Guide to Virtual Private Networks
Imagine leaving your home wearing a clearly legible sign around your neck that provides all of your most important and private information: your name, address, contact information, banking and other financial data, all of your shopping habits, places you frequent and what you do while you are there. Most of us would not want to share this information with complete strangers, for many obvious reasons. This data can put you at risk in any number of ways, including potential theft and physical harm. Yet, that is exactly what many people do every time they use internet.
When individuals and businesses use the internet without encryption they leave all of their information out in the open, and put themselves at great risk. A virtual private network (VPN) can ensure the security of your connections and your most important information. A VPN utilizes a public network (most commonly the Internet) to link distant sites or users. In the past computers had to be connected via hardwiring. A VPN uses "virtual" connections directed through the Internet from the individual or organization’s private network to the distant site or employee location. There are several advantages to using a VPN. As shown above, a VPN can be used to establish a secure connection to a remote network using the Internet. Many businesses use VPNs to enable employees to access to files, software, hardware, and other company resources. Individual users can also utilize a VPN to safely access their secure home network from a remote location.
VPNs are extremely useful to organizations that need to securely connect several networks. As a result, businesses of nearly every size depend on a VPN to connect and share servers and other assets between multiple locations around the world. Individuals can also utilize a VPN to connect their home or additional networks for personal use.
When users need to access servers and computers from remote locations while using a public network like a Wi-Fi hotspot, an encrypted VPN can secure and protect your information. The VPN will encrypt the information and render it unreadable to anyone who may attempt to spy on your information over Wi-Fi. This is especially useful for protecting your passwords and other private information, which can be easily accessed by thieves using various readily available programs and applications.
Another distinct advantage of a VPN is their ability to circumvent geoblocking. Geoblocking are regional restrictions and censorships placed on numerous international websites. Geoblocking can either bar non-resident users from accessing the sites, or only provide them with certain information when they access the sites. VPNs have been used by political activists and members of the press to thwart geoblocking censorship. However, there are many non-controversial websites that individuals may use a VPN to access for entertainment, shopping and other purposes, such as connecting to a foreign media outlet to watch programming.
Understanding VPN Clients and Servers
With a remote-access VPN connection an individual user using a laptop or desktop computer can connect to an organization’s private network from a remote location via an internet connection. The remote user’s experience will be identical to onsite users plugged into the network’s servers and they will be able to fully utilize the assets on the network. Organizations that have a large number of remote employees can benefit greatly from a remote-access VPN.
A remote-access VPN requires a network access server (NAS) and client software. The NAS may be a dedicated server, or it can also be one of many software applications on a shared server. A user connects to the NAS to access a VPN. The user must provide credentials and sign into the VPN, which is required by NAS. The NAS may use its own verification system or a separate authentication server running on the network to verify the user’s credentials.
In addition the user must have the client software installed on their system to use the remote-access VPN. The software will make link to and maintain the connection to the VPN. Many of the modern computer operating systems have a pre-loaded software designed to connect to remote-access VPNs. However some VPNs require a designated application to be installed. The user’s internet address is utilized by the client software to set up a tunneled connection to a NAS. In addition, the software handles the encryption to maintain a secure connection.
Larger organizations have the staff and resources to procure, install and manage their own remote-access VPNs. However there are also enterprise service providers (ESP) that provide complete remote-access VPN services for businesses, which include setting up and maintaining a NAS.
VPN Protocols in Use
A VPN connection uses “tunnels”. A tunnel is a secure path the VPN uses to send information across a network. In addition, the devices at the opposite ends of the virtual tunnel encrypt and decrypt the data as it enters and exits. In order to apply the encryption, a VPN uses protocols. The three most commonly used VPN tunneling protocols are Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP) and Internet Protocol Security (IPsec).
Point-to-Point Tunneling Protocol (PPTP) Although PPTP is often associated with Microsoft, several large corporations collaborated on the creation of the PPTP specification. Because of Microsoft’s involvement with its creation, almost every Windows computer comes pre-loaded with a client support for PPTP.
Layer Two Tunneling Protocol (L2TP) L2TP was developed by Cisco and utilized mainly in Cisco products. The original version Cisco created to compete with PPTP for VPN tunneling was L2F. With L2TP Cisco combined the best components of L2F and PPTP.
Internet Protocol Security (IPsec) IPsec is a collection of multiple protocols that can be utilized as a VPN protocol solution or act only as the encryption scheme within L2TP or PPTP. IPSec encrypts the data amongst devices, such as routers, firewalls, desktops and servers, interchangeably. The instructions utilized by a VPN to secure its packets are provided by two sub-protocols:
- Encapsulated Security Payload (ESP) encrypts transported data
- Authentication Header (AH) hides the packet information (such as the sender's ID) until it arrives at the destination.
IPSec can be used by networked devices in two encryption modes. In the transport mode, the devices encrypt the data that is flowing between them. In tunnel mode, devices create a virtual tunnel that connects two networks.
VPN Hardware and Software. Common Solutions.
The easiest way to provide remote access to a single computer is to take advantage of the Windows VPN software. Multiple computers can be networked together through stand-alone VPN server software. Adding a VPN software to a router, server, firewall, or gateway is a cost-effective method to set up a VPN. Many organizations that require a nimble, robust and secure solution for a large number of users opt for a dedicated VPN router.
After the initial expense of the VPN software, the only additional investment will be the cost of subsequent updates. However, it is important to note that when a software is utilized to carry out the VPN tunneling and encryption tasks, it may take CPU cycles from other processes.
To compensate many router and firewall manufacturers provide add-on products. These add-on products are designed to handle many of the VPN tasks. While this provides a viable solution, the addition of performance-enhancing hardware may drive up costs substantially.
VPN Security: A Final Note
VPNs provide numerous advantages that protect your security and privacy. A VPN can block intrusive monitoring and controlling from your internet service provider by keeping your online communications and browsing activity anonymous. A VPN builds a secure tunnel on the internet that allows you to take advantage of a complete online experience free from website blocks, geoblocking censorship or corporate firewalls. VPNs provide a complete security solution for individuals and business large and small that enables them to safely conduct business from anywhere in the world.