What is a VPN (Virtual Private Network) and How Does It Work?

A virtual private network (VPN) is programming that creates a safe, encrypted connection over a less secure network, such as the public internet. A VPN uses tunneling protocols to encrypt data at the sending end and decrypt it at the receiving end. To provide additional security, the originating and receiving network addresses are also encrypted.

VPNs are used to provide remote corporate employees, gig economy freelance workers and business travelers with access to software applications hosted on proprietary networks. To gain access to a restricted resource through a VPN, the user must be authorized to use the VPN app and provide one or more authentication factors, such as a password, security token or biometric data.

VPN apps are often used by individuals who want to protect data transmissions on their mobile devices or visit web sites that are geographically restricted. Secure access to an isolated network or website through a mobile VPN should not be confused with private browsing, however. Private browsing does not involve encryption; it is simply an optional browser setting that prevents identifiable user data, such as cookies, from being collected and forwarded to a third-party server.


How a VPN works

At its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.

The performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.


VPN protocols

VPN protocols ensure an appropriate level of security to connected systems when the underlying network infrastructure alone cannot provide it. There are several different protocols used to secure and encrypt users and corporate data. They include:

  • IP security (IPsec)
  • Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
  • Point-To-Point Tunneling Protocol (PPTP)
  • Layer 2 Tunneling Protocol (L2TP)
  • OpenVPN


Types of VPNs

Network administrators have several options when it comes to deploying a VPN. They include:


Remote access VPN

Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.


Site-to-site VPN

In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. Here, too, it is possible to have either Layer 3 connectivity (MPLS IP VPN) or Layer 2 (virtual private LAN service) running across the base transport.


Mobile VPN

In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam. An effective mobile VPN provides continuous service to users and can seamlessly switch across access technologies and multiple public and private networks.


Hardware VPN

Hardware VPNs offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. Several vendors, including Irish vendor InvizBox, offer devices that can function as hardware VPNs.


VPN appliance

A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.


Dynamic multipoint virtual private network (DMVPN)

A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. A DMVPN essentially creates a mesh VPN service that runs on VPN routers and firewall concentrators.  Each remote site has a router configured to connect to the company’s headquarters VPN device (hub), providing access to the resources available. When two spokes are required to exchange data between each other — for a VoIP telephone call, for example — the spoke will contact the hub, obtain the necessary information about the other end, and create a dynamic IPsec VPN tunnel directly between them.


VPN Reconnect

VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network  connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. The feature was designed to improve usability for mobile employees.


Security limitations of a virtual private network explained

Any device that accesses an isolated network through a VPN presents a risk of bringing malware to that network environment unless there is a requirement in the VPN connection process to assesses the state of the connecting device. Without an inspection to determine whether the connecting device complies with an organization's security policies, attackers with stolen credentials can access network resources, including switches and routers.

Security experts recommend that network administrators consider adding software-defined perimeter (SDP) components to their VPN infrastructure in order to reduce potential attack surfaces. The addition of SDP programming gives medium and large organizations the ability to use a zero trust model for access to both on-premises and cloud network environments.



This Cocktail Removes Headaches and Hangovers

Creating a unique cocktail for spyware removal, LogiGuard now offers another powerful and easy-to-use tool for protection in the battle for your privacy on the internet, the SpyPry anti-spyware cocktail mix.

Most internet users are now quite familiar with Spyware and the nasty implications from being infected and the potential for some huge headaches that Spyware can cause. Just as its name implies, the user is “spied on.” The “spies” target user shopping patterns, websites visited and even gather information that could lead to identity theft. So what's new? LogiGuard now offers another powerful and easy-to-use tool for protection in the battle for your privacy on the internet (see for details).

LogiGuard is pleased to announce the spyware removal program, SpyPry, as the newest tool to use in the fight against Spyware. Offering tools for internet security is LogiGuard's main objective and market responsibility. LogiGuard's SpyPry is perhaps one of the web's most aggressive tactics for picking up traces of RATs (Remote Access Trojans). RATs are system applications that give a hacker a measure of control over your PC, as if the hacker was at your keyboard. However, not all RATs are malicious. and many other such legitimate sites offer applications which will allow remote access to one's work computer while away from the office.

Spyware removal programs may highlight this item to be removed. Those using SpyPry software will need to be cautious when identifying threats to be removed after scanning results are completed. SpyPry's unique algorithm is extremely powerful. From the registry to the remote regions of the disk, users will appreciate the sensitivity of the SpyPry package.

Cybersecurity experts recommend using SpyPry in combination with a reliable VPN service, for example, this:  This measure will further enhance your protection against malware and spyware.

Additionally, the LogiGuard team promotes the concept of spyware removal cooperation. That is, no single spyware program can possibly remove all Spyware (avoid any product marketed as such). Since Spyware is continually customized and engineered quite differently than any other Malware, Spyware often passes virus scanners as harmless or even welcomed guests mistaken for search tools, cute icons, cool screensavers and a myriad of other fun but potentially damaging applications. So it is up to those in the security industry, the users, and the technical reviewers to contribute to the database of known spyware applications to create a larger directory and more anti-spyware tools than the spyware designers themselves. Indeed, it is a vicious internet battle for your safety and your privacy.

A good mix of anti-spyware programs should be grouped together and applied at alternate times, indeed creating a unique cocktail for spyware removal. For a powerful mix of software to assist you with your spyware removal needs, may LogiGuard suggests the following: 1/3 part Microsoft Beta AntiSpy (formerly Giant Antispy), 1/3 part SpyBot and of course a healthy splash of SpyPry. Shaken, not stirred... to be sure. And the best part, as these are all freeware programs, this drink is on the house (though tips and donations are always appreciated).