Most of you are familiar with the term VPN. You also know that it is used for achieving anonymity or hiding your identity. But do you know that the primary function of a VPN is something different? Apart from anonymity and security, VPN has many more other features.
In this post, I’m going to discuss VPN, its working, its features, the protocols it uses in detail. So let’s get started!
What is a VPN?
A VPN(Virtual Private Network) is a private network of two or more computers configured and used by an organization to connect to remote sites or users with restricted public network access. VPN allows distant users to send and receive data across shared or public networks. VPN creates a secure, encrypted connection for the transmission of data to provide additional security. For this, it uses various tunneling protocols.
VPN is the best solution for wireless access. It enables remote users to have secure access to networks using the Internet. VPN offers a secure, dedicated path called tunnel against a less secure network.
Even if the data transferred between the private network and outside network get intercepted, it cannot be read because it is in the encrypted format. This makes VPN more reliable technique to communicate to outside networks.
How does a VPN work?
In simple terms, a VPN works like this. A client device sends data to one point of the VPN network. Data is encrypted at that point and sent through the internet to another point of VPN network. At this point, data gets decrypted and sent to the desired destination. The destination might be a web server or a machine in a private network.
Now the process is the same if the destination machine wants to send data back to the source. This way VPN creates a point-to-point encrypted connection which can be accessed only by authorized users.
A VPN needs the following three main technology components:
- Traffic control
- Enterprise management
Different VPN tunneling protocols
1. Point-to-Point Tunneling Protocol(PPTP)
Point-to-Point Tunneling Protocol is developed on the Internet communications protocol called Point-to-Point Protocol and TCP/IP protocol. It is an extension of the Internet’s PPP protocol. PPTP transmit data packets and then uses GRE(Generic Routing Encapsulation) protocol for encapsulation.
There was no provision of authentication or encryption in PPTP when it was first developed; it has been improved in the recent past to support encryption and authentication methods.
2. Layer 2 Tunneling Protocol
Similar to PPTP, Layer 2 Tunneling Protocol refers to a tunneling protocol and fails to include any encryption or authentication technique. L2TP is faster than PPTP when it comes to sending data packets as it does not retransmit lost packets.
L2TP is more firewall-friendly than PPTP as it combines the data and control channels and uses high-performance UDP(User Datagram Protocol). Data transmission in an L2TP takes place as a UDP-based IP protocol.
3. Internet Protocol Security(IPSec)
IPSec refers to an open standard and is based on network layer 3 security protocol. It is a better alternative to PPTP. The IPSec protocol uses the Encapsulating Security Payload(ESP) or Authentication Header(AH) protocols to safeguard IP datagrams.
Combining L2Tp with IPSec provides the ability to use L2TP as a tunneling protocol; however, the data is secured only by using an IPSec scheme.
4. SSL and TLS
SSL(Secure Sockets Layer) and TLS(Transport Layer Security) can tunnel an entire network’s traffic or secure an individual connection. These protocols are commonly used by online shopping and banking websites. Applying these protocols upgrade a non-secure connection(http) to a secure connection(https).
Read more about SSL here.
5. Secure Shell(SSH)
Secure Shell provides VPN tunneling through which data is transferred in an encrypted format. SSH client generates SSH connections following data transfer from a local port to a remote server through an encrypted tunnel.
Types of VPN
VPNs can be categorized by the following parameters:
- The tunneling protocol used
- The topology of connection
- The level of security provided
- The number of simultaneous connections
- The OSI layer presented to the connecting network
Two major types of VPN are listed below:
1. Site-to-site VPN
A site-to-site VPN connects offices spread across geographically different locations securely over the internet. It is used for connecting two networks. Site-to-site VPN allows employees working in one location to use computer resources of another location. Most site-to-site VPNs use IPSec protocol and can have either Layer 2 or Layer 3 connectivity.
There are two types of site-to-site VPN:
- Intranet-based: This type of VPN is created when a company is having multiple offices in different places and want to connect all of them in a single private network.
- Extranet-based: This use case is used when a company is a partner of another company and want to work in a single shared network environment.
2. Remote-access VPN
Remote-access VPN allows individual users or employees of a company to access the secure resources on the network. Unlike site-to-site VPN, remote-access VPN is used for connecting a single computer to a network.
The two components required in a remote-access VPN are — the NAS(Network Access Server) and the client software. This VPN uses either IPSec or SSL protocol to secure the connection.
Benefits of using a VPN
- VPNs provide protected access to data by using advanced encryption and authentication schemes.
- VPNs provide easy and cost-effective ways for organizations to use the Internet infrastructure within ISPs.
- The traffic to the internal network is isolated only after VPN authentication is performed.
- VPNs have low administration needs.
Use cases of VPN
A VPN can be used for many use cases —
- Protecting your online identity
- Blocking ads, trackers and malware
- Staying safe on open public wifi
- Bypassing censorship and geographic restrictions
- For business use, to connect to private networks and access resources
Security limitations of VPN
VPN can only protect against attacks such as network sniffing or data snooping. VPNs do not filter the data that is being transmitted between the two communicating parties. Hence, the threat of the entrance of a virus or malware remains the same.
Note: VPN is not a complete security solution or replacement for security software such as antivirus or anti-malware.
I recommend using NordVPN. It is one of the best VPN service providers in the market right now. To see its features and buy NordVPN, click the link below