Virtual private networks (VPN)

Why use a virtual private network or VPN? What protection advantages can it offer?

You may have heard of virtual private networks or VPNs in regard to individuals who want to avoid being tracked on public Wi-Fi, or those who want to browse safely and anonymously without suffering speed issues.

However, there are far more important and widespread uses for VPNs at a more global, business, and community level.

A virtual private network – or VPN – is typically used to create a private network over a public network, like the Internet. In effect, a VPN supports a closed community of authorised users.

Most VPNs provide some level of security based on cryptographic separation including:

• Confidentiality and integrity of data.
• Network (device) authentication.
• User authentication.

The most common protocol for providing VPN security these days is IPsec – or Internet Protocol Security.

VPNs are sometimes referred to as tunnelling technologies, because they provide a secure network which ‘tunnels’ through a less secure network.

Uses of VPN

There are three typical uses of a VPN which you can see in Figure 1. These are:

• Intranet
• Remote access
• Extranet

A VPN uses a feature called a concentrator. A concentrator is a networking device that creates VPN connections and helps to manage them remotely. It forms multiple encrypted VPN tunnels at the same time and provides a secure and encrypted connection between different VPN servers.

A VPN concentrator is shown at the two endpoints of the VPN. The VPN protocol, for example IPsec, is used to secure the traffic between the two concentrators, with the usual TCP/IP protocols being carried over the VPN. With IPsec, the VPN link is encrypted, and the two concentrators are authenticated to each other.

Now let's look at each of the VPN types in a little more detail.

Uses of VPN

Figure 1: The three types of VPN–Intranet, Employee remote access, Extranet.

VPN: Intranet

Intranet within an organisation, shown as the VPN pipe between Site 1 and Site 2 passing over the network. This network could be a public network, like the internet, or another network where the data needs to be isolated from other traffic.

Figure 2: Intranet

VPN: Employee remote access

Remote access by an employee. In these situations, the employee’s PC generally implements the VPN protocol. In this case, the user supplies credentials to access the VPN which then forms the basis of the encryption key used to protect the VPN circuit.

Figure 3: Employee remote access

VPN: Extranet

Extranet outside an organisation to a third-party. The diagram shows the third-party communicating with the organisation using a VPN, which then forms an extranet. An extranet is part of an organisation’s network made available to trusted third parties. The organisation controls what services the third party can access using firewalls or routers. It differs from the DMZ which is open to the public.

Figure 4: Extranet

VPN: Protection against threats

You now can see that a VPN can be a very powerful tool when it comes to securely navigating networks. By redirecting your internet traffic to disguise your IP address, VPN makes it impossible to track you. VPN also encrypts the information you send across the internet, so it prevents anyone who wants to intercept your information from being able to view it.

Can you think of any other strengths of VPN?

What’s next? 

Moving on from VPN, next you're going to hear from our expert, Mark. In the following video, he will explain Transport layer security and how it differs from VPN.