A VPN, or a Virtual Private Network, is essentially an extension of
a private networkacross the public space of the Internet between two endpoints. These
two endpoints are two machines on the network which treat the connection
private between the two as if it's a direct-wired connection. Through this
means, the two effectively ensure that they are speaking through a secure connection
to each other to transfer data between them privately.
Benefits of a VPN
Through the aforementioned process, this effectively creates a tunnel between two machines that can send information securely between them across the Internet. Typically, this is only accomplishable with physical-wire connections between machines; otherwise known as an internal network or intranet. However, a VPN allows this same level of security across the Internet which would make it possible even for two offices in different geographical locations to communicate between each other as if it is one.
Through the aforementioned process, this effectively creates a tunnel between two machines that can send information securely between them across the Internet. Typically, this is only accomplishable with physical-wire connections between machines; otherwise known as an internal network or intranet. However, a VPN allows this same level of security across the Internet which would make it possible even for two offices in different geographical locations to communicate between each other as if it is one.
Another
important benefit provided is the integrity of the data sent across the
connection. Because it creates a secure tunnel between two endpoints, the data
transferred is secured and can't be tampered with or read by unwanted parties
through a process called "packet sniffing". This means that nefarious
hackers on the internet would have a more difficult time trying to gather a
person's sensitive information or sending viruses to the party on either end of
the tunnel.
Spoofing of IP
addresses and your machine's geographical location is another benefit of
VPNs as well which a lot of people take advantage of. Because the secure tunnel
actually hides a machine's local IP address, it is very possible for one
to present an IP address from a different location where the VPN server is
located. This process can also be repeated for the location of a machine, and
it is commonly used by people who wish to utilize some service or application
which is region-locked or they want to remain anonymous while using the VPN
service or application.
How does a VPN Work?
Before this secure tunnel can be created between two endpoints on the Internet, the two must first go through the process of authentication. Typically, the machine which initiates the request to establish a VPN tunnel with another machine requires a password or some 2FA (Two Factor Authentication) Method to be used from the other machine's so that they can establish the connection. This is the usual case in the scenario of two machines communicating; however, in scenario of two networks communicating (such as having the intranets of two offices across two different geographical locations connect to each other over a VPN), this process of authentication is achieved through digital certificates.
Before this secure tunnel can be created between two endpoints on the Internet, the two must first go through the process of authentication. Typically, the machine which initiates the request to establish a VPN tunnel with another machine requires a password or some 2FA (Two Factor Authentication) Method to be used from the other machine's so that they can establish the connection. This is the usual case in the scenario of two machines communicating; however, in scenario of two networks communicating (such as having the intranets of two offices across two different geographical locations connect to each other over a VPN), this process of authentication is achieved through digital certificates.
After
successful authentication, the VPN is formed by using a suitable protocol for
security and encryption of that connection and all data passed through
it. SSL/TLS or, Secure Sockets Layer/Transport Layer Security, is
possibly one of the most commonly used protocols for this and uses cryptography
to ensure that some combination of requirements are met by the connection for
it to be considered secured:
- Both communicating parties can
prove their identity by cryptographic keys.
- Data is encrypted by symmetric
cryptography; meaning, the encrypted data of the same message will be
different across multiple connections as the connection itself is
different/unique.
- Each message of data sent
between the parties performs a message integrity check to ensure the data
was not lost or tampered.
While there are other protocols being used, such as SSH (or
Secure Shell), it should be noted that for the sake of security, each of these
protocols adds some level of complexity in the means of authentication before
establishing the connection; and then their own process of data encryption and
integrity checks to ensure the connection itself is secure. Because of this,
VPNs and secured connections typically incur some overhead and can see slower
performance or connection speeds when being used as opposed to simply not using
them over the Internet.
0 Comments