FORMAL DEFINITION
A Virtual Private Network VPN (Virtual Private Network) is a communication environment in which access to communication between individual entities is controlled. The communication environment is created on the basis of a predefined form of distribution of the common communication medium, which is further able to provide network services on a non-exclusive basis.
NON-FORMAL DEFINITION
A Virtual Private Network VPN is a non-public (computer) network built within a public network infrastructure, such as the Internet. Typically, this network provides secure connection of remote branches or subscribers to the parent network.
From the previous definitions, it can be briefly stated that a VPN is essentially a logical network within a shared public infrastructure. It provides the same performance and rules like any private LAN (Local Area Network).
A major problem with the use of VPNs is to ensure their security and service delivery in the required quality and with respect to QoS (Quality of Service) indicators. Both of these requirements do not address network infrastructure based on TCP/IP (Transmission Control Protocol/Internet Protocol).
The security requirements are addressed by the VPN design:
- tunneling,
- encrypting,
- authentication and
- access control.
The term "tunneling" is understood as a process of encapsulating an original packet into another. The original packet is unreadable for all intermediate devices during its transmission.
The reason for the implementation of tunneling is to ensure safety and to create a transport mechanism between geographically remote locations. Encapsulation can for example use GRE (Generic Routing Encapsulation), IPSec (Internet Protocol Security), L2F (Layer 2 Forwarding), PPTP (Point-to-Point Tunneling Protocol), L2TP (Layer 2 Tunneling Protocol).
However, tunneling can also be used to customize incompatible protocols, such as LAN interconnection with NetBEUI (NetBIOS Extended User Interface) or IPX (Internetwork Packet Exchange) over the Internet (IP protocol).
In reality, it is possible to implement so-called Split Tunneling, where the client can simultaneously communicate inside the VPN and with the Internet.
The term "encryption" refers to the process of ensuring confidentiality and data integrity. Technically speaking, it means encapsulating data into a secure envelope, i.e. encryption with a secret key.
Authentication within VPNs ensures verification of authenticity. It makes sure that data really come from the source for which it is claimed claim that they are coming.
Shared key-based schemes, such as CHAP (Challenge Handshake Authentication Protocol), RSA (Rivest-Shamir-Adleman) signature, and others are used. Beyond security, these systems also provide data integrity.
Access control allows you to restrict access or intrusion of unauthorized users associated with the verification process of particular user's rights.