What is VPN?

A VPN, or a Virtual Private Network, is essentially an extension of a private network across the public space of the Internet between two endpoints. These two endpoints are two machines on the network which treat the connection private between the two as if it's a direct-wired connection. Through this means, the two effectively ensure that they are speaking through a secure connection to each other to transfer data between them privately.

Benefits of a VPN

Through the aforementioned process, this effectively creates a tunnel between two machines that can send information securely between them across the Internet. Typically, this is only accomplishable with physical-wire connections between machines; otherwise known as an internal network or intranet. However, a VPN allows this same level of security across the Internet which would make it possible even for two offices in different geographical locations to communicate between each other as if it is one.

Another important benefit provided is the integrity of the data sent across the connection. Because it creates a secure tunnel between two endpoints, the data transferred is secured and can't be tampered with or read by unwanted parties through a process called "packet sniffing". This means that nefarious hackers on the internet would have a more difficult time trying to gather a person's sensitive information or sending viruses to the party on either end of the tunnel.

Spoofing of IP addresses and your machine's geographical location is another benefit of VPNs as well which a lot of people take advantage of. Because the secure tunnel actually hides a machine's local IP address, it is very possible for one to present an IP address from a different location where the VPN server is located. This process can also be repeated for the location of a machine, and it is commonly used by people who wish to utilize some service or application which is region-locked or they want to remain anonymous while using the VPN service or application.

How does a VPN Work?

Before this secure tunnel can be created between two endpoints on the Internet, the two must first go through the process of authentication. Typically, the machine which initiates the request to establish a VPN tunnel with another machine requires a password or some 2FA (Two Factor Authentication) Method to be used from the other machine's so that they can establish the connection. This is the usual case in the scenario of two machines communicating; however, in scenario of two networks communicating (such as having the intranets of two offices across two different geographical locations connect to each other over a VPN), this process of authentication is achieved through digital certificates.

After successful authentication, the VPN is formed by using a suitable protocol for security and encryption of that connection and all data passed through it. SSL/TLS or, Secure Sockets Layer/Transport Layer Security, is possibly one of the most commonly used protocols for this and uses cryptography to ensure that some combination of requirements are met by the connection for it to be considered secured:

• Both communicating parties can prove their identity by cryptographic keys.
• Data is encrypted by symmetric cryptography; meaning, the encrypted data of the same message will be different across multiple connections as the connection itself is different/unique.
• Each message of data sent between the parties performs a message integrity check to ensure the data was not lost or tampered.

While there are other protocols being used, such as SSH (or Secure Shell), it should be noted that for the sake of security, each of these protocols adds some level of complexity in the means of authentication before establishing the connection; and then their own process of data encryption and integrity checks to ensure the connection itself is secure. Because of this, VPNs and secured connections typically incur some overhead and can see slower performance or connection speeds when being used as opposed to simply not using them over the Internet.