VPNs and remote access technologies
Being able to spread a single network across multiple locations has been critical for both individuals and organizations. While dedicated point-to-point circuits are highly secure, they are extremely expensive and potentially a point of failure if damage occurs to the one line that can provide this service.
Virtual private networks (VPNs) alleviate a lot of these limitations, allowing for connectivity from point-to-point with the typical levels of redundancy of getting from here to there that you would expect of normal internet services. Let’s explore an overview of VPNs and remote access technologies in general, along with some of the benefits and concerns that come from using VPNs.
Learn Network Security Fundamentals
Types of VPNs
Remote access VPN
This is the one that most people think of immediately when they hear the phrase VPN. It’s a single user connecting from a remote location to a central network for an organization. The most popular solution by far is a software client connecting via a secure tunnel to the organization over an existing connection wherever the user happens to be right now.
This allows the user to be able to flip back and forth between when they need access to the organization's resources and when they just need general web access to the local connection. On the flip side, there are also hardware options such as air cards or baked-in connections on certain types of embedded devices that can create a secure connection before the operating system has finished booting. In this way, the user is never off of the network; they are logging in directly every time.
Site-to-site VPN
The above options are mostly for devices that move around a lot, or for individual users. When there is more than one user at a permanent location, however, it may be significantly cheaper and easier to create a site-to-site VPN.
This effectively links the local network and the organization's network into one unit, meaning that the users always have access to resources — not requiring anything special on the user's side to initiate. Bandwidth management is critical when it comes to managing this form of VPN, however, since all users are sharing a single connection instead of each having their own.
Secure socket layer virtual private network (SSL VPN)
What happens if you need to share data with users, but you don't necessarily want to give them access to the entire network?
You could potentially use methods such as email, but that would require someone to send the data to the user in the first place. You could attempt to place this data on a site available on the open web, but if it is sensitive you run the risk of the site being compromised. SSL VPNs (which don't use SSL anymore) allow users to access internal applications via a secure portal, giving them self-service access to whatever your organization chooses to permit, but without the carte blanche access that a full VPN tunnel would allow.
VPN protocols
To protect the underlying traffic, VPN protocols have evolved over the years to be able to create encrypted tunnels, with the data being transmitted only accessible from either end of the connection. Internet protocol security (IPsec) can handle authentication and encryption in multiple ways, allowing for a tremendous amount of versatility. Point-to-point tunneling protocol (PPTP) and its successor layer 2 tunneling protocol (L2TP) both can help support the transmission of data in VPNs, but don't provide any meaningful protection for this data. To this end, they can be encapsulated by IPsec, providing encryption for the traffic passing through it.
Transport layer security (TLS) is used extensively across the web for both authentication and protection of data on various websites, including the SSL VPN listed above, but it isn't optimized for every use case. The datagram transport layer security (DTLS) protocol for example performs the same basic tasks for user datagram protocol (UDP) as TLS does for transmission control protocol (TCP). Because of this, it is sometimes used instead of TLS to create VPN tunnels and is supported by many software client VPN options.
Other remote access options
Secure shell (SSH) was originally intended to provide a secure method of accessing a terminal session on a remote device. It can be used to tunnel just about anything through the secure connection that it creates. So if for example, you were formerly using a baseline virtual network computing (VNC) connection to gain access to a remote GUI, highly insecure without modifications, you could route the connection through an SSH session to perform the same action much more safely.
If on the other hand, you are looking purely for just remote administration or one-time connections, there are services such as LogMeIn and TeamViewer that provide methods to hop into an existing user's session to assist with troubleshooting. Not VPNs per se, but they still permit accessing a system remotely.
Why use VPN?
So we can easily see the reasoning behind a business case for VPNs, and certainly in remote assistance situations. But why do we see advertisements for VPNs on YouTube videos and news sites? The answer lies less in technical requirements and more in geographical restrictions and privacy concerns.
Say for example that you subscribe to a streaming service that is known for having a lot of content. However, when you want to watch a specific program, you find out that it is not available in your country but it is available one country over. Through the use of a VPN service, you could change the exit point of your traffic so that instead of accessing your local version of the streaming service, you would be accessing the version from the other country where this content is available. The same principle would also apply to testing in-house developed web applications so that versions of a page can be viewed from different countries without ever having to leave your desk.
Unfortunately, VPNs have also been implicated in legal cases where users are accessing content that is not just unavailable in a particular country but is actively prohibited. VPNs have been used to successfully bypass major firewall restrictions in multiple countries to access state-banned content. Because of this, the users of those VPNs could potentially be brought up on serious charges. With this in mind, always be sure of the current legal status of any technology in the geographical region you intend to use it in.
Learn Network Security Fundamentals
Which VPN works for you?
VPNs are a vital link in today's networked reality. Whether used by individuals daily for their jobs or organizations to constantly link sites together, they make the world a much more connected place. They also come with a responsibility, however, to make sure that the user on the other side of the connection has the same access and restrictions as a local one. Not only for information security but for bandwidth consumption.
Sources
- Types of virtual private network (VPN) and its protocols, GeeksforGeeks
- What is an SSL VPN?, Fortinet
- VPN vs. SSH tunnel: Which is more secure?, How-To Geek