A virtual private network (VPN) is a network overlay that enables individual users, groups or remote offices secure access to their organization’s network over an insecure, shared, publically accessible infrastructure such as the public Internet. In other words, a VPN extends a private network over a public network, like the Internet. The systems that allow users to create and use VPNs makes use of encryption and other security mechanisms to ensure that the network is only accessible to authorized devices and that the data is protected from any interception by third parties such as hackers or competitors.
There are two broad categories of VPNs: Site-to-Site VPNs and Remote Access VPNs.
Site-to-Site VPNs are most commonly used to connect offices with branches in different locations without the use of a private point-to-point circuit. A site-to-site VPN allows these offices to establish private, secure connections with each other over the Internet. A site-to-site VPN may be used to connect the network of a company headquarters to the network of one of the branch offices. Not all types of network communication are well suited for travelling inside a VPN, since the underlying Internet is a best-effort delivery solution.
With Site-to-Site VPNs, the company’s network is extended, allowing for computer resources at one location to be available to workers at another location (or multiple locations). Because site-to-site VPNs can work over third-party networks such as the public Internet, these private networks can extend all the way around the world. A company headquartered in Japan can establish private virtual networks in the United States and/or Australia.
There is no VPN client software and therefore no client performance impact in a site-to-site VPN. Instead, the client sends and receives standard IP traffic on its private network. If the destination is at a remote location, the traffic is routed through a VPN gateway, which encapsulates and encrypts the outbound traffic. The traffic is sent through a VPN tunnel over the public Internet to a corresponding peer VPN gateway at the target site. Once the packet is received at the target site, the peer gateway knows how to decapsulate and decrypt the content and then forwards the original packet to the target host in the private network.
Remote Access VPNs
Remote Access VPNs are utilized when individual users need to establish a safe and secure connection to a remote computer network. Since it allows individual hosts to connect to private networks, Remote Access VPNs are a standard technology for businesses that allow their employees to work remotely since this allows users to access the resources on the private host/company network as if they were directly patched in.
Remote Access VPNs are great for companies who have travelling salespeople who need to access their company’s network securely over the public Internet or any company with workers who don’t always work in the company office.
For a Remote Access VPN to be established, each host needs to have VPN Client Software. When the host attempts to send traffic, the VPN client software encrypts and encapsulates the traffic before it’s sent over the public Internet to its target, a VPN gateway at the edge of the target network. Similarly to the Site-to-Site VPN, once the packet is received at the target site, the peer gateway knows how to decrypt and decapsulate the original content and then sends the packet to the target host in the private network. If the target host inside the private network returns a response, the VPN gateway performs the reverse process to send an encrypted response back to the VPN client over the Internet.
Should Your Company Utilize VPNs?
Many companies are moving their information to web-based portals that are remotely accessible by customers and employees alike. These portals may provide similar functionality to remote access VPNs. The data in a web portal can even be encrypted in transit in the same manner as a VPN. With a web portal, you trust the correctness of portal software and on the password strength of the individual users to withstand brute force and application layer attacks from anyone on the Internet.
If your business allows your employees to work remotely and they need access to resources on your company’s network, Remote Access VPN would help to make sure that your end hosts remain as secure as possible. The VPN gateway is subject to external attacks and the hosts remain isolated. If your business has multiple branches that need to seamlessly share information securely, then you should investigate Site-to-Site VPNs to replace costly dedicated private circuits.
Click the link below or call our experts today to learn more about how VPNs can help protect your business!