Virtual private network (VPN) is a “virtual private network”. It’s a secure computerized communications technology, usually used in a company, organization, or multiple companies, but based on a public network and therefore not very secure. VPN is designed precisely to create a high-confidential privacy subnet in a public network as in an independent private network. Naturally, this subnet, still called “VPN,” cannot communicate with other public network systems or users. Users of a VPN can thus get the impression that they are connected to a dedicated, independent private network with all the security benefits, but that is just a virtual network, and it’s actually a subnet physically embedded in the core network, choosing security with a VPN.
VPN traffic messages may be transmitted through the infrastructure of a public data network (e.g. Internet) using standard protocols, or via a private network of the Internet Service Provider (ISP) made available to the public. Additional info can be found at this link.
These types of connections offer a low-cost alternative to dedicated private WAN networks, providing the ability to connect telecommunication switches to a cable, xDSL, or dial-up company’s internal network. VPN connections are easy to deploy over existing public infrastructures, and provide an alternative compared to dedicated private networks such as Frame Relay or ATM, which are generally more expensive.
VPNs offer several advantages: low implementation / running / management / maintenance costs, increased IT security (close to traditional private networks), scalability, simplified access, and compatibility with high speed public networks.
The architecture of a VPN
For those wishing to establish a VPN connection, several methods (based on OSI Level 2 and Level 3) are available along with those technologies. The VPN network can be set up and managed at the customer’s premises, or by the telecoms service provider. Also, to meet special requirements, there is the possibility to combine several of these methods with each other.
Types of VPNs
Secure VPNs use cryptographic tunneling protocols. These are cryptic (encoded) protocols that ensure confidentiality (blocking intruders), authenticity of the sender, and integrity of messages. If properly chosen, deployed and used, such techniques can ensure secure communications even within an unreliable network.
Because such choice, deployment, and use are not simple tasks, there are many unreliable (unsatisfactory) VPN schemes available on the market. Safe VPN technologies can also be used to increase security in network infrastructure.
Examples of secure (reliable) VPN protocols:
- IP security (IPsec) – used on IPv4, and partly mandatory on IPv6.
- Secure Sockets Layer / Transport Layer Security (SSL / TLS) – used either for the entire network, as in the OpenVPN project, or for securing a web proxy. It was built by companies like Aventail and Juniper that provide remote access to VPN capabilities.
- Point-to-Point Tunneling Protocol (PPTP), created by a group of companies, including Microsoft.
- Layer 2 Tunneling Protocol (L2TP), created through cooperation between Microsoft and Cisco.
- Layer 2 Tunneling Protocol, version 3 (L2TPv3), recently launched.
- Multipath Virtual Private Network (MPVPN). MPVPN is a registered trademark of Ragula Systems Development Company.
Check this out: http://searchnetworking.techtarget.com/definition/virtual-private-network
There are companies running the VPN server on the market, a service offered to their customers if they do not want to do it themselves. Reliable VPNs do not use cryptographic tunnels, but instead rely on the security of a single network distributor that will provide secure traffic.
Multi-Protocol Label Switching (MPLS) is often used to build a reliable VPN.
Tunneling is the transmission of data within a public network so that it does not “understand” that transmission (information transfer) is part of a private network. It is done by encapsulating private network data and creating a protocol that prevents anyone from accessing them. Tunneling allows the use of public networks (Internet), seen as “private networks” or almost private.
The most important aspect of the VPN solution is transmission security. A VPN, by its very nature, has to deal with and resolve all types of security threats, also providing security services in the field of authentication (access control).
Generic Router Encapsulation is a method of routing IP packets that are unreachable. It can also be used to route multicast packets over incompatible networks. GRE can route non-IP packets (such as AppleTalk, Internetwork Packet Exchange or IPX) over IP networks.