What Is a VPN? How It Works and What It's Used For?
What is a VPN? VPN stands for virtual private network and describes the type of service that creates a secure connection between your device and the public internet. This article discusses how VPN works and its different types.
As more and more businesses migrate their data and applications to the cloud, the need for a virtual private network (VPN) has become more of a basic necessity rather than an option. With targeted cyber attacks more prevalent nowadays, companies have to employ multiple ways to enhance their security across their computing environments.
The use of a business VPN is one way to prevent data leakage and breaches in an organization. Simply put, a VPN is a type of secure internet service that enables remote users to connect to a private network.
If you're wondering whether a VPN is right for you, you've come to the right place.
At Intelligent Technical Solutions (ITS), we enforce the use of VPNs across our web properties and those of our clients. Additionally, we've been helping businesses implement various solutions to secure their networks for over two decades.
This article provides you with a wealth of information on what a VPN is and how it benefits your business. We'll also talk about the different types of VPN and how corporate VPNs work.
What Is a VPN?
A virtual private network (VPN) is an encrypted connection that bridges dissimilar networks over the public internet infrastructure. An encryption algorithm, such as AES (Advanced Encryption Standard) with 256-bit keys, essentially obfuscates the traffic passing through the VPN.
Let's say you have an office in Las Vegas and an office in San Diego. They're physically separated from one another. A VPN will bridge those connections over the internet so that all the computers in the offices can securely talk back and forth to one another as if they were a local private network.
There are two main types of VPN, according to Ryan Deneau, Chief Technology Officer at ITS:
1. Site-to-Site VPN
This VPN type is used when you have one physical location and connect to another physical location. It is a permanent connection between two or more networks, such as a company headquarter and branch office network (also known as sites). Site-to-site VPN is often used by companies with offices spread across the globe.
2. Point-to-site (P2S) VPN
In this VPN model, a single computer connects to a virtual network. It is established from the individual client computer. Before the network accepts the connection, the user has to be authenticated first. This VPN connection is useful for telecommuters who need to access their company resources from a remote location.
Advantages and Disadvantages of Using a VPN
When it comes to the advantages and disadvantages of using a VPN, Deneau says that the pros mostly outweigh the cons. However, drawbacks are still inevitable, as discussed below.
Advantages:
VPN comes with relatively inexpensive hardware. You're able to create a more extensive virtual network that spans multiple buildings, cities, states, or countries. You don't have to rely on internet service providers and avail of what they frequently offer, such as a metro ethernet connection or virtual private LAN service (VPLS) connection.
VPNs can be configured with minimal effort. IT staff can easily set up the VPN to facilitate the connection in multiple locations. You can have multiple VPNs across five or six to 15 cities, all connected as if they were to appear as one network. You don't have to pay the internet service provider to create these legacy-bridged connections between distinct locations.
Disadvantages:
VPNs can be misconfigured. If set up improperly or with insufficient encryption, then the connection could no longer be private. Somebody could potentially inspect that traffic as if they were in the network. While it's not common, it is possible if you're using an antiquated encryption algorithm that's no longer supported.
A VPN connection can drop frequently. A VPN can get disconnected if it's improperly configured. It will usually require somebody to get logged into the VPN connector, the firewall, or wherever it's initiating that VPN connection to re-establish that connection. There may be a period of downtime while trying to get the VPN re-established.
What Are the Types of Protocols Used for VPNs?
Protocols are the means by which your device connects to a VPN server. They differ depending on their speed, reliability, and level of security. Below are the most common protocols employed by VPN services:
Internet Protocol Security (IPsec)
IPSec-based VPNs protect the integrity and confidentiality of data exchanged through the encrypted tunnel between endpoint machines. It relies on instructions or protocols that authenticates and encrypts data transmitted over the public internet.
Internet Key Exchange Version 2 (IKEv2)
For consumer and business use, this type of VPN is the most secure because it requires certificates. Each device presents what's called a client certificate to the VPN server, which verifies the user.
These certificates cannot be forged and offer a safer alternative to credentials because the user doesn't have to remember any credentials. Often, these certificates are packaged in a way with the software, where the user is blind to the whole certificate authentication process.
The issue with IKEv2 is that ISPs can block access to users from specific geographic locations. "We've had issues with users in the Philippines where their Internet service provider is blocking the traffic for an IKEv2 VPN. They can't establish those VPN connections because their ISP is blocking those well-known ports," Deneau said.
Layer 2 Tunneling Protocol (L2TP)
Also known as virtual lines, L2TP is a standard protocol used by ISPs to enable VPN operations. Because it lacks security or authentication mechanisms, L2TP is often paired with IPsec to provide encryption in a VPN configuration.
Point-to-Point Tunneling Protocol (PPTP)
According to Deneau, users would want to avoid PPTPs as they are outdated. PPTP is a networking standard that enables network traffic to be encapsulated and routed through the internet.
PPTP is not common anymore, but it used to be the primary method of making VPN connections. Many security vulnerabilities have been found in the protocol.
How Does a Corporate VPN Service Work?
Companies may deploy their own setup when it comes to implementing VPNs. At ITS, we use a multi-pronged approach, Deneau noted.
ITS hosts a VPN server that takes care of brokering the VPN connections. The VPN server requires multi-factor authentication (MFA) from a Microsoft Office 365 account. Users log into their VPN connection with their Office 365 credentials and are then prompted to MFA the account.
Once they MFA the account, it relays the information to the VPN server that the user is good to go. We built our own infrastructure to accomplish this point-to-site connection.
We also have a site-to-site VPN between our different physical offices, and those are all just configured on the firewalls. The VPNs are configured on each end of the SonicWall.
Secure Your Internal Network with a VPN
Given the complexity of our work arrangements and the frequency of data breaches, companies should put proactive measures in place to protect their networks.
An enterprise VPN can defend your web assets and corporate network against potential intrusions. It controls user access as well as provides a secure channel where your users can access company resources privately.
ITS can assist you in configuring your enterprise VPN operations. Talk to one of our experts today to find out how you can strengthen your cybersecurity posture with VPNs.