What is a VPN
A virtual private network protects personal or corporate data when it is transmitted over the Internet or other networks. To do this, VPN for PC uses a virtual tunnel, and encrypts the transmitted data.
The VPN itself acts as a network interface to the client and is transparent to the operating system, applications, and users accessing it.
What is a VPN used for?
First of all, a virtual private network provides confidential data transmission. A VPN protects information as it travels over a public network. If attackers somehow intercept the data, they will not be able to decrypt it and use it for their own purposes.
VPN is also used in companies where employees work remotely – at home, in public places and even in transport. Home networks and personal devices are not as well protected as office networks and workplaces. In addition, workers use public networks that send data unencrypted. Using a VPN provides a secure connection to your organization’s internal systems. All confidential files or intellectual property are protected when transmitted over the Internet.
VPN is a must for any organization whose employees travel abroad for work. For security reasons, many companies restrict access to their internal network to a list of specific IP addresses. In addition, in a number of countries, some websites necessary for work are blocked. A VPN solves this problem.
Another common security problem is DNS leaks. Due to incorrect configuration, requests can be sent unencrypted bypassing the VPN. Thanks to this, an attacker is able to obtain information about the IP address of devices or the network, the websites visited and their IP addresses. This information will help the scammer create a phishing campaign to steal login details.
Disadvantages of VPN
The main drawback is one – speed. A VPN connection is another stop in the path of data being transmitted. In addition, encryption requires additional time. As a result, each VPN connection slows down the speed of work a little.
In general, the speed of a VPN connection depends on the connection speed of both endpoints. For example, a user accessing a corporate network through a VPN is limited by the speed of:
- connecting your work machine to the Internet,
- Internet connection to the VPN server,
- VPN server connections to available resources.
The slow speed of a VPN service can lead to a significant drop in bandwidth.
How a virtual private network works
There are several types of VPN, each of them can use different protocols and encryption methods. The choice depends on the purpose of using the VPN.
Types of VPN Connection Organization
There are three main types of virtual private network organization: Remote Access VPN (secure remote access gateway), Site to Site VPN (point-to-point connection or router-router) and Client to Provider.
Remote Access VPN
This type of VPN allows individual users to establish secure connections to a remote computer network. They access protected resources on this network over the Internet as if they were connecting directly to servers on the network. This method is suitable for organizations where hundreds of remote employees work.
Another name for this type of VPN is a virtual private network with dial-up
Access (VPDN). The word “dial-up” recalls that in its earliest form, a remote access VPN required a connection to a server using analog telephony.
How it works
This type requires two components. The first is the NAS network access server. It can be a dedicated server or one of several software applications running on a shared server. The NAS requires the user to provide their CREDENTIALS to log in to the VPN. Nas authentication is carried out independently or uses a separate server for this.
The second component of remote access VPNs is client software. It is installed on users’ computers. Most operating systems today have firmware to connect to a VPN. However, some VPNs may require users to install a special application. The client software establishes a tunneled connection to the NAS server. It also manages the encryption needed to secure the connection.
Large corporations or enterprises with qualified IT staff typically deploy and maintain their own Remote Access VPN virtual private networks.
Site to site VPN
This type of VPN is suitable for large corporations with branches all over the country or the world.
How it works
There are two types of Site to Site VPN – intranet and extranet.
If the company has one or more geographically remote offices that need to be combined into a single private network, then a VPN intranet is created. It connects each individual local grid to the organization’s overall network.
It is created for the work of several companies that want to share
part of the resources, and the other part should be left private. Based on the extranet, each organization connects to the VPN and selects the resources it wants to make available to the other company. This VPN allows organizations to work together in a secure, shared network environment, preventing access to their individual intranets.
It’s a way to connect for users who use an insecure public Wi-Fi network, such as a coffee shop, airport, or hotel.
Also, this connection method is designed for those who are interested in maintaining the confidentiality of their data. Thanks to it, the user encrypts traffic from his Internet provider.
How it works
To prevent traffic interception, the user establishes a VPN connection with the VPN provider, and the VPN provider already redirects the traffic to the Internet. Easily intercepted local wireless traffic is encrypted all the way to the ISP, which then securely connects to the Internet. This reduces the likelihood of an intermediary (MITM) or sniffer attack.
