Virtual private networks (VPN)
Why use a virtual private network or VPN? What protection advantages can it offer?
You may have heard of virtual private networks or VPNs in regard to individuals who want to avoid being tracked on public Wi-Fi, or those who want to browse safely and anonymously without suffering speed issues.
However, there are far more important and widespread uses for VPNs at a more global, business, and community level.
A virtual private network – or VPN – is typically used to create a private network over a public network, like the Internet. In effect, a VPN supports a closed community of authorised users.
Most VPNs provide some level of security based on cryptographic separation including:
- Confidentiality and integrity of data.
- Network (device) authentication.
- User authentication.
The most common protocol for providing VPN security these days is IPsec – or Internet Protocol Security.
VPNs are sometimes referred to as tunnelling technologies, because they provide a secure network which ‘tunnels’ through a less secure network.
Uses of VPN
There are three typical uses of a VPN which you can see in Figure 1. These are:
- Remote access
A VPN uses a feature called a concentrator. A concentrator is a networking device that creates VPN connections and helps to manage them remotely. It forms multiple encrypted VPN tunnels at the same time and provides a secure and encrypted connection between different VPN servers.
A VPN concentrator is shown at the two endpoints of the VPN. The VPN protocol, for example IPsec, is used to secure the traffic between the two concentrators, with the usual TCP/IP protocols being carried over the VPN. With IPsec, the VPN link is encrypted, and the two concentrators are authenticated to each other.
Now let's look at each of the VPN types in a little more detail.
Uses of VPN
Figure 1: The three types of VPN–Intranet, Employee remote access, Extranet.
Intranet within an organisation, shown as the VPN pipe between Site 1 and Site 2 passing over the network. This network could be a public network, like the internet, or another network where the data needs to be isolated from other traffic.
Figure 2: Intranet
VPN: Employee remote access
Remote access by an employee. In these situations, the employee’s PC generally implements the VPN protocol. In this case, the user supplies credentials to access the VPN which then forms the basis of the encryption key used to protect the VPN circuit.
Figure 3: Employee remote access
Extranet outside an organisation to a third-party. The diagram shows the third-party communicating with the organisation using a VPN, which then forms an extranet. An extranet is part of an organisation’s network made available to trusted third parties. The organisation controls what services the third party can access using firewalls or routers. It differs from the DMZ which is open to the public.
Figure 4: Extranet
VPN: Protection against threats
You now can see that a VPN can be a very powerful tool when it comes to securely navigating networks. By redirecting your internet traffic to disguise your IP address, VPN makes it impossible to track you. VPN also encrypts the information you send across the internet, so it prevents anyone who wants to intercept your information from being able to view it.
Can you think of any other strengths of VPN?
Moving on from VPN, next you're going to hear from our expert, Mark. In the following video, he will explain Transport layer security and how it differs from VPN.
In this course you’ll take a deep dive into networks and communications controls, looking at Firewalls, DMZ and VPN among others.
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.