VPN - Virtual Private Network

VPN stands for Virtual Private Network . The word virtual in VPN refers to a logical connection between the two devices. It is much cheape...

VPN stands for Virtual Private Network. The word virtual in VPN refers to a logical connection between the two devices. It is much cheaper to connect the user to the Internet through a local service provider than to purchase a dedicated circuit that goes to only one other destination. Another benefit of using a VPN is scalability. If 10 or 20 more new users need to connect to the corporate headquarters, we can provide users access to the Internet via their local service providers (digital subscriber line [DSL], cable modem, and so on). Leveraging the single Internet connection from the headquarters site, we could then simply build logical VPNs using the Internet for the connectivity.

There are two types of VPN i.e. Site to Site VPN and Remote Access VPN.
Example of Site-to-site and Remote access VPN is shown in figure below as;

Some users might need to build a VPN connection from their individual computer to the corporate headquarters (or to the destination they want to connect to). This is referred to as a remote-access VPN connection. The other main VPN implementation is by companies that may have two or more sites that they want to connect securely together (likely using the Internet) so that each site can communicate with the other site or sites. This implementation is called a site-to-site VPN. Site-to-site VPNs traditionally use a collection of VPN technologies called IPsec. The main importance and benefits of using either remote-access or site-to-site VPNs include the following:

■ Confidentiality: Confidentiality means that only the intended parties can understand the data that is sent. Any party that eavesdrops may see the actual packets, but the contents of the packet or the payload are scrambled (also called cipher text) and meaningless to anyone who cannot unlock or decrypt the data.

■ Data integrity: If two devices are communicating over a VPN, another important factor about the data that is being sent is to make sure it is accurate from end to end. If an attacker injects bits or data into the packets of a VPN session, data integrity could suffer if the modification of the data goes undetected.

■ Authentication: A VPN tunnel is reliable in that you can encrypt data and verify that data has not been modified while in transit. Being able to validate or authenticate the device that you are connected to is an important aspect of a good VPN. You can authenticate the peer at the other end of the VPN tunnel in several different ways, including the following:

- Pre-shared keys used for authentication only
- Public and private key pairs used for authentication only
- User authentication (in combination with remote- access VPNs)

■ Antireplay protection: If an attacker watches your VPN traffic and captures it with the intent to replay it back and fool one of the VPN peers into believing that the peer trying to connect is a legitimate peer, an attacker might be able to build a VPN pretending to be a different device. To solve that, most implementations of VPNs have an antireplay functionality built in. This just means that once a VPN packet has been sent and accounted for, that exact same VPN packet is not valid the second time in the VPN session. Thus, because of all these benefits and features in VPN, it is important in network security.

#VPN #VirtualPrivateNetwork #TypesOfVPN #TechnicalHakim #ComputerNetworks #Networking #Network #System #Security #NetworkSecurity