Virtual Private Network (VPN)

Basic principle

A Virtual Private Network (VPN) is a network constructed over the Internet and other existing networks, that allows easy and secure data transfers between the participants. The basic technique used to construct this a VPN is called "tunneling".

Tunneling

Click to enlarge.
Structure and operating principle of common VPN

With tunneling technology, packets transmitted on a physical communications medium, such as conventional LAN cable or optical fiber, are encapsulated as data of another protocol, such as TCP/IP packets. Encapsulated data is transmitted through a so-called a "tunnel" between the start and destination point. The other party who receives the encapsulated data removes the capsules from the original packets.

Advantages

Inexpensive Internet connection instead of a dedicated line

With VPN software, data transfers from remote PCs to the network, and between different local networks can be established over a comparatively cheap Internet connection, without using dedicated line services or satellite links that charge high usage fees, even though a software VPN offers more robust security.

Click to enlarge.
VPN uses a fast and inexpensive Internet connection instead of a dedicated line

Data Security through Encryption

One of the advantages of using VPN is enhanced security by encryption.

An IP network that can be accessed by anyone such as the Internet is always exposed to danger of eavesdropping, i.e. third persons reading the data, manipulation, i.e. third persons changing the data, and masquerading, i.e. servers or users posing as someone else. Even dedicated line service and satellite links are not safe against wiretapping by third parties such as untrustworthy communications company employees and governments.

Click to enlarge.
Dangers of sending and receiving data over the Internet

In a secure VPN, encryption protects transmitted data from eavesdropping. It is also protected from manipulation and masquerading by the use of electronic signature.

Other Internet security protocols like HTTPS only protect one type of data, such as data submitted to a Website, and leaves other data unprotected, such as e-mails, instant messenger, ftp file transfers, and VoIP calls. Only a VPN makes sure all data are transmitted on the network in a secure tunnel.

Click to enlarge.
Standard HTTPS leaves a lot of sensible data unprotected

Protection from malicious content

On the Internet, packets can be transmitted from any IP to any IP, so there is always the danger that servers and clients receive unwanted packages with malicious content like worms, viruses and trojan horses. A VPN ensures that data cannot be infected with malicious content on the way. Because a VPN Client can authenticate the server, a VPN also provides protection from phishing attacks that lead users to fake websites to steal passwords, personal data and credit card numbers.

Together with other security measures like firewalls and virus scanners, a VPN is an important part of a secure network environment.

Click to enlarge.
A VPN prevents eavesdropping and data manipulation by third parties

See Chapter 1.4 of the PacketiX VPN 2.0 Online Manual for more information about the working principles of a VPN.