What Is a VPN? | VPN Explained

7 min. read

A virtual private network, or VPN, is an encrypted connection that secures data transmission between devices over the Internet.

This encrypted connection safeguards sensitive information from potential threats and unauthorized access. In enterprise environments, VPNs facilitate secure connectivity to corporate resources, ensuring data integrity and confidentiality.

What Does a VPN Do?

VPN function shown by routing encrypted data from a device through a VPN client and server to the internet, compared to a direct connection.

A VPN forms a secure connection called a tunnel. Data from a device using a VPN is encrypted and sent through this tunnel. When a device uses a VPN, it appears to be part of the VPN's local network. The virtual private network transmits and receives data for the device via its secure link. This ensures a safe connection for remote internet users to a business network.

Using a VPN means data moves online via a safe tunneling protocol. This data is encrypted to prevent unauthorized access. Common encryption protocols include Transport Layer Security (TLS) and Internet Protocol Security (IPsec). Encryption changes data into a code that requires a specific key to decode. The protocol packages data with recipient details. A program then verifies the user, allows entry, and records actions during the connection.

Further reading: How Does a VPN Work?

What Does a VPN Hide?

An IP hidden by a VPN server when connecting to an internet server and website's IP address.

A virtual private network hides a device's original IP address by rerouting its traffic through a different server. This makes the device appear as if it is coming from the VPN's server location, not its actual location. In doing so, the actual connection source remains concealed, preventing adversaries from pinpointing the original device's location.

A virtual private network also encrypts the data being sent and received. This encryption ensures that even if someone intercepts the data, they cannot easily decipher its contents.

A VPN conceals both the origin of the connection and the data being transmitted, offering a two-fold layer of privacy and security.

What Are VPNs Used For?

VPN use cases including secure remote access and secure site-to-site connectivity.

Enterprise VPNs have two primary use cases: secure remote access and secure site-to-site connectivity. While consumers primarily use them for privacy or bypassing geo-restrictions, businesses have a broader spectrum of requirements. In the corporate domain, the utility of virtual private networks extends to the protection of sensitive data, compliance with internal policies, and assurance of consistent remote access to critical applications.

Secure Remote Access

Remote access VPNs allow employees to access corporate networks from mobile devices, home offices and other remote locations. Remote access VPNs provide a safe way for remote users to access internal business applications and resources from any location. This ensures employees and stakeholders can access necessary resources without compromising security.

Secure Site-to-Site Connectivity

Site-to-site VPNs are used to create secure tunnels between sites, or computer networks, rather than a specific user location or device. Site-to-site VPNs perform encryption/decryption of traffic in transit, ensuring all inbound/outbound traffic from either site is secure. Site-to-site VPNs are used to securely connect corporate headquarters, branch offices, data centers, and/or private, public, or hybrid clouds.

Further reading: What Is a Business VPN?

How Secure Are VPNs?

Virtual private networks are important and useful connectivity tools but do not provide complete protection on their own. Common corporate connection types like remote access and site-to-site are not infallible without the added support of other security tools.

The growing remote workforce population and cloud adoption require a more comprehensive network security approach. Organizations should look for network security platforms that combine virtual private network capabilities with other cybersecurity tools when protecting devices or data operating beyond the corporate perimeter.

Further reading: VPN Security: Are VPNs Safe and Secure?

Why Do You Need a VPN?

VPN connections are essential business tools for enabling remote work. They extend an organization's network and provide the ability for remote employees to securely access company data and resources. This is done by encrypting traffic and tunneling that traffic from one location to another.

Facilitating remote access is not only about secure connectivity but maintaining productivity. Having the right security measures in place to protect the network and support uninterrupted business operations is crucial.

A virtual private network helps ensure that the remote workforce remains connected safely to the apps and services they need to perform their duties and stay productive while outside corporate offices.

VPN Features

VPN features: authentication & access control, host info profile, troubleshooting & visibility, cloud-based gateways, flexible architecture

Secure remote access, Zero Trust implementation, and support for BYOD are critical foundational features organizations should look for in their solution or platform of choice.

