【My Study Note】Virtual Private Networks
Virtual Private Networks
Businesses have lots of reasons to want to keep their network secure, and they do this by using some of the technologies like firewalls, NAT, and use of non-routable address space.
Organizations often have proprietary information that needs to remain secure.
Network services that are only intended for employees to access, and other things. One of the easiest ways to keep a network secure is to use various securing technologies so that only devices physically connected to their local area network can access these resources.
But employees aren’t always in the office. They might be working from home or on a business trip, and they might still need access to these resources in order to get their work done. That’s where VPNs come in.
VPN
VPNs (Virtual private networks) are a technology that allows for the extension of a private or local network to a host that might not work on that same local network.
VPNs come in many flavors and accomplish lots of different things. But the most common example of how VPNs are used is for employees to access their business’s network when they’re not in the office.
VPNs are a tunneling protocol, which means they provision access to something not locally available. When establishing a VPN connection, you might also say that a VPN tunnel has been established.
The employee could use a VPN client to establish a VPN tunnel to their company network. This would provision their computer with what’s known as a virtual interface with an IP that matches the address space of the network they’ve established a VPN connection to.
By sending data out of this virtual interface, the computer could access internal resources just like if it was physically connected to the private network.
Most VPNs work by using the payload section of the transport layer to carry an encrypted payload that actually contains an entire second set of packets.
The network, the transport, and the application layers of a packet intended to traverse the remote network.
Basically, this payload is carried to the VPNs end point where all the other layers are stripped away and discarded. Then the payload is unencrypted, leaving the VPN server with the top three layers of a new packet. This gets encapsulated with the proper data link layer information and sent out across the network.
This process is completed in the inverse, in the opposite direction. VPNs usually requires strict authentication procedures in order to ensure that they can only be connected to computers and users authorized to do so.
Two-factor Authentication
In fact, VPNs were one of the first technologies where two-factor authentication became common. Two-factor authentication is a technique where more than just a username and password is required to authenticate.
Usually, a short-lived numerical token is generated by the user through a specialized piece of hardware or software. VPNs can also be used to establish site-to-site connectivity. Conceptually, there isn’t much difference between how this works compared to our remote employee’s situation.
It’s just that the router, or sometimes a specialized VPN device on one network establishes the VPN tunnel to the router or VPN device on another network. This way two physically separated offices might be able to act as one network and access network resources across the tunnel.
It’s important to call out that, just like Nat, VPNs are a general technology concept, not a strictly defined protocol. There are lots of unique implementations of VPNs, and the details of how they all work can differ a ton.
The most important takeaway is that VPNs are a technology that uses encrypted tunnels to allow for a remote computer or network to act as if it’s connected to a network that it’s not actually physically connected to.