How Does VPN Security Work?

vpn security vortex

Last Updated: Mar 16, 2017 @ 10:31 am

Whether you’re thinking about using a VPN service or you already do, you’re probably wondering just how it all works. It can seem a complicated business, described in unfamiliar terms like “tunneling” and “encapsulation.”

You already know a VPN secures traffic between your device and the VPN servers, so hackers and spies can’t see your data while it’s in transmission (or your IP address). But how exactly does it do that?

Let’s take a look at the fundamentals, starting with what a VPN, or ‘virtual private network,’ is.

VPNs are private networks inside the internet

It’s there in the name: a VPN is a private network. There are many such networks, like ExpressVPN. As with any private network, the information you send and receive on a VPN is walled off from other computers and the internet.

It’s a bit like your home or business network – the one you use to share files between devices across your router. Nobody outside the network can see that data if your network is properly secured (for example, with WPA2 encryption). That’s why a VPN gives you security.

The key difference is in the “virtual” part of VPN. Your home or business network is secure because it’s physically separate from the internet. (You could unplug the Internet connection and still share local files on it, if you wanted.) A VPN, on the other hand, is accessed through the Internet.

Your data and identity, therefore, have to be secured in other ways.

How to connect to a VPN

How can you connect to a private network over the notoriously public internet? To use a VPN, both the network server (at the VPN provider’s side) and the client (your computer) need dedicated software.

On the provider’s side is a remote access server (RAS). It’s this RAS that your computer connects to when using a VPN. The RAS requires your computer to provide valid credentials, which it authenticates using any one of a number of authentication methods. That’s the VPN’s first layer of security – but it certainly isn’t the last.

On the client side, your computer uses client software to establish and maintain your connection to the VPN. The client software sets up a tunneled connection to the RAS, as well as managing the encryption that secures your connection. Let’s have a closer look at what these are.

Tunneled connections

Tunneling is a process by which data is sent privately over the internet, via a VPN.

To understand tunneling, we have to remember that all data transmitted over the internet is split into small pieces called “packets.” Every packet also carries additional information, including the protocol (such as HTTP, Telnet, Bittorrent and so on) it’s being used for and the sender’s IP address.

On a VPN’s tunneled connection, every data packet is placed inside another data packet before it is sent over the internet. The process is called encapsulation.

It’s easy to imagine how useful encapsulation and tunneling are in securing your data. The outer packet provides a layer of security that keeps the contents safe from public view.

Encrypting the packets

It’s not enough just to tunnel data sent over a VPN. The next layer of security is encryption, where data is encoded so that packets can only be read by your VPN client and server, which are securely connected together.

VPNs can use a number of security protocols to encrypt data. The most common are IPSec (Internet Protocol Security) and OpenVPN. They work by:

  1. Encrypting each encapsulated data packet’s contents with an encryption key. The key is shared only between the VPN’s server and clients.
  2. Using a sub-protocol called Encapsulation Header to hide certain packet information, including the sender’s identity, during transmission.

These two key features, along with others, keep your data and identity private online.

That’s just the beginning

Tunnelling, encryption, and authenticated connections: these are the three fundamental features that make VPN security work.

ExpressVPN takes every measure to secure your internet connection and keep out prying eyes. For more information, take a tour of ExpressVPN.

 

Click here to go back to ExpressVPN’s internet privacy guides

5 thoughts on “How Does VPN Security Work?

  1. I have recently got the National Broadband Network here in Australia (NBN). My home network consists of 2 PC’s and 2 Laptops and an Apple tablet operating through one Internet Provider. Does a VPN require access to one specific PC/Laptop/tablet or is the network covered as a whole network working through one device?
    Cheers, John C, Crib Point, Victoria, AUSTRALIA

    1. You can install the VPN on your router (which counts as one device) to protect your entire network. Alternatively you can install it separately on each device.
      Lexie

  2. Do I need VPN for my home computer with a 256 inscription router? Does your product only cover one computer or al my devices; desktop, laptop, android, iPhone 5, kindle?

    1. You can connect up to three devices at the same time. One of these devices can be your router, which means you can secure an unlimited number of devices by simply connecting through this router. This protects everyone and everything in your home from your Internet Service Provider.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>