VPNs & Proxies - Virtual Private Networks

Importance of Network Security

  • Businesses have many reasons to maintain secure networks, which include:
    • Protecting proprietary information.
    • Ensuring that network services are accessible only to employees.
    • Implementing technologies to restrict access to resources.
  • Common security technologies include:
    • Firewalls: Control the incoming and outgoing network traffic.
    • NAT (Network Address Translation): Masks internal IP addresses.
    • Non-routable address space: Prevents external access to internal networks.

VPNs: Virtual Private Networks

  • Definition: A technology that allows the extension of a private or local network to hosts not physically connected to it.
  • Primary Use: Enables employees to access business networks remotely when they're not in the office (e.g., working from home).
  • Functionality:
    • Establishes a VPN tunnel: A secure connection that enables remote access to the organization's network.
    • Provides a virtual interface on the employee's computer with an IP address matching the company's network.
    • Allows data to be sent and received as if the employee's device was physically connected to the internal network.

Technical Operation of VPNs

  • VPN Tunneling Protocol:
    • Works primarily at the transport layer to carry an encrypted payload containing the original data packets.
    • The encrypted payload passes through the VPN's endpoint where it's decrypted and stripped of its non-essential layers, then repackaged and sent out with the appropriate data link layer information.
  • Bidirectional Process:
    • The process above happens in reverse for incoming data from the VPN server back to the remote user.

Security Measures in VPNs

  • Authentication Procedures:
    • VPNs require strict protocols for authentication to prevent unauthorized access.
    • Commonly incorporate two-factor authentication (2FA):
    • Beyond a username and password, it involves a secondary verification step, usually a time-sensitive numerical token generated by hardware or software.

Site-to-Site Connectivity through VPNs

  • VPNs can also facilitate site-to-site connections:
    • Similar in concept to remote employee connectivity but involves routers or specific VPN devices from separate networks establishing a tunnel between them.
    • Enables collaboration as if the separate offices are on a single network.

Summary of VPN Concepts

  • General Technology, Not a Protocol: VPNs are versatile concepts with various implementations, differing in technical details but fundamentally serving to create encrypted tunnels for secure remote access.
  • Key Takeaway: VPNs enable remote computers or networks to behave as if they are part of a different network, enhancing security and accessibility for businesses.