VPN (Virtual Private Network)

Our in­creas­ing­ly in­ter­con­nect­ed world offers many pos­si­bil­i­ties for op­ti­miz­ing business processes. More and more companies use the internet to interlink their various offices and locations, integrate partners into their own IT in­fra­struc­ture, or enable home office or remote access to the workplace. Yet companies should be aware that any of these im­ple­men­ta­tions can cause a security breach. In order to make trans­fer­ring sensitive data possible, a host of different com­mu­ni­ca­tion tech­nolo­gies are used. A common solution is in the form of a VPN.

Generally, VPNs are used for one of the following three main reasons: to in­ter­con­nect two or more company locations via a public network (site-to-site VPN), to remotely access the company network when traveling or from home (end-to-site VPN), or to remotely access one computer from another computer (end-to-end VPN).

A site-to-site VPN is used when multiple local networks are to be connected to a virtual com­mu­ni­ca­tion network, via a public transport medium. Such scenarios are possible, for example, when con­nect­ing different company locations with one another. Al­ter­na­tive­ly, location networks can also be realized, in the form of a corporate network. Corporate networks are based on a private fixed con­nec­tion, but companies have to rent the cor­re­spond­ing in­fra­struc­ture first in order to use it. A con­nec­tion via VPN, on the other hand, relies on a public network.  Here an internet con­nec­tion is the only cost involved. Creating a site-to-site VPN also requires a VPN router; these are needed to build the con­nec­tion between the VPN tunnel and the local network. Other terms used to describe a site-to-site VPN include: LAN-to-LAN or Branch-Office VPNs.

Companies tend to use end-to-end VPNs whenever their networks are to be made available for mobile users working in the field of from their home offices. The tunnel to the local network is created through a VPN client on the external employee’s terminal device; here the main transport medium is also the internet. This enables employees to access the company network (and so any file and mail server located within this) simply via internet con­nec­tion. An end-to-site VPN is also referred to as a remote-access VPN.

And end-to-end VPN occurs if setting up a network with remote access isn’t possible, and can only be done by con­nect­ing one computer to another one. Working on a remote desktop would be a classic use case for this kind of VPN con­nec­tion. Here, a software program is executed on one computer, and displayed and used on another one. The transport medium for such ap­pli­ca­tions can be the internet or a local company network. For business-related purposes, remote desktop VPNs are used when an employee seeks to access their work computer from home.

Many different protocols are used when im­ple­ment­ing an encrypted con­nec­tion via VPN. The most common solutions rely on IPSec, L2TP over IPSec, and SSL.  

‘Internet protocol security’ (IPSec) is a protocol suite designed for the internet protocol (IP) with version 6 (IPv6) and enables secure com­mu­ni­ca­tion via non-trust­wor­thy IP networks. En­cryp­tion and au­then­ti­ca­tion mech­a­nisms help ensure that the data traffic’s privacy, au­then­tic­i­ty, and integrity are safe­guard­ed. IPSec was developed with IPv6 and was retroac­tive­ly specified for IPv4.

A VPN im­ple­ment­ed with LTOP over IPSec uses the ‘Layer 2 Tunneling Protocol’ (L2TP). L2TP alone doesn’t contain any en­cryp­tion. For this reason, the protocol is normally combined with IPSec. While IPSec is only able to tunnel IP packets, L2TP supports a variety of packet-trans­fer­ring protocols. The com­bi­na­tion L2TP over IPSec combines the strengths of both standards. The result is a highly secure and flexible tunneling protocol.

SSL was orig­i­nal­ly developed for use within HTTP en­vi­ron­ments. This is why the en­cryp­tion protocol is used for securing VPN con­nec­tions. Open VPN is a popular software solution for setting up a virtual private network.