A VPN or Virtual Private Network is a method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. VPNs are most often used by corporations to protect sensitive data. However, using a personal VPN is increasingly becoming more popular as more interactions that were previously face-to-face transition to the Internet. Privacy is increased with a VPN because the user’s initial IP address is replaced with one from the VPN provider. This method allows subscribers to attain an IP address from any gateway city the VPN service provides. For instance, you may live in San Francisco, but with a VPN, you can appear to live in Amsterdam, New York, or any number of gateway cities.
Security is the main reason why corporations have used VPNs for years. There are increasingly simple methods to intercept data traveling to a network. WiFi spoofing and Firesheep are two easy ways to hack information. A useful analogy is that a firewall protects your data while on the computer and a VPN protects your data on the web. VPNs use advanced encryption protocols and secure tunneling techniques to encapsulate all online data transfers. Most savvy computer users wouldn’t dream of connecting to the Internet without a firewall and up-to-date antivirus. Evolving security threats and ever increasing reliance on the Internet make a VPN an essential part of well-rounded security. Integrity checks ensure that no data is lost and that the connection has not been hijacked. Since all traffic is protected, this method is preferred to proxies.
Types of VPN:
Often abbreviated to S2SVPN. It’s a connection between two sites and encrypts all traffic between two (or multiple) subnets. There are two types of S2SVPN:
Policy-based: interesting traffic triggers an ACL and is encrypted and sent to the remote VPN peer.
Routed: traffic is routed into an encrypted tunnel to the remote VPN peer.
A dynamic multipoint VPN is not a protocol but more a technique using different protocols. One or more central hub routers are required, but the remote (spoke) routers can have dynamic IPs and more can be added without having to modify the configuration on the hub router(s), or any other spoke routers. The routers use a next-hop resolution protocol, combined with a dynamic routing protocol to discover remote peers and subnets. The VPN itself is a mGRE tunnel (GRE with multiple endpoints) which is encrypted. This way, traffic between spoke routers does not have to go through the hub router but can be sent directly from spoke to spoke.
A client VPN is an encrypted connection from one device towards a VPN router. It makes that one remote device appear as a member of a local subnet behind the VPN router. Traffic is tunneled from the device (usually a computer or laptop of a teleworker) towards the VPN router so that user has access to resources inside the company. It requires client software that needs to be installed and configured.
This type of VPN works like a client VPN. The difference is that the remote client does not need preconfigured software, but instead the browser acts as VPN software. The browser needs to support active content, which every modern browser supports, either directly or through a plug-in. Traffic is tunneled over SSL (or TLS) to the SSLVPN router. From a networking perspective, traffic is tunneled over layer 4 instead of layer 3. The benefit is that the remote user does not need to configure anything and can simply log in to a web page to start the tunnel. The drawback that you’ll likely need a dedicated device as SSLVPN endpoint because this is not a standard feature.