Explain how a Virtual Private Network (VPN) works

May 31, 2020 | Kim Crawley

This blog was written by an independent guest blogger.

Global health events in 2020 have accelerated a trend. Office workers are working from home more frequently. This is great for many reasons. Companies can save money on office space. People are often more productive in the environment they’re most comfortable in, their homes. Rush hour can be mitigated with fewer cars on the road.

When people connect to their company networks from home, cybersecurity is just as important as when they’re working on their employer’s premises. A lot of sensitive data is on those networks. And a man-in-the-middle attack on their remote connections from home can grant an attacker a dangerous amount of access. The most effective way to secure their communication channels between their workplaces and home is by routing through a VPN.

Why VPNs are top of mind right now

Consumers are also becoming more aware of cyber risks. It’s now understood that all network data should be encrypted, even for everyday internet use. Commercial VPN services have become a popular way to secure internet traffic through both encrypted and unencrypted internet ports.

VPN use is on the rise for industries and consumers alike. It’s important to understand how VPN works to optimize both security and functionality.

What is a VPN and how does it work?

A virtual private network (VPN) is a series of virtual connections routed over the internet which encrypts your data as it travels back and forth between your client machine and the internet resources you're using, such as web servers. Many internet protocols have built-in encryption, such as HTTPS, SSH, NNTPS, and LDAPS. So assuming that everything involved is working properly, if you use those ports over a VPN connection, your data is encrypted at least twice!

PCs, smartphones, tablets, dedicated servers, and even some IoT devices can be endpoints for a VPN connection. Most of the time your client will need to use a VPN connection application. Some routers also have built-in VPN clients. Unlike proxy networks such as Tor, VPNs shouldn't noticeably slow down your internet traffic under usual circumstances. But some VPNs are faster than others, and one of the most important factors is how many VPN clients are using a VPN server at any given time.

A VPN connection usually works like this. Data is transmitted from your client machine to a point in your VPN network. The VPN point encrypts your data and sends it through the internet. Another point in your VPN network decrypts your data and sends it to the appropriate internet resource, such as a web server, an email server, or your company's intranet. Then the internet resource sends data back to a point in your VPN network, where it gets encrypted. That encrypted data is sent through the internet to another point in your VPN network, which decrypts the data and sends it back to your client machine. Easy peasy!

VPN Solution for Business

Connect your locations and users more securely. For offices, business partners, cloud providers, remote and mobile workers.

Learn more

Types of VPN technologies

Different VPNs can use different encryption standards and technologies. Here's a quick list of some of the technologies that a VPN may use:

  • Point-to-Point Tunneling Protocol: PPTP has been around since the mid 1990s, and it's still frequently used. PPTP in and of itself doesn't do encryption. It tunnels data packets and then uses the GRE protocol for encapsulation. If you're considering a VPN service which uses PPTP, you should keep in mind that security experts such as Bruce Schneier have found the protocol, especially Microsoft's implementation of it, to be quite insecure.
  • IPSec: You should consider IPSec to be a better alternative to PPTP. IPSec is actually a suite of different protocols and technologies. Packet encapsulation is done through the ESP protocol, and AES-GCM, AES-CBC, 3DES-CBC, or HMAC-SHA1/SHA2 may be used for encryption.
  • Layer 2 Tunneling Protocol: L2TP can be used for tunneling with IPSec for added security.
  • Secure Shell, otherwise known as SSH can be used to handle both the tunneling and encryption in a VPN network.

Choosing a VPN service that fits your needs

So now that you understand the basics of what VPN is and how it works, you may be considering using one yourself. In lieu of endorsing any particular company's services, I'll give you some tips on how to choose a good VPN service.

The physical location of the VPN service should be considered. If you want to bypass region-based content blocking, you will want the VPN to be operating in the country that you want to appear to be in from the perspective of the company that's delivering your media. For example, a lot of people here in Canada use American VPNs so that they can access the content that Netflix only makes available to the American market. You may also want to consider the laws of the jurisdiction of where your VPN is physically located. For example, American VPNs may be subject to search warrants from American law enforcement agencies.

Consider what sort of devices you'll be using with your VPN. Are you only going to use the VPN with your PC? Or do you also want to be able to use the VPN on your smartphone or tablet? Which operating systems do you use? Some VPN providers offer dedicated mobile apps, and some VPN providers require software that's only compatible with certain operating systems.

If you’re a consumer, perhaps a commercial VPN service is the best solution. They’re offered for low monthly or yearly fees, and they also come with mobile and desktop apps to make using a VPN easy even if you don’t have much technical knowledge. But it’s important to be able to trust your VPN provider, as all of your internet traffic will be routed through them. Do they keep logs? Do they secure their VPN servers from cyber attack?

Businesses and enterprises may prefer to set up their own VPN services. Install a VPN server on the company’s premises, and make sure to protect them from cyber attackers. Having your own VPN servers offers your business control over your own data, and proper implementation can also help with regulatory compliance.

All data in transit should be encrypted these days. VPNs are a feasible way to help protect data from man-in-the-middle attacks.

Kim Crawley

About the Author: Kim Crawley, Guest Blogger

Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine. Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her first talk at an infosec convention, a penetration testing presentation at BSides Toronto. She considers her sociological and psychological perspective on infosec to be her trademark. Given the rapid growth of social engineering vulnerabilities, always considering the human element is vital.

Read more posts from Kim Crawley ›

TAGS: vpn, explain

‹ BACK TO ALL BLOGS

Watch a demo ›
Get price Free trial