A VPN is a Virtual Private Network. In essence it is an encrypted tunnel between two points. Typically a VPN is used to connect a remote workstation across the Internet to a business network. All the information that is sent across the public Internet is securely encrypted so it can’t be seen by third parties. At either end the information is decrypted so it can be used normally.
It is also possible to create what is known as a point-to-point VPN between two routers so that information between two locations is automatically encrypted when it travels across the Internet. Using this point-to-point configuration users don’t have to do anything differently as the routers at each location do all the encryption and decryption automatically.
To establish the encrypted tunnel between two end points requires a strong password. This should be something very secure and generally best if only entered once (that is a benefit of the point to point configuration). So the security of any VPN is generally only as good as the password used to create the tunnel.
Another important consideration with VPNs is that once a VPN has been established this means that both machines are connected the same way as if they were on the same physical piece of cable. This means that if one of the machines connecting in is infected with some form of virus all the VPN will do is pass that virus to the machine across the VPN. A VPN simply sends and receives traffic, it doesn’t inspect what is contained in that traffic.
Thus, a VPN will not protect your network from an infected machine connected from a home location. Therefore, it is critical you ensure the hygiene of ANY machine that connects to your business network no matter how and where it connects to your network. You should treat any machine using a VPN the same way as you would any other machine in your business.
So a VPN is great option to facilitate remote connection to your network but it doesn’t mean that you let your guard down when it comes to the security of your network.