Since 2013, almost 25% of global internet users have accessed the web through a VPN each month. Everyone has a reason, be it to bypass restrictions, online security, or enhanced anonymity. The process is simple: Select a server, hit connect, and you’re totally secure. That’s just for the naked eye; there’s so much more happening in the background. Today, we’ll be shedding more light on how VPNs work, connect, and encrypt a user’s data.
Networking solutions for personal and business use first emerged in the early-1990s. We’re referring to the release of Windows 3.11, the first consumer-oriented operating system with support for bringing computers together into a local home or office network.
The Internet was already spreading as a viable environment for communicating remotely by the mid-1990s. It enabled both businesses and individuals to connect to remote servers, which are the backbone of the Internet, as well as to another computer within wider networks.
Thus, the need to protect online communications arises, eventually resulting in the emergence of virtual private networks (VPN). This cybersecurity tool is a method and technology to exchange data in a secure manner. Moreover, it allows users to browse the Internet by effectively hiding their IP address i.e., your real whereabouts.
The latter VPN feature is mostly associated with consumer-grade VPN services, whose main purpose is to enable individual users to browse the Internet privately and also hide their IP address, mainly for accessing geo-restricted online services and websites.
While the principles of corporate and consumer VPNs are mostly the same, the below paragraphs contain software and hardware definitions that are more of interest to business users rather than individuals.
We will not discuss whether you need a VPN or not and what are the advantages and disadvantages of using a VPN. It is a different and broad topic, and in order to understand the discussions surrounding VPN usage, you need to know how VPNs really work.
There are basically, two types of VPNs in common use:
Thus, an organization can enable employees or partners to connect to its network through an encrypted and secure connection, which usually uses a third-party Internet service provider (ISP) to materialize the exchange of data.
For their part, site-to-site VPNs fall into one of two categories:
Each of these VPN variations, however, works in one and the same fashion, providing encryption for data transfers and bridging different LANs that can be external or internal. You need to realize that the Internet is actually a bunch of local area networks and sites that are able to communicate with each other.
And this happens at both the hardware and software levels. Let’s see how.
Any VPN requires at least the basic hardware to operate while this is usually the hardware you need to access the Internet at all. Advanced VPN hardware solutions such as VPN Concentrators and VPN-enabled routers exist, but in any case, you also need VPN servers, server software, and a client application to make a VPN connection. In fact, you need a desktop or mobile software client for each device or user you want to protect.
Then, you need a dedicated VPN server for dial-up services as well as a Network Access Server (NAS) that might be a dedicated server or software that runs on a shared server. The NAS authenticates the user and allows him to use the VPN once it recognizes his login credentials as valid.
Source: University of Colorado, Boulder
Once you are allowed by the NAS, an AAA Server authenticates who the user is, then identifies your access rights within the VPN connection and monitors whether you try to perform actions that fail outside the scope of your assigned access/user rights. AAA stands for authentication, authorization, and accounting.
As far as the ultimate goal of any VPN is to keep your connections private and secure, there are also multiple communications protocols and encryption methods that make a reliable VPN.
A number of VPN protocols are in wide use today, and those include:
All of the above protocols are being used within the wider framework of data tunneling. This technology encapsulates an entire data packet within another packet and then sends it over a network, hiding the device identity of the data source.
Data tunneling only obscures the source from which the data in transfer originates. On the other hand, other protocols take care of encrypting your data. In any case, data tunneling uses three protocols to safely transfer your data:
The VPN actually encapsulates the original packet, or passenger protocol, into the encapsulating protocol, and then puts it into the carrier protocol’s header to transfer it over a public network.
Site-to-site VPNs usually use IPsec or Generic Routing Encapsulation (GRE) protocols for encapsulation. Remote-access VPNs usually perform data tunneling through Point-to-Point Protocol (PPP).
In some specific VPN scenarios, such as financial transactions, nonrepudiation is also involved. Here, the sender attaches its digital signature to the original message; thus, confirming its participation in the transaction.
Any of the existing VPN solutions are working as described above. However, you should be aware that properly configuring a VPN is also an important part of the equation. How you use its security features really matters. We’re talking about the likes of split tunneling, kill switch functionality, and different transport protocols and encryption layers.
You should also bear in mind that a VPN should always work along with other defense tools. We’re talking about a combination with a firewall and antivirus software if you are to have adequate protection.