WHAT IS A VPN?
VPN is an acronym for Virtual Private Network. The purpose of a VPN is to provide you with security and privacy as you communicate over the internet.
Here’s the problem with the internet: It’s inherently insecure. When the internet was first designed, the priority was to be able to send packets (chunks of data) as reliably as possible. Networking across the country and the world was relatively new, and nodes often went down. Most of the internet’s core protocols (methods of communicating) were designed to route around failure, rather than secure data.
The applications you’re accustomed to using, whether email, web, messaging, Facebook, etc., are all built on top of that Internet Protocol (IP) core. While some standards have developed, not all internet apps are secure. Many still send their information without any security or privacy protection whatsoever.
This leaves any internet user vulnerable to criminals who might steal your banking or credit card information, governments who might want to eavesdrop on their citizens, and other internet users who might want to spy on you for a whole range of nefarious reasons.
A VPN creates a private tunnel over the open internet. The idea is that everything you send is encapsulated in this private communications channel and encrypted so — even if your packets are intercepted — they can’t be deciphered. VPNs are very powerful and important tools to protect yourself and your data, but they do have limitations.
HOW DOES A VPN WORK?
Let’s start with the basic idea of internet communication. Suppose you’re at your desk and you want to access a website like ZDNet. To do this, your computer initiates a request by sending some packets. If you’re in an office, those packets often travel through switches and routers on your LAN before they are transferred to the public internet through a router.
Once on the public internet, those packets travel through a bunch of computers. A separate request is made to a series of name servers to translate the DNS name ZDNet.com to an IP address. That information is sent back to your browser, which then sends the request, again, through a bunch of computers on the public internet. Eventually, it reaches the ZDNet infrastructure, which also routes those packets, then grabs a web page (which is a bunch of separate elements), and sends all that back to you.
Each internet request usually results in a whole series of communication events between multiple points. The way a VPN works is by encrypting those packets at the originating point, often hiding not only the data but also the information about your originating IP address. The VPN software on your end then sends those packets to the VPN server at some destination point, decrypting that information.
One of the most important issues in understanding the limits of VPNs is understanding where the endpoint of the VPN server resides. We’ll talk about that next.
WHAT ARE THE TWO MAIN TYPES OF VPNS?
Most of us are familiar with the concept of a LAN, a local area network. That’s the private network inside of one physical location — be it a home, a corporate building, or a campus. But many businesses don’t run out of one location. They have branch offices, departments, and divisions that are geographically dispersed.
In many cases, each of these offices also has LANs. But how do the LANs connect? For some very specialized solutions, companies lease private lines to connect the offices. That can be very expensive. Instead, most companies opt to geographically connect separated private LANs over the public internet. To protect their data, they set up VPNs between offices, encrypting the data as it traverses the public internet.
This is corporate or enterprise VPN, and it’s characterized by the same organization controlling both endpoints of the VPN. If your company controls the originating point (say a sales office) and the endpoint (like a VPN server at your corporate HQ), you can be quite well assured (unless there’s a bug) that your data is securely transmitted.
The second type of VPN is a consumer VPN. This is for those of you who compute in hotels or at coffee shops and connect to web applications like social networks, email, banks, or shopping sites. Consumer VPN services help ensure that those communications are protected.
WHAT DOES A CONSUMER VPN SERVICE DO?
A consumer VPN service is, fundamentally, a software-as-a-service (SaaS) offering. The VPN service provides a secure tunnel between your computing device (whether laptop, phone, or tablet) and their service data center.
This is important to understand. Consumer VPN services protect your transmission from your location to their location, not from your location to the destination application you’re using. If you think about it, this makes sense: A consumer VPN service is operated by a completely different company than, for example, Facebook or your bank.
The VPN service gives you an app that you run on your local device, which encrypts your data, and it travels in its encrypted form through a tunnel to the VPN service provider’s infrastructure. At that point, the data is decrypted and sent on its way.
Two things happen here: First, if you’re using an https connection, your data is encrypted by your browser and then by your VPN app. At the VPN data center, your data is decrypted only once, leaving the original encryption provided by the browser intact. That encrypted data then goes on to the destination application, like your bank.
The second thing that happens is that the web application you’re talking to does not get to see your IP address. Instead, it sees an IP address owned by the VPN service. This allows you some level of anonymous networking. This IP spoofing is also used to trick applications into thinking you’re located in a different region or even a different country than you are located in. There are reasons (both illegal and legal) to do this. We’ll discuss that in a bit.