Network Security - Virtual Private Networks (VPNs)

1. What is a VPN?

A Virtual Private Network (VPN) is a technology that creates a secure, encrypted connection over a public network (like the Internet).

  • It allows users to send and receive data safely as if they were connected directly to a private network.

  • Main purposes:

    • Privacy: Hide your IP address and encrypt data

    • Security: Protect sensitive data over unsecured networks

    • Remote access: Connect to corporate networks from anywhere

2. Types of VPNs

a) Site-to-Site VPN

  • Connects entire networks at different locations.

  • Often used by organizations with multiple branches.

  • Can be:

    • Intranet VPN: Connects multiple branches of the same company.

    • Extranet VPN: Connects a company network with external partners securely.

  • Key point: Users in one office can access resources in another office as if they were on the same local network.

b) Remote Access VPN

  • Connects individual users to a private network.

  • Common for employees working remotely.

  • Users typically use a VPN client to log into the company network securely.

  • Key point: Only the user’s device connects to the network, not the entire network.

3. VPN Protocols

a) PPTP (Point-to-Point Tunneling Protocol)

  • One of the oldest VPN protocols.

  • Uses TCP port 1723 and GRE tunneling.

  • Pros: Simple, easy to configure.

  • Cons: Weak encryption (MS-CHAP v2), not secure against modern attacks.

  • Usage: Rarely used today.

b) L2TP (Layer 2 Tunneling Protocol)

  • Often combined with IPSec for encryption (L2TP/IPSec).

  • Function: L2TP handles tunneling; IPSec provides security.

  • Pros: Stronger security than PPTP.

  • Cons: Slower due to double encapsulation.

c) IPsec (Internet Protocol Security)

  • Operates at the network layer.

  • Provides encryption, authentication, and integrity.

  • Can be used for site-to-site or remote access VPNs.

  • Supports tunneling (VPN mode) or transport mode (encrypts only payload).

  • Pros: Highly secure, widely used.

  • Cons: Can be complex to configure.

d) SSL VPNs (Secure Sockets Layer VPN)

  • Operates at the transport layer using HTTPS.

  • Often used for remote access through a web browser.

  • Pros: No special client software required (works via browser), good for remote employees.

  • Cons: Usually limited to specific applications rather than full network access.

4. Tunneling and Encryption Techniques

a) Tunneling

  • A tunnel is a secure, encrypted “pipe” through which your data travels over a public network.

  • Types:

    1. Point-to-Point Tunneling: Direct connection between two endpoints (used by PPTP, L2TP).

    2. Layered Tunneling: Encapsulates one protocol inside another (e.g., L2TP inside IPsec).

b) Encryption

  • Protects data inside the tunnel so that even if intercepted, it cannot be read.

  • Common encryption algorithms in VPNs:

    • AES (Advanced Encryption Standard) – strong and efficient

    • DES / 3DES – older, slower, less secure

    • ChaCha20 – fast, secure alternative used in some modern VPNs

c) How it works (simplified)

  1. Data from your device is encrypted.

  2. Encrypted data is encapsulated in a tunnel protocol (PPTP, L2TP, IPsec, SSL).

  3. Data travels over the Internet safely.

  4. At the VPN server, data is decrypted and sent to the destination.

5. Real-World Analogy

  • Think of the Internet as a public highway.

  • VPN = a private, armored tunnel inside the highway.

  • Tunneling = the tunnel itself

  • Encryption = the armored walls that prevent anyone outside from seeing your car

Summary:

  • VPN types: Site-to-site (network-to-network), Remote access (user-to-network)

  • Protocols: PPTP (old), L2TP/IPSec (secure), IPsec (robust), SSL VPN (browser-based)

  • Techniques: Tunneling (secure path), Encryption (protects data inside the tunnel)