A VPN enables encrypted, targeted transmission of data over public networks such as the Internet. It establishes secure and self-contained networks with different end devices. Frequent application may be the connection of home offices or cellular employees.
Within a VPN, different users of an IP network are connected to a self-protected subnet. To safeguard the data transmitted in the Virtual Private Network over the public Internet from unauthorized gain access to, the connections are encrypted. Between your individual participants arise tunnel connections that aren’t visible from the exterior.
The network framework of VPNs may differ and contain simple point-to-point connections, point-to-multipoint connections, or completely meshed subscribers. Virtual private networks can be used as a cost-effective alternative to physical, dedicated systems. They use the open public Internet as the connection medium and make leased range leasing unnecessary.
To ensure the confidentiality, integrity and authenticity of the data transmitted via the Virtual Private Network, encryption and tunneling techniques are used. The connections of the different individuals within the VPN are, despite the open public Internet as a transport medium tap-evidence and tamper-proof.
There are different methods and approaches for encryption. As a kind of standard for Virtual Personal Networks, Internet Protocol Protection (IPsec) with Encapsulating Security Payload (ESP) has become established. Most of today’s VPNs derive from this encryption technique. IPsec clients for the terminals are available for many different operating systems such as for example Microsoft Windows, Apple macOS or Linux.
The remote control peer of the que es un vpn are central VPN gateways, such as for example routers or firewalls, where IPsec is also applied. To authenticate the participants, consumer IDs, passwords, keys and certificates are utilized. Especially secure systems utilize the so-called multi-element authentication and use other features such as hardware tokens or intelligent cards for authentication.
The connection between the central gateway and the subscriber is certainly one or more tunnels. The bond is based on the general public IP addresses of both endpoints, but contains another encrypted IP connection with its own IP addressing. This second IP connection is definitely protected rather than visible from the exterior. Just the endpoints of the tunnel can decrypt and interpret the data transmitted in the tunnel. The public Internet provides only the essential connectivity and transport program for the tunnel connection
Central parts in a Virtual Private Network
The boundaries of the VPN tunnel connection are called VPN endpoints. Centrally, the VPN endpoint is the gateway accountable for keeping the authenticity, confidentiality, and integrity of the bond. On your client part, the VPN endpoint is generally the software client installed on the machine, by which all conversation in the VPN must take place. There are different solution principles for the central gateways. These can be hardware-based VPN routers, VPN gateways and firewalls, or software-structured VPN servers. Many firewalls and routers utilized today include suitable VPN functions for the realization of digital private networks.
The web-centered SSL VPN
A special kind of VPN that differs significantly from IPsec-based digital private networks may be the web-based SSL VPN. An SSL VPN enables subscribers to access central applications or data without direct connection to the internal network. Only if usage of individual services can be done, in the narrower sense it is not a full-fledged Virtual Private Network. SSL VPNs could be distinguished between fat client, thin customer and clientless implementations.
The fat customer is used to establish a VPN connection in the traditional sense. The slim client uses a proxy system of a plug-in and connects to remote control network services. For example, these plug-ins can be found as extensions for web browsers. Without special software program extension and the necessity for a separate set up clientless SSL solutions result from. They allow usage of web applications of a corporate server directly via a standard browser. For this, the net server signifies the interface to the inner applications.
SSL VPNs have as a common factor that they utilize the protected SSL or TLS protocol to transfer the data. SSL VPNs with a fats client are an alternative solution if IPsec tunnels can not be established because of network restrictions. As with a conventional Virtual Private Network, your client software program of the extra fat client should be set up. It forms the client-aspect VPN adapter and allows all traffic between your VPN endpoints to end up being transmitted within an encrypted SSL connection.