What is VPN? What Does It Do?

VPN (Virtual Private Network) allows you to create a secure connection to another networks over the Internet. When you connect any device to a VPN, it acts as if it is on the same network as the VPN, and all data traffic is sent securely over the VPN.

What is VPN? What Does It Do?

What is VPN?

This means that you can use the Internet as you are in the region with a VPN network. It is very useful when you need to access content that is blocked by the region. For example, if you want to look at the catalog of a particular service of a particular country, you can do this with a VPN, since after entering the masked connection, this service will only see that you are connected from it.

In addition, the VPN, as its name suggests, is a private and virtual network, so all traffic passing through this network is protected from unwanted threats. This can be very useful when you connect to a public Wi-Fi network.

It allows the computer on the network to send and receive data about shared or public networks as if it were a private network with all the functionality, security and management principles of a private network. This is done by establishing a virtual point-to-point connection using private connections, encryption, or a combination of both methods.

A VPN connection over the Internet is technically a wide area network (WAN) connection between sites, but the user feels as if it is a private connection called “virtual private network”.

How to Use VPN

  • Connecting two or more branches of a company using an Internet connection.
  • Connecting the technical support team members from their homes to the computer center.
  • It allows a user to access home equipment from a remote site.
  • VPNs are often used for professionals who travel and need to enter their networks while away. Using this method ensures that resources remain secure because they are in the cloud.
  • It can also be used to enter the computer we leave at home as if using a LAN (Local Area Network).
  • For example, if you use public Wi-Fi that can be used without a password in restaurants and shopping malls, anything you visit without an HTTPS connection can be seen by anyone who knows where to look. On the other hand, if you have a VPN, all you can see is the VPN connection; Everything else will be anonymous.
  • Often, problems blocking the region often ask you to be in the United States. This happens in Hulu, Pandora or in the Netflix catalog, which is bigger and more complete in this country. Sometimes it happens in some YouTube videos. To avoid these restrictions, simply use a VPN with a US location.
  • For governments that decide to censor certain websites, a VPN works very well to access them seamlessly.

VPN Types

There are basically four VPN connection architectures:

1. VPN Remote Access

It is perhaps the most widely used model and consists of users or suppliers that connect to the Company from remote sites (commercial offices, homes, hotels, etc.) that use the Internet as an access connection. Once authenticated, they have a level of access very similar to that on the company’s local network. Many companies have replaced dial-up infrastructure (modems and telephone lines) with this technology.

2. Point to Point VPN

This structure is used to connect remote offices to the headquarters of the organization. The VPN server, which has a permanent connection to the Internet, accepts Internet connections from the sites and establishes a tunnel. Branch servers connect to the Internet using the services of your local Internet provider, usually via Broadband connections. This allows eliminating expensive point-to-point traditional connections (usually done through physical cable connections between nodes), especially in international communication. The next point, also called tunnel technology, is more common.

3. Tunneling

The tunneling technique is to encapsulate a network protocol over another (encapsulating network protocol) by creating a tunnel in a computer network. The installation of the said tunnel is implemented, including a PDU (protocol data units) designated in another PDU for transmission from one end of the tunnel to the other end of the tunnel without the need for intermediate interpretation of the encapsulated PDU. In this way, data packets are routed through intermediate nodes that cannot clearly see the contents of those packets. The tunnel is defined by the communication protocol, which can be SSH, as well as endpoints and others.

The use of this technique has different goals depending on the problem such as communication of data and traffic guidance in multicast scenarios.

One of the clearest examples of using this technique is to redirect traffic in mobile IP scenarios. In mobile IP scenarios, when a mobile node is not on your basic network, you need your home representative to perform certain functions in your location; among these, it is used to capture and direct traffic directed to the mobile node. This traffic routing is done using a tunneling mechanism because the packets must retain their original structure and content (source and destination IP address, ports, etc.) when received by the mobile node.

4. VPN over LAN

This species is one of the least common but strongest in the company. It is a variant of the “remote access” type, but instead of using the Internet as a connection tool, it uses the same local area network (LAN) of the company. It serves to isolate areas and services from the internal network. This feature makes it very easy to improve the security features of wireless networks (WiFi).

A classic example is a server on the back of the VPN machine, which has sensitive information such as payrolls that allow additional authentication and encryption to be added, allowing only qualified human resources staff to access the information.

Another example is the connection to Wi-Fi networks using IPSec or SSL encrypted tunnels, which pass the traditional authentication methods (WEP, WPA, MAC addresses, etc.) as well as add security credentials of the VPN tunnel created in the Internal VPN.

