VPN stands for Virtual Private Network. This is a technology that allows one to remotely connect to a private network, so that they are “virtually” connected to that network, as though they are on-site and plugged into the LAN. VPN is useful for remote workers to connect to office resources, such as internal web portals and file shares, without needing to be physically in the office. In this computer networking notes VPN tutorial, we will take a brief overview of the different types and uses of VPN.
There are many different VPN protocols and types of VPN’s. LAN-to-LAN VPN’s are used to connect multiple networks together. For example, a corporate office may wish to have connectivity to multiple branch offices for internal communication and resource access. This allows edge firewalls to still block any outside access that tries to connect to its protected resources, but still allow these VPN connections as though they are “internal” or already on the trusted side of the firewall. IPSec is a collection of security protocols that are most commonly used for LAN-to-LAN VPN’s, providing a robust set of varying encryption and authentication protocols.
Remote workers connect to remote VPN’s. These are usually temporary, or “dial-in” connections. Microsoft Windows comes with PPTP (Point-to-Point Tunneling Protocol) built-in, which provides an easy access method to roll out. However, PPTP relies on a weak encryption protocol, called MS-CHAP, which makes it a less favorable option. IPSec can also be used for remote VPN’s, with the use of special third-party client software, and/or IPv6. SSL VPN’s are becoming more popular for remote access VPN’s, as they provide a secure connection, as well as the easiest option for remote workers. With a SSL VPN, remote workers can usually login to a HTTPS web page that allows them to download an app (often a Java app) that serves as the client software. After the initial install, clients can usually run the app without having to login to the web page. SSL VPN’s also may allow access from the web portal to certain resources without needing to give remote workers a full network connection to the private network.
Aside from granting access to remote workers, VPN is sometimes used to mask a host’s true identity. This presents a security concern, since VPN can be used as an encrypted tunnel to transport classified data off of a corporate LAN. Modern data loss prevention (DLP) and firewall rules not allowing outbound VPN connections are a good starting point, but SSL is very difficult to accurately block, due to the fact that many legitimate secure websites use SSL. VPN services can also be subscribed to for masking a host’s external IP. For example, a site or service may only be allowed in the UK, but if someone in the United States connects to a UK VPN server and uses it to browse to the site, it would appear they were in the UK.