To understand how data is protected, it is necessary to explain the concept of packets, small units of data. When you communicate with another computer using TCP/IP (the standard protocol, or rule, for Internet communications), your data is broken down into small digital packets. Packets are sequenced, sent individually, and assembled into usable data upon arrival. Any packets that get lost in cyberspace are re-requested.

With a normal Internet connection, your packets can be visible to anyone with the right software and equipment. They contain clear text information, or text that is easily readable. With a VPN connection, however, each packet is "wrapped" using special technology that makes it unreadable by anyone who does not have the proper "key" to unlock the packets.

When you start up a VPN session to UT Austin, you connect to the Internet normally. However, all data that you send is encrypted before it is sent over the Internet, and decrypted after it reaches the VPN server. Encryption is a process by which your data is converted from plain text to a scrambled string of hexadecimal characters. Only the machine with the proper information can decrypt (decode) information that you encrypt.

In a VPN connection, encryption is accomplished by a protocol that securely repackages the data on either end before transporting it. In effect, a VPN builds a secure, encrypted "tunnel" between your computer and the VPN server or another network device that manages VPN services. After reaching the VPN device, your data is forwarded to the local area network. In this manner, a VPN lets you work just as if your machine was physically plugged into that network.

Note that your data is only protected during transit to and from your computer and the VPN device on the local area network. Once it is decrypted, it is only as secure as the local area network on which it is traveling. For instance, if you are connecting to campus from home using VPN, your data is protected on the Internet. Once it reaches the UT campus, however, it is no longer encrypted unless there is application layer encryption.

Permalink: /utss/KAhome.do?number=KB0012331