To connect to a secure network, you need a VPN client, software that runs on a dedicated device. It acts as a tunnel interface for multiple connections and eliminates the need for each computer to run its own VPN client software. The connection method you choose depends on your usage.
Specialized software is installed on the remote endpoint. When it starts, it creates an encrypted vpn connection. To establish a VPN connection, the endpoint must start the VPN client and connect to another endpoint. This type of connection is common in public VPN services. Typically, the user downloads the VPN client to connect.
Built into the operating system
Windows, iOS, macOS, Android, and Linux operating systems allow you to connect to a remote VPN server, provided that the remote endpoint supports the same VPN protocol and configuration.
The VPN server acts as a gateway and router at the edge of the local network, or at the edge of the Internet. It is responsible for deploying packets and repackaging them for transmission on a local network or on the Internet.
This connection option is typically used in a corporate environment. Large companies have in-house IT professionals who are able to install, configure, and maintain client installations and VPN servers.
Solutions for private users whose router supports the VPN configuration function. This method allows you to connect several devices to the VPN at once. The disadvantage of this approach is the complexity of the configuration, which requires good technical knowledge.
VPN browser extension
Despite the name, such extensions are not VPN services. They don’t support traffic protection, a key feature of vPNs. It is provided by the hardware, not the browser. A browser extension can only use a proxy server to spoof the user’s IP address. This is enough to access sites blocked by Roskomnadzor. But it will not be possible to hide from surveillance. For example, the manager easily recognizes on which sites the employee sits.
Protocols are used to create a secure connection between the VPN client and the VPN server and differ in different levels of security and performance. Some work better on mobile devices, others are designed for large corporate networks.
The protocol is open source and has a high level of security, thanks to which, it has become one of the most popular. User authentication is possible in several ways: using a preset key, certificate or login and password. OpenVPN does not have a boxed solution – each VPN provider develops its own client software to work with it. Therefore, the protocol works on all operating systems and is compatible with the services of cloud providers.
PPTV is a point-to-point tunneling protocol. It is still in use, although outdated. It usually works on free VPN services. The protocol is slow to recover after the connection is dropped, and its security level is lower than that of others.
The combination of the two protocols is L2TP is an improved version of PPTP, and IPSec is responsible for authentication and encryption. L2TP/IPSec has a high level of security, but the data transfer rate is lower than the rest.
This is an improved version of the L2TP protocol. IKEv2 is well suited for mobile devices – it is resistant to frequent network changes.
This is a secure socket tunneling protocol. The protocol is part of the Windows operating system. Encryption is provided by the SSL protocol, and authentication is provided by three protocols at once: SSL, PPP and SSTP.
A new and so far uncommon protocol. It has simple code, so it is easier to detect and fix vulnerabilities. The developers offer it as a replacement for IPsec and OpenVPN protocols.
Encrypt data in a VPN
It ensures the confidentiality of data transmitted over a private virtual network.
Encrypted information cannot be read without a key that is known only to the VPN server and computer.
There are two ways to encrypt traffic.
All users, or more precisely, computers, use the same key, which is intended to encrypt and decrypt the message.
Public key cryptography
Each computer has a key pair: private and public. With a private key, it encrypts the data being sent, and with a public one, it decrypts what it receives from other PCs.
Along with encryption, the VPN uses the IPSec security protocol, which provides additional protection.
A widely used protocol to protect traffic on IP networks. IPSec can encrypt data between different devices:
- router with router,
- router with firewall,
- computer with router,
- the computer with the server.
IPSec consists of two subprotocols that provide the instructions a VPN needs to secure its packets: ESP and AH. We will not describe them here.
Network devices use the IPSec protocol in tunnel mode—they create a virtual tunnel between the two networks.
Computers at each end of the tunnel encrypt the data being sent and decrypt it after it is received.
VPN and Virtual Private Cloud (VPC)
VPN creates a secure connection of the local network with the services of the cloud provider. As a rule, providers offer their customers a public or private cloud – Virtual Private Service (VPC). While in the public cloud all customers share the allocated resources, then in the private cloud, each receives separate isolated capacity. Simply put, Virtual Private Service is a cloud in the cloud.