Currently the public Internet, designed to provide access to Internet resources and services, provides very little security against man-in-the-middle attacks. Also lacking is substantial privacy for the exchange of sensitive information, and protection against malicious encounters. The open design of the Internet allows for a wide range of communication, but that open design also thwarts attempts to provide reliable security.
One means of secure communications through the Internet is through the use of a virtual private network (VPN). This private network interconnects remote networks through public communication infrastructures such as the Internet. VPNs provide security through tunneling protocols and security procedures using encryption. Conventional uses of VPNs include securely connecting the branch offices of a bank to a head office network over the Internet. A VPN can also be used to interconnect two similar-type networks over a dissimilar middle network for example, thus alleviating interconnectivity issues.
In general there are two major types of VPNs: remote-access VPNs and Site-to-site VPNs. Remote-access VPNs let individual users connect to a remote network. Site-to-site VPNs allow inter-connection of networks of multiple users. VPNs reduce costs by eliminating the need for dedicated leased lines between networks, because they use existing, lower cost, infrastructure to connect networks while, at the same time, adding a layer of security.
VPNs conventionally require remote users to be authenticated and make use of encryption techniques to prevent disclosure of private information to unauthorized parties. VPN users are able to access functionalities across networks, such as remote access to resources like files, printers, databases or internal websites in a secure manner.
Once connected, a VPN creates a so-called tunnel through the Internet. Tunnel endpoints generally authenticate before secure VPN tunnels can be established to ensure a proper tunnel exists. VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods to secure the tunnel. Network-to-network tunnels may also use digital certificates to allow the tunnel to establish automatically and without intervention from the user.