Executive's Basic Guide to Intranets

The Executive's Basic Guide to Intranets (Sidebar)

How Virtual Private Networks Work

VPN technology allows two companies with intranets to establish a "virtual" link between them across the Internet, that is as secure as the link that would be set up via a private connection. VPNs use a combination of routing technology, encryption technology, and a method called "tunneling."

When information is sent from one intranet to another, all packets pass through a special VPN server. The server examines each packet to see which, if any, are headed to another VPN intranet and which are headed to an unsecured site on the Internet. It does this by examining the header information and checking the destination address against a database of acceptable VPN addresses. If a packet matches a VPN address, the software uses a powerful encryption scheme to encrypt the entire TCP/IP packet --the header as well as the data.

Once the IP packet is encrypted it is placed inside a new IP wrapper and then sent out on to the Internet where it is routed to its destination just like every other IP packet. To the Internet it looks like a normal TCP/IP packet --the difference is that the data inside the IP packet is encrypted and cannot be "sniffed" (i.e. read by an intruder). This procedure is what is meant by "tunneling."

On the receiving intranet, the VPN software eliminates the outside wrapper and decrypts the information inside it. The data then continues its journey across the intranet to its final destination via intranet routers that use the information in the original header (i.e. before it was encrypted) to deliver it.

Whether used to create a "virtual" intranet or as an extranet, VPNs are a low-cost alternative to private leased lines for creating a secure communications channel across the public Internet.