The virtual private network (VPN) was originally a cost-saving solution for companies that had multiple offices connected via private and dedicated high-speed connections. If you think getting a T1 Internet connection in one office is expensive, try building your own internet using private lines connecting each branch office. It’s an economic disaster.
Consequently, people started looking for ways to use the Internet to connect business locations. The Internet was relatively inexpensive, and most companies already had the necessary infrastructure in place. The only problem was the complete lack of security on the Internet. Sending critical business data across the Internet unprotected is like randomly handing out payroll and human resouces records to
people on the street.
One solution is to use full-time encryption to secure all of the business traffic passing between two networks on the Internet. This creates the equivalent of a private network, but in the midst of the public Internet. The concept was creatively dubbed the “Virtual Private Network.” Think of it as a giant outdoor tunnel going down the middle of an Interstate expressway (or an Autobahn). Only authorized cars can get into the tunnel, and from the outside nobody can see in, so it’s impossible to see what type of cars are traveling and how many passengers are in each car.
The virtual private network is a simple, yet powerful, extension of encryption. Instead of merely encrypting a single message or a data file, every piece of data exchanged between two systems or networks is encrypted. Any system with the right authentication information can become part of a VPN. Ultimately, every VPN is created between two machines. It doesn’t matter what type of machine; laptops can connect to firewalls and servers can connect to other servers. Any two machines that encrypt communications over a network are creating a VPN.
This broad definition of a virtual private network includes some things that we don’t immediately associate with VPNs. Secure web connections are essentially a temporary VPN between a web browser and a web server. Likewise, secure remote access connections such as Secure Shell (SSH) create a limited VPN between two machines. SSH is actually a special case, since it can actually be used as a VPN solution on its own. We will provide more information on that topic later.
In the commercial world, the definition of a VPN is a little bit narrower. Commercial VPN solutions try to ensure that all business data travels across an encrypted link. A commercial VPN is usually a black box that sits on the network near the firewall. Each branch office has its own VPN box. The VPN device encrypts all of the traffic between the two or more locations. Individual remote users present a more difficult scenario—most will be connecting via modem or broadband connection. These individuals are not going to be able to install a black box, so instead they use software that mimics the VPN device, encrypting communications between the remote users and the corporate network.
The above information is the start of a chapter in "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.
Below, you'll find links to online resources that supplement this portion of the book.