How does a VPN work
What is a VPN?
A Virtual Private Network is a connection method used to add security and privacy to private and public networks. For instance, like WiFi Hotspots and the Internet. Corporations use Virtual Private Networks to protect sensitive data. However, using a personal VPN is increasingly becoming more popular as more interactions that were previously face-to-face transition to the Internet. Increase privacy with a Virtual Private Network because the user’s initial IP address replaced with one from the Virtual Private Network provider.
Why do I need a VPN?
- Hide your IP address-Connecting to a Virtual Private Network often conceals your real IP address.
- Change your IP address-Using a VPN will almost certainly result in getting a different IP address.
- Encrypt data transfers-A Virtual Private Network will protect the data you transfer over public WiFi.
- Mask your location-With a Virtual Private Network, users can choose the country of origin for their Internet connection.
- Access blocked websites-Access government blocked websites with VPN.
Security is the main reason why corporations have used VPNs for years. There are increasingly simple methods to intercept data traveling to a network. WiFi spoofing and Firesheep are two easy ways to hack information. A useful analogy is that a firewall protects your data while on the computer and a VPN protects your data on the web. VPNs use advanced encryption protocols and secure tunneling techniques to encapsulate all online data transfers. Most savvy computer users wouldn’t dream of connecting to the Internet without a firewall and up-to-date antivirus. Evolving security threats and ever increasing reliance on the Internet make a Virtual Private Network an essential part of well-rounded security. Integrity checks ensure no lost data and the connection not hijacked. Since all traffic protected, VPNs preferred over proxies.
Encryption and Security Protocols in a VPN
Encryption is the process of encoding data so that only a computer with the right decoder will be able to read and use it. You could use encryption to protect files on your computer or e-mails you send to friends or colleagues. An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt it. The most common forms of encryption are symmetric-key encryption or public-key encryption:
- In symmetric-key encryption- All computers (or users) share the same key used to both encrypt and decrypt a message.
- In public-key encryption- Each computer (or user) has a public-private key pair. One computer uses its private key to encrypt a message, and another computer uses the corresponding public key to decrypt that message.
In a VPN, the computers at each end of the tunnel encrypt the data entering the tunnel and decrypt it at the other end. However, a VPN needs more than just a pair of keys to apply encryption. That’s where protocols come in. A site-to-site VPN could use either internet protocol security protocol (IPSec) or generic routing encapsulation (GRE). GRE provides the framework for how to package the passenger protocol for transport over the internet protocol (IP). This framework includes information on what type of packet you’re encapsulating and the connection between sender and receiver.
IPSec is a widely used protocol for securing traffic on IP networks, including the internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server. IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:
- Encapsulated Security Payload (ESP) encrypts the packet’s payload (the data it’s transporting) with a symmetric key.
- Authentication Header (AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender’s identity) until it gets to its destination.
Networked devices can use IPSec in one of two encryption modes. In transport mode, devices encrypt the data traveling between them. In tunnel mode, the devices build a virtual tunnel between two networks. As you might guess, VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together
In a remote- access VPN, tunneling typically relies on Point-to-point Protocol (PPP) which is part of the native protocols used by the internet. More accurately, though, remote-access VPNs use one of three protocols based on PPP:
- L2F (Layer 2 Forwarding) — Developed by Cisco; uses any authentication scheme supported by PPP
- PPTP — PPTP has been around since the days of Windows 95. The main selling point of PPTP is that it can be simply setup on every major OS. In short, PPTP tunnels a point-to-point connection over the GRE protocol. Unfortunately, the PPTP protocol security called into question in recent years. It is still strong, but not the most secure.
- L2TP/IPsec — L2TP over IPsec is more secure than PPTP and offers more features. L2TP/IPsec is a way of implementing two protocols together in order to gain the best features of each. For example, the L2TP protocol used to create a tunnel and IPsec provides a secure channel. These measures make for an impressively secure package.
- Open VPN — OpenVPN is an SSL-based Virtual Private Network that continues to gain popularity. The software used is open source and freely available. SSL is a mature encryption protocol, and OpenVPN can run on a single UDP or TCP port, making it extremely flexible.
Throughout this article, we’ve looked at the types of VPNs and the components and protocols that they use. Over time, people have developed new and better technologies to use in networks, which improves the features of existing VPNs. VPN-specific technologies, though, such as tunneling protocols, haven’t changed much in that time, perhaps because current VPNs do such a good job at to keep businesses connected around the world. Tunnel on to the next page for lots more information about virtual private networks.