VPN (Virtual Private Network)

Definition

• A VPN encrypts data sent across a public network, such as the internet, to ensure secure communication.
• Uses a VPN concentrator for encryption and decryption of data.

VPN Components and Functions

• VPN Concentrator:
  • Built into modern firewalls.
  • Handles encryption and decryption of data.
  • Can be specialized hardware or software on a server.
• VPN Clients:
  • Installed on various operating systems, some have built-in clients.

Types of VPN Connections

Client-to-Site VPN

• Software installed on client workstation (e.g., laptop) to connect securely to a corporate network.
• Can be manually enabled/disabled or set as always-on.
• Encrypts all communication, sending the data to the VPN concentrator for decryption.

Site-to-Site VPN

• Connects two different sites through an encrypted VPN tunnel.
• Often an always-on connection ensuring constant encryption.
• Incorporated within existing firewalls.

Clientless VPN

• No specific VPN client required.
• Runs inside a browser using HTML 5 and web cryptography API.
• Requires an HTML 5 compliant browser for use.

VPN Tunnel Configurations

Full Tunnel

• All traffic from the machine is sent through the VPN tunnel.
• No distinction between corporate or other traffic; everything is encrypted.

Split Tunnel

• Some traffic is sent through the VPN and some (not related to corporate) is sent directly to the internet.
• Allows more efficient routing for non-corporate traffic.

Example Scenarios

• Full Tunnel:
  • Traffic from a remote user's workstation goes to the VPN concentrator, decrypted, and routed internally.
• Split Tunnel:
  • Corporate traffic goes through the VPN to the concentrator.
  • Non-corporate traffic (e.g., visiting an external website) bypasses the VPN, going directly to the internet.

Benefits of Split Tunneling

• Allows secure connection to the corporate network.
• Efficiently handles third-party website communications without unnecessary routing.