Other worthwhile features that add value to virtual private network solutions include:

Authentication and Access Control

Authentication is a critical aspect of any virtual private network. Supporting a variety of authentication methods, such as Kerberos, RADIUS, LDAP, and SAML 2.0, ensures that user identities are verified before granting access. After authentication, the user-to-IP-address mapping is maintained. Strong multifactor authentication options can add an extra layer of security, with cookie-based authentication available for repeated accesses.

Limited Host/Endpoint Information

A host information profile can provide an inventory of endpoint configurations. This data is then used to enforce application policies based on the device's security status. With this feature, VPNs can consider various attributes of a device, such as its type, software versions, encryption configuration, and backup status, to ensure it meets the required security standards.

Limited Troubleshooting and Visibility

For IT teams, detailed logging is invaluable for troubleshooting user connection issues. A feature offering visibility into VPN usage and connection workflows allows for quick identification and resolution of potential problems, ensuring minimal disruption to user experience.

Limited Flexibility

VPN solutions should be relatively adaptable. Some offer options for always-on secure connections but can also support exceptions for latency-sensitive traffic by application, domain names, or routes.

Cloud-Based Gateways

VPNs with cloud-based gateways support dynamic allocation and auto-scaling based on load and demand. This ensures that the virtual private network can handle varying traffic loads, adapting seamlessly to the needs of the business.

Benefits of VPN

VPN benefits, including global connectivity and point-to-point remote access, productivity, security for data in transit, longstanding/durable tech.

Global Connectivity and Point-to-Point Remote Access

VPNs empower businesses with a global reach, ensuring teams can access resources and collaborate seamlessly across different regions. By eliminating geographical barriers, virtual private networks provide a cohesive platform that upholds business continuity.

Enhanced Productivity

Offering the flexibility to work from varied environments, VPNs are pivotal in fostering a culture of productivity. Employees can securely access essential resources without being confined to the office.

Security for Data in Transit

A VPN encrypts data traffic, ensuring that confidential business information remains secure when transmitted across networks. This is especially crucial for employees accessing company resources remotely, as it prevents potential eavesdropping or data interception by malicious actors.

Longstanding, Durable Technology

The longevity and reliability of VPN technology stem from its proven track record over more than two decades. Its widespread adoption is a testament to its effectiveness, offering organizations a familiar, trusted solution for secure connectivity. It’s important to note, however, that legacy VPNs can be prone to exploits.

Further reading: What Are the Benefits of a VPN (Virtual Private Network)?

Types of VPN

Site to Site VPN

Site-to-site VPN connecting a main office with three branch offices securely via the internet.

A site-to-site VPN connects two or more distinct networks securely over the internet. This connection allows separate networks, such as a main office and a branch office, to share data.

Remote Access VPN

A remote location laptop connecting to a main office via a remote access VPN through the internet and network access server.

A remote access virtual private network (sometimes referred to as a client-to-site VPN) enables users who are working remotely to securely access and use applications and data that reside in the corporate data center and headquarters. It encrypts all traffic users send and receive.

Cloud VPN

Remote user accessing internal networks using VPNaaS via a VPN tunnel through a private cloud setup.

Cloud VPN, aka hosted VPN or VPN as a service (VPNaaS), is specifically designed for the cloud. A cloud VPN enables users to securely access a company’s applications, data, and files in the cloud through a website or via a desktop or mobile application.

SSL VPN

SSL VPN with a remote user connected through an SSL/TLS tunnel, passing a firewall to an SSL VPN gateway, linking to servers.

An SSL VPN is a virtual private network that uses the Secure Sockets Layer (SSL) protocol or its successor, the Transport Layer Security (TLS) protocol, to ensure secure remote access through a web browser. As browsers or operating systems update, the protocol versions are updated correspondingly. This type of virtual private network allows devices to connect to an organization's network resources without requiring specialized software.

Two primary types of SSL VPN exist:

1. SSL Portal VPN

This VPN type permits a user to initiate a single SSL connection to a specific website.

