As more and more of us work on the move, from our homes or on personal devices that we bring into the office, it is becoming increasingly important to embrace the technologies behind the VPNs that allow us to ‘remote on’ to our office networks, giving us the freedom to take advantage of these flexible work practices. The following article provides a quick guide to how they actually work.
A Quick Definition
Before doing so however it is worth spending a moment to look at what a VPN is and what it does. VPN is an abbreviation of Virtual Private Network and is a term that covers a whole range of technologies which allow users to securely connect to a network from a remote location via a public network, which, in practice, usually means the internet.
There are broadly two types of VPN. The first can be described as remote access and allows an individual user or device to access a network in another location across the internet. The second can be referred to as site-to-site and involves connecting a network in one location to a network in another.
VPNs are therefore a vital tool for those that are not working in the same physical location as the local area network (LAN) that they need to access or perhaps are in the same location but are using personal devices, as part of the generation of BYOD (bring your own device) generation of employees, which may pose certain security risks if connected directly to the network.
The key feature of a VPN is that they allow communications between separate networks to be secure. That is they allow data to travel between networks without being seen or accessed by those that should not be able to do so. To do this a VPN needs to a) make sure the right people access the virtual network in the first place and b) prevent people intercepting any data as it travels across the internet.
How They Work
To achieve the first of these, the devices at each end need to be authenticated, most commonly using passwords, but also mechanisms such as biometric scanners and digital certificates for the devices themselves. This ensures that a rogue device can’t be set up at either end to intercept data or hack into network, or that rogue users can’t gain access to the (correct) devices and networks.
To achieve the second aim, VPNs create what are termed 'tunnels' across the internet, through which the information can travel out of the reach of prying eyes, or sniffers as they are known. In the simplest sense tunnels involve the encryption of information at one end of the data transfer and then its decoding at the other.
They work by transferring encrypted packets of data across the internet and treating the sending and receiving computers as known devices (with predefined addresses) effectively on the same (albeit disconnected) network. To this end the packets actually comprise of an inner and outer packet. The outer packet has the job of transporting the inner packet across the internet from the gateway server on the sender's network to the gateway server on the receiver's network and therefore only contains information about the gateway servers to which it is going to and from. If sniffers intercept the packets they only see this information and not what data is being transported by the outer packet, or which final computer/device it is heading for, as this is all encrypted. The encrypted inner packet contains the actual data that is being transferred and has further information on the address of the destination computer on the destination network as well as the sending computer on the sending network - both of which have been assigned IP addresses which define them as being on the same virtual (remotely connected) network. The outer packets are decrypted when they reach the VPN server on the destination network and the inner packets are then routed to the correct destination computer.
It is analogous to putting a protective bubble around the encrypted inner packet whilst it is travelling across public networks - sniffers can see where this bubble is going but they can't see what is in it. The bubble can only be peeled away when it reaches its destination network whilst its contents can only be decrypted by the specified destination computer on that network.
There are a variety of technologies that are used to generate and interpret these encrypted packets such as IPSec (Internet Protocol Security) and TLS (Transport Layer Security) as well as a few proprietary technologies depending on the VPN Provider in question but they all have the same purpose and aim: to allow computers to securely join remote networks across open public networks.
© Stuart Mitchell 2012
No comments:
Post a Comment