A VPN is a secure, encrypted connection of the user to the  network, with which he can bypass local restrictions and maintain confidentiality.

Depending on the protocols used and the purpose, a VPN can provide three types of connections: node-to-node, node-to-site and site-to-network.

Typically  , VPNs are deployed at levels no higher than the network, since the use of cryptography at these levels allows the use of transport protocols (such as TCP,  UDP) in an  unchanged form.

 Microsoft Windows users refer to the term VPN as one of the implementations of a virtual network – PPTP, and often used not to create private networks.

Most often, to create a virtual network, you use the encapsulation of the PPP protocol  in some other protocol – IP (this method is used by the implementation of PPTPPoint-to-Point Tunneling Protocol) or Ethernet (PPPoE) (although they also have differences).

 VPN technology  has recently been used not only to create private networks proper, but also by some “last mile” providers  in the post-Soviet space to provide access to the Internet.

With the proper level of implementation and the use of special software, a VPN network can provide a high level of encryption of the transmitted information.

A VPN consists of two parts: an “internal” (controlled) network, of which there may be several, and an “externalnetwork through which the encapsulated connection passes (usually the Internet is used).

You can also connect an individual computer to the virtual network.

The connection of the remote user to the VPN is made through an access server that is connected to both the internal and external (public) network. When a remote user connects (or when establishing a connection with another secure network), the access server requires an identification process, and then an authentication process. After successfully passing both processes, the remote user (remote network) is given the authority to work  in the network, that is, the authorization process takes place.

VPN Classification

According to the degree of protection of the environment used:

1)Protected

The most common variant of virtual private networks. With its help, it is possible to create a reliable and secure network based on an unreliable network, usually the Internet. Examples of secure VPNs are: IPSec , OpenVPN , and PPTP .

2)Trustworthy

They are used in cases where the transmitting environment can be considered reliable and you only need to solve the problem of creating a virtual subnet within a larger network. Security issues become irrelevant. Examples of such VPN solutions for PC  are: Multi-protocol label switching (MPLS) and L2TP (Layer 2 Tunnelling Protocol) (it would be more accurate to say that these protocols shift the task of security to others, for example, L2TP, as a rule, is used in tandem with IPSec).

By method of implementation

1)In the form of special software and hardware

The implementation  of the VPN network is carried out using a special set of software and hardware. This implementation provides high performance and, as a rule, a high degree of security.

2)As a software solution

A personal computer with special software that provides VPN functionality is used.

3)Integrated solution

 VPN functionality  is provided by a complex that also solves the problems of filtering network traffic, organizing a firewall and ensuring quality of service.

By appointment

Intranet VPN

It is used to unite several distributed branches of one organization into a single secure network, exchanging data via open communication channels.

Remote-access VPN

It is used to create a secure channel between a segment of the corporate network (central office or branch office) and a single user who, working at home, connects to corporate resources from a home computer, corporate laptop, smartphone or Internet kiosk.

Extranet VPN

Used for networks to which “external” users (for example, customers or clients) connect. The level of trust in them is much lower than in the company’s employees, so it is necessary to ensure special “frontiers” of protection that prevent or limit the latter’s access to especially valuable, confidential information.

Internet VPN

It is used by providers to provide access to the Internet, usually if several users connect via one physical channel.  PPPoE has become a standard in ADSL connections.

L2TP was widespread in the mid-2000s in home networks: in those days, intranet traffic was not paid, and external traffic was expensive. This made it possible to control costs: when the VPN connection is turned off, the user does not pay anything. Currently (2012) wired Internet is cheap or unlimited, and on the user’s side there is often a router on which it is not so convenient to turn on and off the Internet.  like on a computer. Therefore, L2TP access is becoming a thing of the past.

5) Client/server VPN

This option provides protection for transmitted data between two nodes (not networks) on the corporate network. the peculiarity of this option is that the vpn is built between nodes that are usually on the same network segment, such as between a workstation and a server. This is very often the case when you want to create multiple logical networks on the same physical network. for example, when you want to divide traffic between the finance department and the human resources department that access servers that are on the same physical segment. this option is similar to the technology  VLAN, but instead of splitting traffic, its encryption is used.

By Protocol Type

There are implementations of virtual private networks for TCP/IP, IPX and AppleTalk. But today there is a tendency to a general transition to the TCP/IP protocol, and the vast majority of VPN solutions support it.  Addressing in it is most often selected in accordance with the RFC5735 standard  , from the range of Private TCP/IP networks.

By Network Protocol Layer

By network protocol layer based on mapping to the layers of the ISO/OSI reference network model.

VPN connection on routers

With the growing popularity of VPN technologies, many users have begun to actively configure a VPN connection on routers for the sake of increasing network security.  A VPN connection configured on the router encrypts the network traffic of all connected devices, including those that do not support VPN technologies.

Many routers support a VPN connection and have a built-in VPN client. There are routers that require open source software such as DD-WRT, OpenWrt, and Tomato to support the OpenVPN protocol  .

Vulnerability

The use of WebRTC technology  , which is enabled by default in each browser, allows a third party to determine the real public IP address of the device operating through the VPN. This is a direct threat to privacy, because knowing the real IP address of  the user, you can uniquely identify him on the network. To prevent leakage of the address, it is recommended to either completely disable  WebRTC in the browser settings, or install a special add-on.

VPNs are vulnerable to an attack called fingerprinting of website traffic. Very briefly: this is a passive interception attack; although the adversary is only observing encrypted traffic from the  VPN, it can still guess which website is being visited because all websites have certain traffic patterns. The content of the transmission is still hidden, but which website it is connecting to is no longer a secret.

Next articleHTC Incredible S has a signed bootloader and recovery

Leave a Reply