Page 890 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 890
Virtual Private Network
A virtual private network (VPN) is a communication tunnel that
provides point-to-point transmission of both authentication and data
traffic over an intermediary untrusted network. Most VPNs use
encryption to protect the encapsulated traffic, but encryption is not
necessary for the connection to be considered a VPN.
VPNs are most commonly associated with establishing secure
communication paths through the internet between two distant
networks. However, they can exist anywhere, including within private
networks or between end-user systems connected to an ISP. The VPN
can link two networks or two individual systems. They can link clients,
servers, routers, firewalls, and switches. VPNs are also helpful in
providing security for legacy applications that rely on risky or
vulnerable communication protocols or methodologies, especially
when communication is across a network.
VPNs can provide confidentiality and integrity over insecure or
untrusted intermediary networks. They do not provide or guarantee
availability. VPNs also are in relatively widespread use to get around
location requirements for services like Netflix and Hulu and thus
provide a (at times questionable) level of anonymity.
Tunneling
Before you can truly understand VPNs, you must first understand
tunneling. Tunneling is the network communications process that
protects the contents of protocol packets by encapsulating them in
packets of another protocol. The encapsulation is what creates the
logical illusion of a communications tunnel over the untrusted
intermediary network. This virtual path exists between the
encapsulation and the de-encapsulation entities located at the ends of
the communication.
In fact, sending a snail mail letter to your grandmother involves the
use of a tunneling system. You create the personal letter (the primary
content protocol packet) and place it in an envelope (the tunneling
