What is a Virtual Private Network?
A virtual private network (VPN) is a private communications network often used by companies or organizations, to communicate confidentially over a public network. VPN traffic can be carried over a public networking infrastructure (e.g. the Internet) on top of standard protocols, or over a service provider's private network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider. A VPN can send data (e.g., voice, data or video, or a combination of these media) across secured and encrypted private channels between two points. Authentication mechanism Virtual private networks can be a cost effective and secure way for different corporations to provide users access to the corporate network and for remote networks to communicate with each other across the Internet. VPN connections are more cost-effective than dedicated private lines; usually a VPN involves 2 parts: the protected or "inside" network, which provides physical and administrative security to protect the transmission; and a less trustworthy, "outside" network or segment (usually through the Internet). Generally, a firewall sits between a remote user's workstation or client and the host network or server. As the user's client establishes the communication with the firewall, the client may pass authentication data to an authentication service inside the perimeter. A known trusted person, sometimes only when using trusted devices, can be provided with appropriate security privileges to access resources not available to general users. Many VPN client programs can be configured to require that all IP traffic must pass through the tunnel while the VPN connection is active, for increased security. From the user's perspective, this means that while the VPN connection is active, all access outside the secure network must pass through the same firewall as if the user were physically connected to the inside of the secured network. This reduces the risk that an attacker might gain access to the secured network by attacking the VPN client's host machine: to other computers on employees’ home network, or on the public internet, it is as though the machine running the VPN client simply does not exist. Such security is important because other computers local to the network on which the client computer is operating may be un-trusted or partially trusted. Even with a home network that is protected from the outside internet by a firewall, people who share a home may be simultaneously working for different employers over their respective VPN connections from the shared home network. Each employer would therefore want to ensure their proprietary data is kept secure, even if another computer in the local network gets infected with malware. And if a traveling employee uses a VPN client from a Wi-Fi access point in a public place, such security is even more important. However, the use of IPX/SPX is one way users might still be able to access local resources.
|