Key Features

It is necessary to provide tools to guarantee authentication to make it possible safely

Authentication and Authorization: You must have a team and access level.
Honesty: the data sent is not changed. For this, mixed functions are used. The most common hash algorithms are Message Digest (MD2 and MD5) and Secure Hash Algorithm (SHA).
Privacy: Encryption algorithms such as Data Encryption Standard (DES), Triple DES (3DES), and Advanced Encryption Standard (AES) are used.
No Refusal: So a message must be signed and whoever signs it cannot deny that they sent the message.
Access Control: This is to ensure that authenticated attendees only access the data for which they are authorized.
Auditing and Recording of Activities: It is about providing the right working and rescue capacity.
Quality of Service: It is about providing good performance, there is no acceptable deterioration in the transmission speed.

Advantages

  • Integrity, privacy, and data security.
  • VPNs reduce costs and are easy to use.
  • Facilitates communication between two users in remote locations.

Connection Types

1. Remote Access Connection

The remote access connection is made by a client or a computer user connected to a private network. Packets sent over the virtual private network connection come from the remote access client, and this remote access server is authenticated and the server-client is authenticated.

2. VPN Connection from Router to Router

The router-router connection is made by a router connected to a private network. In this type of connection, packets sent from any router do not come from routers. Therefore, the router that replied to the router is authenticated, and the router that made the call and also serves the local network is authenticated.

3. VPN Connection from Firewall to Firewall

A virtual private network connection from a firewall to the firewall is made by one of them, which is connected to a private network. In such connections, packets are sent from any user on the Internet. The firewall making the call verifies the caller and the caller ID is verified.

Basic Requirements

User Identify: VPNs must authenticate users and restrict access to unauthorized ones.
Data Encryption: The data to be transmitted over the public network (Internet) must be encrypted first so that they cannot be read if captured. This task is accomplished with encryption algorithms such as DES or 3DES that can only be read by the sender and receiver.
Key Management: VPNs must update encryption keys for users. SEAL security algorithm.

Services

SSL VPN service: To use this service, a program must be installed. Once the client is installed, it is necessary to provide the credentials of the official UGR e-mail only by executing the program we previously installed when you establish an official link.

PPTP VPN service: In this mode, it is necessary to configure a program that is normally included in most operating systems. Once the client is configured, whenever you want to make a virtual network connection, a previous step is required to obtain a temporary key for that connection. This password is obtained by accessing web access that must be identified by the credentials of the official UGR email.

Applications

The actual standard protocol is IPSEC, but there are also PPTP, L2F, L2TP, SSL/TLS, SSH protocols. Each has its advantages and disadvantages in terms of safety, convenience, maintenance and supported customer types.

Currently, there is a growing range of products related to the SSL/TLS protocol that tries to make these solutions easier to configure and work with.

Hardware solutions almost always offer higher performance and ease of configuration, but they do not have the flexibility of software versions.

This family includes Fortinet, SonicWALL, WatchGuard, Nortel, Cisco, Linksys, Netscreen (Juniper Networks), Broadcom, Nokia, D-link, Mikrotik products.

Software VPN applications are the most configurable and are ideal when interoperability problems arise in previous models. Obviously the performance is lower and the configuration is more precise because it adds the operating system and the overall safety of the equipment. Here we generally have native solutions such as Windows, GNU/Linux, and Unix. For example, open-source products such as OpenSSH, OpenVPN, and FreeS/Wan are software-based.

What Does It Do?

A virtual private network allows one to securely communicate over the LAN, between any website on the Internet, or between remote corporate networks, and no one else can access the data.

Therefore, while all data sent between both networks is transmitted over the global network, the Internet, a private and secure channel of the connection is created.

The main reason for creating a secure VPN network is that companies do not buy expensive leased lines so that they can send data over a secure connection.

Thanks to this technology, it is ensured that a company can connect branches to each other without having to rent expensive lines and that data can only be accessed by certain individuals through this network.

Another of the most important reasons companies create private networks is to make their employees work better together.

With this technology that enables people to work together, users can create visual conferences, share documents, participate in discussions, or do all other things together.

   Final Word


In both cases, using firewall solutions, you can achieve a high level of security against the loss of performance for the protection it provides. Thanks for following us!

   Related Articles


What is CIDR?
What is NAT?
What is a Switch?
What is a Router?
What is DNS?

Add a Comment

Your email address will not be published. Required fields are marked *

error: