VPN

VPN - Virtual Private Network

A virtual private network (VPN) is a secure way of connecting to a private Local Area Network at a remote location, using the Internet or any unsecure public network to transport the network data packets privately, using encryption. The VPN uses authentication to deny access to unauthorized users, and encryption to prevent unauthorized users from reading the private network packets. The VPN can be used to send any kind of network traffic securely, including voice, video or data.

VPNs are frequently used by remote workers or companies with remote offices to share private data and network resources. VPNs may also allow users to bypass regional internet restrictions such as firewalls, and web filtering, by "tunneling" the network connection to a different region.

Technically, the VPN protocol encapsulates network data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network, to keep the data private as it passes through the connecting nodes of a local or wide area network.

History

Until the end of the 1990s, networked computers were connected through expensive leased lines and/or dial-up phone lines.

Virtual Private Networks reduce network costs because they avoid a need for physical leased lines that individually connect remote offices (or remote users) to a private Intranet (internal network). Users can exchange private data securely, making the expensive leased lines unnecessary.[1]

Different VPN systems can include a lot of variation, such as:

  • The protocols they use to tunnel the traffic
  • The tunnel's termination point, i.e., customer edge or network provider edge
  • Whether they offer site-to-site or remote access connectivity
  • The levels of security provided
  • The OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity

Some classification schemes are discussed in the following sections.

Security mechanisms

Secure VPNs use cryptographic tunneling protocols to provide confidentiality by blocking intercepts and packet sniffing, allowing sender authentication to block identity spoofing, and provide message integrity by preventing message alteration.

Secure VPN protocols include the following:

 

Authentication

Tunnel endpoints must authenticate before secure VPN tunnels can establish.

User-created remote access VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods.

Network-to-network tunnels often use passwords or digital certificates, as they permanently store the key to allow the tunnel to establish automatically and without intervention from the user.

Routing

Tunneling protocols can be used in a point-to-point topology that would theoretically not be considered a VPN, because a VPN by definition is expected to support arbitrary and changing sets of network nodes. But since most router implementations support a software-defined tunnel interface, customer-provisioned VPNs often are simply defined tunnels running conventional routing protocols.

Source: Wikip├ędia.