12.1. What Is a Virtual Private Network?
Picture a group of computers networked together but not connected to the Internet (or any other outside network). The computers can share information with each other with complete safety because the only people who can access the information that moves across the network are those with physical access to one of those computers. That's a completely private network.
Most private networks do, in fact, connect to the outside world, but they generally do so by way of a firewall (and/or other mediating devices) that keeps most of the data on the network private, with exceptions only for certain crucial and closely controlled types of interaction. For example, a typical corporate firewall lets users on the local network connect to file and mail servers but blocks access to those same servers for people outside the network.
So, what happens if an employee needs to work from home or from a remote location? The remote user requires access to resources on the company's closed, private network but is kept out by the same mechanisms that block outsiders who shouldn't have access. The way around this problem is to set up a special, secure tunnel between the remote user and the private network, making it appear to the network that the remote computer is in fact connected locally. The user must supply credentials to join the network, and the entire connection is encrypted so that regardless of what sort of data passes back and forth through this tunnel ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