2. SSL Tunnel VPN

Unlike the portal variant, the SSL Tunnel VPN offers a secure pathway for a browser to access multiple, not strictly web-based, network services.

Double VPN

Double VPN setup with data traveling encrypted through multiple VPN servers before reaching the internet.

A Double VPN employs two VPN servers to process internet traffic, ensuring data is subjected to two layers of encryption. This method, commonly referred to as VPN chaining or multihop VPN, provides advanced protection against potential security threats and unauthorized interception. While this dual encryption boosts security, it can also introduce latency, particularly if the servers are geographically distant.

Further reading: What Are the Different Types of VPN?

VPN Protocols

Internet Protocol Security (IPsec)

IPsec protocol demonstrated by two routers connected by an IPsec tunnel through the internet, with computers linked to each router.

Internet Protocol Security (IPsec) is a suite of protocols designed to ensure secure connections over networks by encrypting and authenticating IP packets.

The suite defines key protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP), which both encrypt and validate data. Integral to IPsec's functionality is the Internet Key Exchange (IKE), responsible for generating shared security keys.

Secure Socket Tunneling Protocol (SSTP)

SSTP protocol represented by a VPN client connecting to an SSTP server via SSL/TLS handshake and HTTP request over port 443.

Secure Socket Tunneling Protocol (SSTP) is a protocol developed by Microsoft to establish secure virtual private network connections. Primarily engineered to provide enhanced security over its predecessors, PPTP and L2TP/IPSec, SSTP offers encryption and authentication mechanisms grounded in SSL/TLS certificates.

WireGuard

WireGuard protocol showing various devices connected through a secure VPN tunnel to a WireGuard server and then to a website IP.

WireGuard is an open-source VPN protocol known for its advanced cryptography, speed, and simplicity. The WireGuard VPN protocol utilizes the User Datagram Protocol (UDP) transport layer, enabling fast interaction between servers and clients.

OpenVPN

OpenVPN process showing data flow between Host A, virtual and real interfaces, network, and Host B.

An open-source protocol, OpenVPN is known for creating secure point-to-point or site-to-site connections. It utilizes techniques that accommodate both routed and bridged configurations while also offering remote access facilities.

SoftEther

SoftEther VPN protocol shown by secure VPN sessions, a VPN bridge, server, authentications, and defense against attackers.

SoftEther VPN is a system that facilitates the exchange of virtual Ethernet frames and communication between VPN Client, VPN Server, and VPN Bridge. Utilizing the TCP/IP protocol, the SoftEther VPN protocol is responsible for encapsulating, encrypting, and sending virtual Ethernet frames over an actual IP network.

Point-to-Point Tunneling Protocol (PPTP)

PPTP depicted by a client connecting to a PPTP server via a Network Access Server and internet, with PPP and TCP/IP connections.

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks, although it is now considered outdated due to well-documented security concerns. Originating as early as the Windows 95 era, PPTP operates on TCP port 1723 and was a product of Microsoft's initiative to encapsulate the Point-to-Point Protocol (PPP).

Layer 2 Tunneling Protocol (L2TP)

L2TP shown by a remote user modem connecting through PPP to NAS/LAC, then via L2TP through the internet to an LNS.

Layer 2 Tunneling Protocol (L2TP) is a protocol developed to support virtual private networks (VPNs) by enabling the tunneling of data across public networks. Despite its foundational role in early VPN solutions, L2TP, when used alone, is now considered outdated due to advancements in newer, more secure protocols.

Further reading: What Are the Different Types of VPN Protocols?

VPN Alternatives for Secure Remote Access

VPN alternatives including ZTNA, SASE, SD-WAN, IAM, SDP, PAM, UEM, and DaaS.

VPN alternatives for secure remote access (also known as VPN replacements), are methods other than conventional virtual private networks (VPNs) used to ensure secure connections between remote users and corporate networks.

VPN replacements address the limitations of VPNs in the context of evolving remote work demands. VPN alternatives for remote access include Zero Trust network access (ZTNA), secure access service edge (SASE), software-defined wide area network (SD-WAN), identity and access Management (IAM), software-defined perimeter (SDP), privileged access management (PAM), unified endpoint management (UEM), and desktop as a service (DaaS).

