Virtual Private Networks (VPNs) represent a way to extend the accessibility of corporate networks to remote users and other company sites in the most secure, flexible and economical way possible. Today they can be implemented in different ways to meet the specific needs of users. Almost all companies that have an internal computer network, with computers, servers and data storage systems, also have employees or collaborators who are working (permanently or temporarily) on the move or from home.
Many also have branch offices, smaller than the central one, such as branch offices, points of sale, warehouses or factories. They can also be very geographically specific. For example, the best VPN for Singapore may not be the best in India or Pakistan. For years there has been a virtual private network (VPN) technology to solve these problems. Let’s see what it is.
The definition
The meaning of VPN is virtual private network and it allows companies to expand their central private network practically without geographical limits, creating a “virtual private network”, which allows users and peripheral sites (branches) to connect to the “major network” company through geographic IP networks rented from telecommunications providers, based on the Mpls protocol (Multiprotocol Label Switching), or public and shared networks such as the Internet and cloud platforms.
Thanks to VPN Mpls or those over the Internet, remote users or external sites of a company can connect, from anywhere in the world, at any time and with the most disparate devices, to the LAN (Local area network) of their corporate offices, safely and as economically as possible. As part of these connections, clients can establish communications with a single computer or with technologies shared with other users such as an application server, a database, a NAS (Network Attached Storage), printers and so on.
What does tunnelling mean?
The basis of the operation of a Virtual Private Network is the creation of a tunnel (obviously virtual) within which two or more participants in a virtual private network session can exchange data away from prying eyes. For the creation of this private channel, while using a shared infrastructure, a tunneling protocol is required. Today there are several of these technologies, but they all have some aspects in common.
Here’s how a VPN works
First of all, in the data centre of the company, or in its private cloud (if you have opted for this solution), a VPN server must be installed, also called Virtual private network Hub or Central Hub, on which all three levels of the security framework of a Virtual Private Network:
– a user authentication system,
– a layer for managing the encryption methods of the data exchanged between the various nodes of the network,
– a firewall that controls access to the different ports of the networks.
The VPN Hub must also be connected to a router and one or more switches that allow the assignment of public IP addresses (static or dynamic) to all participants of the VPN (data that must necessarily be present in the headers of the packets encapsulated in the tunnels).
Hence, all devices that users intend to use must be equipped with a VPN client, which can also be:
– a native applet of the device’s operating system;
– a software or a browser extension downloadable from the website of the VPN service provider;
– a software agent supplied together with hardware that supports the creation of these networks (routers, firewalls, NAS, etc);
– a program developed by a security vendor.
Types of VPNs by topology
Virtual Private Network is a way of using global shared and public networks to expand the boundaries of a major private corporate network in a controlled and secure manner, but it does not mean a single type of technology and implementation.
From a VPN topology point of view we can identify two types, often present in the same company:
1. remote access VPN is the simplest and most common type and only provides for the possibility that some users can connect remotely to the company’s major network.
2. site-to-site VPNs allow you to create tunnels, through public and shared networks, between different corporate sites.
This type of VPN, from a topological point of view, usually uses the hub-and-spokes model. The name derives from the analogy with the wheel of a bicycle. In this case, the hub is the company’s major network, where the VPN server is located. Spokes are the geographic networks (MPLS or Internet) used to connect remote offices to the major network. Also in the latter, Virtual Private Network solutions can be implemented that allow access to their servers by remote users or additional branches which – in cascade – can also be re-routed to the major network of the headquarters.
In addition to the topology differences, there are also differences among the Virtual Private Networks depending on the level of security and more. In particular, VPNs are divided into three main categories: Trusted VPN, Secure VPN and Hybrid VPN.
Trusted VPN
Trusted VPNs are virtual private networks in which encrypted tunnelling is not provided. Traditionally, Virtual Private LANs created within a company belong to this category. Virtual Private LAN Services are based on layer 2 (data link) of the OSI model and allow you to create virtual networks that share the same physical network but whose respective hosts cannot cross over from one network to another.
As we’ve already noted, VPNs don’t necessarily use the Internet as a wide area network – they can use MPLS WANs as well. These providers are able to offer routes to virtual networks that are predefined, controlled, protected and with guaranteed quality of service. In their armoury, therefore, there are the technologies used by the Trusted VPN.
Secure VPN
The main advantage of Secure VPNs is that VPN tunnels are created using encryption and security protocols such as IPsec, TSL / SSL, PPTP (Point to Point Tunneling Protocol) or SSH. These protocols are used by both nodes of a VPN. Consequently, if a hacker were able to intercept packets of network traffic, he would find only illegible data inside. Unlike a Trusted VPN, a Secure VPN allows you to use the Internet in an extremely flexible way: what matters is only having connections available, even public Wi-Fi.
Hybrid VPN
Today the Hybrid VPN model is emerging, which allows combining the advantages of Trusted VPNs (such as path control) and Secure VPNs (content and tunnel encryption). Many Trusted VPNs are updating with the addition of Secure Virtual private network features as a security overlay on technologies already in use.
Ultimately, all VPN types have their advantages. Choosing a VPN service that really suits your needs is a matter of wisdom.