If you want to surf the internet safely, shop, and use online banking, you should definitely get a VPN. You will appreciate its benefits when traveling abroad or when watching some foreign streaming channels that are not available in your country. And if you occasionally surf the internet at a café, use public hotspots, or sometimes connect to airport or hotel Wi-Fi networks, the data protection and anonymity that a VPN can guarantee are definitely better.
Until recently, computer network security was taken rather lightly, but that is no longer the case. Quality protection against viruses and attempts to obtain private data has become a norm. For this purpose, various types of VPNs are often used as a reliable and effective means. This is because virtual private networks serve as an excellent mechanism that allows individuals to ensure anonymity, protect data, and for organizations, it offers the possibility to build truly "private" networks using shared infrastructure, such as the public Internet. At the same time, the same level of flexibility and security is achieved as in the case of using one's own infrastructure.
The basic principle of VPN is tunneling (sending encrypted data through a created tunnel) over shared infrastructure between individual tunnel ends. A tunnel is a term for a virtual connection between two points over shared infrastructure. VPN networks are most commonly applied in two basic models - in virtual network interconnection and in connecting remote users. Generally speaking, it is also possible to create more complex tunnel topologies between multiple locations if necessary.
We often encounter the tunnel mode, which involves establishing a tunnel between routers (so-called IPsec gateways) connecting LANs considered secure to an insecure freely shared infrastructure. IPsec gateways thus tunnel and detunnel packets from end devices, which may not even need to know about the existence of IPsec. Precisely because entire packets from end devices, including headers, are tunneled, it is not possible to trace which specific stations are communicating.
The basic disadvantage of IPsec-type VPN is that it can be used only for the IP protocol and does not support other types of protocols or multicast traffic. However, under certain conditions, this problem can be circumvented by simply wrapping the traffic of other protocols or multicast traffic (IP multicast is a method of forwarding IP datagrams from one source to a group of multiple end stations) into the IP protocol before handing it over to IPsec. Another disadvantage is that the IPsec traffic must not be limited by the operator of the shared infrastructure.
The names are derived from the English acronyms SLS (Secure Sockets Layer) and TLS (Transport Layer Security), where these two protocols work together as one and complement each other in a suitable way. This enhances the quality of security, and together both protocols create a reliable VPN connection. Simply put, the entire system can be described as a VPN connection in which the web browser serves as a client and user access is limited only to specific applications, not the entire network.
This protocol is most commonly encountered in electronic stores and service providers. This is because SSL/TSL provides very well-secured sessions from a computer to an application server. They take advantage of the fact that web browsers are already integrated with SSL and TSL. Therefore, if a connection is made using SSL, instead of the usual "http" at the beginning of the URL, "https" will be displayed.
The specific function of the SSL gateway can vary greatly for different use scenarios. For application protocols of gateways that can be adapted to the HTTP protocol, it is sometimes more advantageous to use SSL gateways. The client will be a standard web browser supporting HTTPS, and no changes are needed on the server.
Another option is to implement an SSL gateway for port forwarding, giving the remote client a component that will act as an SSL VPN proxy in the client device. The browser will then communicate with it as if it were a local proxy server. However, this concept cannot be implemented for services that do not use one fixed port, but a range of dynamically allocated ports (such as FTP services).