Further reading:

How to Set Up a VPN

VPN setup steps including align components, prepare network, install client, seek config help, access VPN, select protocol, address issues.

Setting up a virtual private network involves multiple steps and can vary significantly based on the specific solution and platform. While the steps provided offer a general overview of the setup process, they may not apply universally to every service or platform. It is essential to consult specific guidance from the chosen provider to ensure a successful and efficient setup tailored to the particular environment in use.

1. Align essential VPN components.

Secure the necessary VPN tools: a VPN client, server, and router. A VPN client connects users to servers, facilitating remote access to enterprise networks. Many modern routers have integrated VPN clients.

2. Prepare the network.

Ensure the network system is optimized for VPN integration. Remove redundant client software, as multiple clients can interfere. Minimizing unused devices can further streamline the network.

3. Initiate client installation.

Install the client software provided by the chosen VPN service. Prioritize the immediate needs.

4. Seek configuration guidance.

If the VPN service lacks device-specific software, consult the vendor for setup manuals.

5. Access the VPN.

After client installation, input the necessary login details. Upon login, the VPN typically connects to the nearest available server.

6. Select the VPN protocol.

VPN protocols dictate data transfer methods between the user device and the VPN server. Choose based on the balance between internet speed and security requirements.

7. Address potential issues.

If connection issues arise:

  • Restart the client or the device.
  • Ensure no other VPN software is active.
  • Check and, if necessary, update software drivers.
  • Verify login details.
  • Experiment with different servers or protocols.
  • Confirm no other software disrupts the connection.

8. Optimize the connection.

Customize VPN settings to align with business operations. Determine auto-start behavior based on usage frequency. Set commonly used servers as defaults to expedite future connections.

Further reading: How to Set Up a Virtual Private Network (VPN)

How to Choose a VPN

For businesses, the selection process goes beyond simply choosing a standalone VPN solution. A virtual private network is one key element of a comprehensive security platform. By viewing a VPN as an integral component of a larger security strategy, enterprises can more effectively safeguard digital assets and communications.

The ideal virtual private network capability should seamlessly integrate with the current IT environment. Whether it is firewalls, multifactor authentication tools, or network monitoring systems, compatibility is crucial. The solution should also be scalable without compromising performance or security. Centralized management is an additional worthwhile consideration factor as many organizations today have multiple branches and remote workers.

Comparing VPNs with Other Security Technologies

VPN vs. SD-WAN

Diagram comparing SD-WAN and VPN connections. SD-WAN controller connects to branch offices and HQ via various connections like DSL, fiber, LTE. VPN connects Point A to Point B over the internet.

SD-WAN manages WANs using software-defined approaches for optimized traffic routing, while VPN establishes a secure tunnel between two points for data privacy.

SD-WAN provides centralized control, flexibility, and improved performance across geographies, adapting to traffic types and conditions. In contrast, virtual private networks encrypt internet connections to maintain data confidentiality, often relying on a single link for data transmission.

Further reading: SD-WAN vs. VPN: How Do They Compare?

VPN vs. VPS vs. VPC

Chart comparing VPN, VPC, and VPS. VPN secures data exchange, VPC is a private cloud, VPS is a virtual server.

A virtual private network establishes a secure connection that encrypts internet traffic. Its primary role is to ensure online activities occur securely and privately.

A VPS represents a virtual server within a physical machine. This technology hosts websites and applications. Despite sharing computing resources with other users, it provides superuser-level access to the server.

A VPC, on the other hand, is a virtual network environment hosted within a public cloud provider's infrastructure. It offers an elastic cloud service suitable for hosting websites and applications. With its flexible nature, a VPC's resources can be scaled promptly based on demand, and its services can be toggled on or off as needed.

Further reading: VPC vs. VPN vs. VPS: What Are the Differences?

