instead utilise trusted networks, whereby networks administered by a single provider - using technologies such as Multiprotocol Label Switching (MPLS), a cross-protocol technology which creates virtualised leased lines or LANs - are able to provide the security required to transfer data.
The addition of end-point authentication measures, meanwhile, ensures that the data cannot be accessed by unauthorised users once it has been received and decrypted at each end point, as well as preventing any malware from accessing the virtualised network.
Usually VPNs rely on knowing the predetermined IP addresses of devices/computers in order to establish the paths described above. However, mobile VPN services can also be used to connect portable devices, such as mobile phones and tablets, which roam from one network to another (e.g., between WiFi hotspots and 3G networks), by applying consistent bespoke IP addresses, in place of those which are assigned by each individual network.
Consequently, VPNs can be used to create secure networks free of both hardware/device and geographical restrictions, allowing private information to be transferred between any enabled devices with access to an internet connection. There are, therefore, many practical uses of VPNs for both private and enterprise VPN clients.
For organisations they can allow:
- two distinct LANs in remote locations (e.g., offices or branches) to be conjoined as if they were on the same LAN, with private files stored and accessed securely, and software executed remotely - removing the cost of implementing leased lines
- remote employees or employees on the move to access central networks (as if they were at their desk) across the internet using broadband, WiFi and cellular data connections - saving on wasted productivity and facilitating working from home
- secure communication, through data, voice and video, between departments and organisations across the world - reducing the need for travel
- bring your own device (BYOD) policies whereby employees can use their own varying devices - with which they are more familiar, which have specialist software and which do not require investment from the organisation - at work whilst minimising the security risks to private networks
For individuals, VPNs can allow them to:
- access private home networks and computers whilst out-and-about
- access secured organisation networks for work purposes or educational resources, for example
More information on Interoute's VPN Services