A Virtual Private Network (VPN) represents a tunneled connection over a foreign network to enable access to data and resources in another network.
VPN was originally developed to provide inexpensive and easy access to company applications and network resources for branch offices and employees from outside.
Today, even more use cases have been found, such as bypassing censorship measures and geo-blocking, or connecting to a proxy server to better protect your location and personal data.
Encryption, although often used for a VPN connection, is not an integral part.
The most common distinction between VPN connections is based on the topology (structure of the connections in a computer network):
This form of VPN is often used by companies and private individuals and is often implemented by users having VPN client software installed on their devices, which connects them to their company or their VPN provider.
This VPN represents a direct connection between several work computers. It is important that the end devices involved (mostly computers) have a VPN protocol installed (see the sub-item “A selection of protocols”), since they communicate directly with one another and not via a VPN server that manages communication.
Site-To-Site VPNs are considered the classic in the corporate environment. Here, two or more Local Area Networks (LANs) at different locations are connected to each other. Branch offices with the main office, hospitals that connect to exchange data or research groups that merge.
Site-to-site VPNs are further divided into intranet VPNs and extranet VPNs.
Intranet VPNs are networks in which all connected groups are fully trusted. The focus here is more on speed of data exchange than security.
Extranet VPNs focus on security because their main purpose is to connect your internal network to the networks of business partners and suppliers. Each participant should only have access to certain resources.
PPTP (Point-to-Point Tunneling Protocol) is an extension of the Point-to-Point Protocol and was proposed by the IETF in 1996 as the standard protocol for Internet tunneling. Due to its age, it is compatible with almost all operating systems and requires little processing power, but is limited to IP, IPX and NetBEUI. The encryption methods of PPTP are classified as too weak according to today's standards and should be considered as a last resort.
L2F (Layer 2 Forwarding) is a protocol from Cisco. It supports different protocols and multiple independent parallel tunnels. However, user identification is even weaker than with PPTP and additional data encryption is not provided.
L2TP (Layer 2 Tunneling Protocol) is a further development of the aforementioned protocols. L2TP does not provide authentication, integrity and encryption mechanisms. L2TP typically works with pre-shared keys and user accounts, so it comes bundled with other protocols such as IPSec to protect the tunneled data.
IPSec (Internet Protocol Security) is a collection of protocols, standards and recommendations. IPSec works on IPv4 and IPv6. IPSec has two different operating modes: transport mode and tunnel mode. In transport mode, only the data part is encrypted. This mode requires that all network nodes involved must be able to use IPSec, and it allows attackers to at least analyze the data traffic in a network.
In tunnel mode, the entire IP packet is encrypted and given a new IP header. The advantage is that only one gateway that accepts and converts these packets needs to be configured in the networks involved.
However, IPSec is not easy to configure for the average PC user and can pose a security risk if configured incorrectly.
The increasing trend towards remote working and the networking of the company network with business partners make the correct use of VPN increasingly important to protect yourself and others.