History of VPN

In 1996, Microsoft introduced the Peer-to-Peer Tunneling Protocol (PPTP), marking the inception of modern VPN technology. This protocol established a more secure connection between a user device and the internet, elevating data protection standards. By 1999, the PPTP specification became public.

During the early 2000s, adoption was predominantly limited to businesses. Organizations utilized VPNs to access their private networks, enabling employees to retrieve company data remotely as if they were on-site. This technological advancement allowed for secure file sharing across various locations.

As the internet landscape evolved, more robust encryption standards emerged, and advanced tunneling protocols were developed. These advancements addressed the growing concerns of online threats and privacy breaches.

Several pivotal moments, such as prominent privacy scandals and regulatory changes, influenced public awareness about online privacy. By 2017, revelations that internet service providers (ISPs) in the United States could monetize users' browsing histories brought more awareness to virtual private network technology. Subsequent legislative efforts aimed at reinstating net neutrality, though hindered at the federal level, led to individual states implementing their own versions of net neutrality regulations. Consequently, virtual private network adoption transitioned from being primarily a business tool to a consumer product for individual users.

Today, legacy virtual private networks often fall short in protecting hybrid workforces. Cloud-first businesses need to provide direct-to-app connectivity while reducing the attack surface without impacting performance or the user experience. Simpler, more unified security products that encompass comprehensive security functions are key.

Further reading: What Is the History of VPN?

VPN FAQs

VPN stands for virtual private network, which allows users to create a secure connection to another network over the internet.
The definition of “VPN” is: a technology that establishes a secure connection over a public network, such as the internet, allowing enterprises to access their private networks remotely.
VPN protection refers to the enhanced security and privacy features provided by a Virtual Private Network.
VPN security refers to the suite of protocols, encryption standards, and practices that ensure operation is secure.
Virtual private networks are valuable security tools that encrypt data and mask users' IP addresses, enhancing online privacy and safety. However, while they contribute significantly to a layered security approach, they do not offer complete protection on their own. it is essential to complement usage with other security measures for comprehensive defense.
"VPN access" refers to the ability to connect securely to a remote network or system using a virtual private network.

In business, a VPN’s purpose is to establish a secure, encrypted connection, allowing companies to protect data and enable remote access.

There are also consumer-facing services, usually consisting of a VPN app designed to hide your IP address. Subscription-based or free VPNs are often used to access geo-restricted content on streaming services or for security on public internet networks.

Virtual private networks (VPN) are useful for secure remote access, advanced threat protection, url filtering, BYOD policies, and Zero Trust implementation.
Yes, virtual private networks are necessary to safeguard sensitive data, provide secure remote access to internal resources, enhance online privacy, and ensure consistent access to global content, especially in environments where data security and privacy are paramount.
VPNs are critically important to ensuring company data security.
A business VPN establishes a secure, encrypted connection between a company's network and remote users. It allows employees to access internal resources safely from anywhere, masking their IP address and protecting data transfers from eavesdropping. The server verifies user credentials, ensuring only authorized personnel can connect, thus maintaining the organization's cybersecurity and data integrity.
A VPN connection works by establishing an encrypted tunnel between a user's device and a virtual private network server. Data sent through this tunnel is encrypted, ensuring privacy and security. The user's IP address is masked, appearing as the server's address, which safeguards the user's identity and location.
No, not all VPNs work the same. While the core principle of encrypting data and masking IP addresses is consistent, virtual private networks can differ in terms of protocols used, encryption standards, server locations, and features offered.
For businesses, the type of virtual private network to use depends on specific needs. To connect remote employees to company resources, a remote access solution is ideal. For linking multiple office locations, a site-to-site solution is recommended. Businesses should prioritize solutions that offer robust encryption, reliable performance, and compatibility with their existing infrastructure and evaluate additional features based on organizational requirements.
The most popular types of virtual private networks for businesses are site-to-site and remote access. Site-to-site VPNs connect entire networks to each other, commonly used to link branch offices to a central office. Remote access VPNs allow individual users to connect to a business network from remote locations. The choice depends on business needs, such as remote worker support or inter-office connectivity.