VPN Basic Concepts and Classification
The term VPN (Eng. “Virtual Private Network”) refers to a group of technologies that provide a network connection, or the so-called logical network, functioning on top of some other network, usually the Internet.
Although data is transferred to a VPN over networks with a low level of trust, thanks to the use of cryptography, the level of trust in a VPN can be arbitrarily high. Among the cryptography tools used are encryption, means to protect against changes in transmitted messages, public key infrastructure and authentication. Depending on the final destination, the VPN implements three types of connections: network-to-network, node-to-network and node-to-node.
VPN implementation and structure
The use of cryptography tools allows you to use the basic network protocols (UDP, TCP, etc.) unchanged, and most often to create a VPN encapsulation of the PPP protocol is used in another protocol, for example, IP or Ethernet. With a good level of implementation and application of specialized software, VPN provides a high level of information encryption and genuine anonymity on the Internet.
Structurally, a VPN consists of two functional parts: an “internal” network (there may be several) and an “external” network (usually the Internet). The remote user connects to the VPN through the access server, which is included in both the “internal” and the “external” network. In this case, the server will require the user to authenticate, and then authenticate, after which he is endowed with the necessary permissions on the network.
There are several VPN classifications for various basic parameters.
By the method of implementation
Software solution. For the functioning of the VPN, a PC with specialized software is used.
Hardware and software solution. To implement a VPN, a set of special software and hardware is used. Due to this approach, high performance and security are provided.
Integrated Solution. VPN implementation is provided by a hardware-software complex that simultaneously solves the problems of organizing a firewall, filtering traffic, etc.
By degree of security
Trusted. Implemented when you need to create a virtual subnet as part of a large network. In this case, the transmission medium is considered trustworthy, and the security problems are considered irrelevant.
Protected. This is the most popular type of VPN, with the help of which secure and reliable networks are created on the basis of unreliable networks, for example, the Internet.
Extranet VPN. Virtual networks into which “external” users can connect – clients or customers. Since they are less trusted than company employees, there is a need to create certain rules restricting the access of “external” users to confidential or commercial information.
Remote Access VPN. It is implemented to provide a secure channel between the corporate network and a user connected to the secure network from the outside, for example, from a home PC.
Internet VPN. Implemented by providers to provide access to clients connecting on the same physical channel.
Intranet VPN. It combines a number of branches of one company geographically distributed into a secure network to exchange information through open channels.
Client / Server VPN. Protects data transferred between nodes of a corporate network (but not networks). It is usually implemented for nodes located in the same network segment, for example, the client machine and the server. This option is used to divide one physical network into several logical ones.
By protocol type
There are VPN implementations on the market for TCP / IP, AppleTalk, and IPX networks. However, the most relevant trend is the transition to TCP / IP, so most solutions only support it.
Today, there are several popular VPN implementations, among which are worth mentioning PPTP, OpenVPN, L2TP, PPPoE, IPSec. By the way, large Internet providers often offer services to business clients for organizing a VPN. We offer this technology to ordinary users.