Short Bytes: VPN is a technology used to setup a private network over the internet to share the resources of a corporate intranet with remote users and other office locations of the company. People can also use VPN to access their home network.
A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network.
A VPN can connect multiple sites over a large distance just like a Wide Area Network (WAN). VPNs are often used to extend intranets worldwide to disseminate information and news to a wide user base. Educational institutions use VPNs to connect campuses that can be distributed across the country or around the world.
Two Types of VPNs
Mainly, VPNs are of two kinds, namely, Remote Access VPN and Site-to-Site VPN. The second kind site-to-site virtual private networks have further sub-types.
Remote Access VPN
When we talk about Remote Access VPN, we are talking about giving someone access to an existing private network over the internet.
The private network can be a network setup by some corporate organization equipped with database and network hardware related to the organization or any of their project.
Because of remote access VPN, there is no need for an employee to connect to his company’s network directly. He can do so with the help of necessary VPN client software and credentials given by the firm.
Remote Access VPNs aren’t the buzzwords for the corporate sector only.
Home users can also leverage them. For instance, you can setup a virtual private network at your home and use the credentials to access it from somewhere else. This way, the websites you visit will see the IP address of your home network rather than your actual IP address.
Moreover, most of the VPN services you see in the market are an example of remote access VPN. These services mainly help people eliminate geographical restrictions on the internet. These limitations are probably there because of government-led blocking, or if a website or service is not accessible in a particular region.
Site-to-Site VPN
The word ‘site’ in this case refers to the physical location where a private network exists. It is also known as LAN-to-LAN or Router-to-Router VPN. In this type, two or more private networks in different parts of the world are connected to each other over the network, all serving as one single virtual private network on the internet. Now, there are two sub-kinds of site-to-site virtual private networks.
Intranet Site-to-Site VPN:
We call it intranet site-to-site VPN when different private networks of a single organization are clubbed together over the internet. The can be used to share resources across various office locations of the company. One other possible way would be laying separate cable across different office locations, but that won’t be feasible and might incur high costs.
Extranet Site-to-Site VPN:
There can be a need to connect the corporate networks belonging to different organizations. They might be collaborating on a project involving resources from both the organizations. Such virtual private networks created are known as extranet site-to-site VPNs.
How does a VPN work?
The working of VPN is not a terrible deal to understand, though it is. But, before that, you need to get an idea of the protocols, or set of rules in laymen terms, used by VPN in providing a secure personal network.
SSL (Secured Socket Layer): It uses a 3-way handshake method for assuring proper authentication between the client and server machines. The authentication process is based on cryptography where certificates, behaving as cryptographic keys already stored on the client and server sides, are used for initiating the connection.
IPSec (IP Security): This protocol can work in transport mode or tunneling mode so that it can do its job of securing the VPN connection. The two modes differ in the sense that the transport mode only encrypts the Payload in the data, i.e. only the message present in the data. The tunneling mode encrypts the entire data to be transmitted.
PPTP (Point-To-Point Transfer Protocol): It connects a user located at some remote location with a private server in a VPN network, and also uses the tunneling mode for its operations. Low maintenance and simple working make PPTP a widely adopted VPN protocol. Further credit goes to the inbuilt support provided by Microsoft Windows.
L2TP (Layer Two Tunnelling Protocol): It facilitates the tunneling of data between two geographical sites over the VPN network, often used in combination with the IPSec protocol which further aids to the security layer of the communication.
So, you have a rough idea about the various protocols used in a VPN. We shall proceed further and see how it works. When you connect to a public network, for example, free WiFi networks at airports, you can assume that all your data is flowing through a big tunnel along with the data of other users.
So, anyone who wants to spy on you can easily sniff your data packets from the network. When VPN comes into the scene, it provides you a secret tunnel inside that big tunnel. And all your data is transformed into garbage values so that no one can recognize it.
Setting up a VPN Connection involves Three Phases:
Authentication: In this step, data packets are first encapsulated, basically wrapped inside another packet along with some headers and other stuff are attached. All of this conceals the identity of the data packets. Now, your device initiates the connection by sending a Hello request to the VPN server, which replies with an acknowledgment and asks for the user credentials to clarify the authenticity of the user.
Tunneling: After the authentication phase is finished, what we can say, an imaginary tunnel is created which provides a direct point to point connection through the internet. We can send whatever data we want to via that tunnel.
Encryption: After we’ve successfully created the tunnel, it can transfer whatever information we want to, but that information is still not safe if we use a free VPN service. That’s because other people also use it. So, we encrypt the data packets before sending them over the tunnel, thus, barring any other user to peep into our packets, as he will only see some unrecognizable rubbish data flowing through the tunnel.
Now, if you want to access a website, your device will send the access request to the VPN server which will then forward the request to the website in its name and receive the data from it. Then this data will be sent to your device. And the website will think, the VPN server is the user and it will find no trace of your or your device as the actual user. Unless you transmit some personal information over the connection.
For example, your identity can be known if you access a social networking website like Facebook or Twitter,
No comments:
Post a Comment
Note: only a member of this blog may post a comment.