VPN is an acronym for Virtual Private Network. It is a private network that uses the public network to connect its remote sites or users together. The data sent via a VPN in encrypted and cannot be accessible to the public. With the technological growth, the internet is accessible to almost everyone at a lower cost than before and this also aids most businesses in their normal working as well as connecting with their remote employees, shunning the earlier ‘intranet’. This system is almost similar to an intranet only that it includes those employees’ miles away from the office. The best VPN service strive to give a secure and reliable private connection while enhancing data privacy on an existing public network. A good VPN will be able to extend its connections over a large geographical area while maintaining data privacy for its users reliably for the office and the remote employees. The best VPN services are flexible enough for business users and non-business to use rather than the public unencrypted internet and thus saves potentially serious privacy leaks.
There are two types of VPN; Remote-Access and Site-to-Site. Remote Access normally fits companies who have hundreds of sales persons in the field. Also called Virtual Private Dial-up Network (VPDN), it is a user-LAN connection, meaning the user will have to access the main server by dialing up a special code on the internet service provider (ISP). Site-To-Site on the other hand is for that company in which it can link multiple fixed sites over a public network or internet. The different links will require high scale encryption and each site will only need a single connection to the same public network. Any of the two must however guarantee to provide the following to the firm and the users:
- Reliability when in use
- Security of the data used in it
- Network Management
- Policy Management
Their users will thus get data security and privacy via a number of methods. The following methods will assure them;
1. Data confidentiality
The best VPN services primarily work to provide data confidentiality unlike public connections. Transferring private data over a public connection can be prone to unwanted access and viewing, making it a good reason to encrypt the data. Encryption is a computer term meaning to convert data into a form that only the other computer can decrypt which is sent to them via public access network or internet. A VPN has such influenced data confidentiality in the following protocols:
a. Using Internet Protocol Security Protocol (IPsec) – (IPsec) as it is popularly known is an encryption tool or form in which it does so by two means; tunnel and transport. Tunnel mode provides data encryption on the header and the payload of each data packet while the transport way encrypts the payload only and they both reliably provide strong data encryption. They however apply to those systems that IPsec-compliant. The compliant systems too must use a common key or certificate and have similar security policies. For remote connection users in VPN, a third party software package will provide data confidentiality and encryption.
b. PPTP/MPPE – PPTP only supports multi-protocol VPN but does not provide data encryption. It supports on both 40-bit and 128-bit encryption on a protocol called Microsoft Point-to-Point Encryption or (MPPE).
c. L2TP over IPsec – it provides security of the IPsec protocol over the tunneling of L2TP. L2TP is mainly used accessing VPS remotely on Windows 2000. However, even the dial up connection can be used on L2TP of which the Internet Service Providers will then encrypt that traffic with IPsec primarily between their access-point and the remote office network server.
d. OpenVPN – is an open source application that spans many systems and is freely available with a higher level of encryption than some of the other protocols available. OpenVPN is able to span multiple ports allowing to to bypass some firewall restrictions on corporation and school networks.
2. Data integrity
Even if the data sent over the public connection system is not accessible to anyone, there must also be data integrity – the data must remain unchanged. IPsec above has a way in which it ensures the encrypted portion of the data packet or even the whole header and data portion of the data packet is not altered whatsoever or it will be rejected. Data integrity also extends to authenticating the remote peer too.
3. Data origin authentication is very important too
It will verify the identity of the source the data is sent from. The data can be accessed and will thus help spoofing the identity of the sender.
4. Data tunneling or data traffic flow confidentiality
Sometimes one needs to hide the identity of the device sending the traffic. Tunneling will come in handy. Tunneling means the process of encapsulating one full data packet on another then sending them together over a network. It can hide the original source when a device that uses IPsec encapsulates traffic of a given hosts and then adds its own header on top of the already existing data packets. Encrypting the original data packet and header by the tunneling device has effectively and reliably hidden the actual source of the packet and it will only be accessible to a trusted peer. Tunneling itself does not provide data security but it is the original data packet encapsulated inside another protocol. Tunneling will require the following protocols:
- Passenger protocol is the original data packets that is carried
- Encapsulating protocol is wrapped around the original data
- Carrier protocol over which the data packets will travel through
All of the 3 protocols; passenger protocol, encapsulating protocol, carrier protocol- they work together to transmit data packets using a public network securely.
Authentication, authorization, and accounting is a secure in a remote place for a user to connect into a remote network. Using valid usernames and passwords of which the VPN termination device stores, one can easily connect to the internet. The system will thus authenticate, authorize and account on what the user does. The user will thus be liable with his/her account alone and will be very secure sending any data.
6. Non repudiation
In some situations, a user can take part in a transaction then denies it. This will be needed in data transfers normally relating to financial transfers, especially in banks and financial institutions.
Generally, it is very clear under each of the above ways that a Virtual Private Network has greatly contributed to user privacy and secure data transfer. A user, unlike in the past can log in to a public network via one of the best VPN services and work or transfer data safely into the institutions main server without being tracked down and the data read, changed or deleted. VPN use has greatly influenced on user privacy.
Image courtesy of suphakit73 at FreeDigitalPhotos.net