kras99 – stock.adobe.com
A virtual private network, or VPN, is a key technology used to boost internet security and enable safe remote access for users who need access to enterprise WANs and their resources. A VPN interconnects all kinds of users across all types of locations. Its features should be secure, user-friendly and flexible enough to traverse the cloud for a variety of platforms and use cases.
Before setting up a VPN, network architects should evaluate fundamental VPN principles, select features that best support their organizations’ users, and consider best practices for security and secure remote network access.
VPNs add a protocol layer, often called a tunneling protocol, that encapsulates and encrypts network traffic. This process makes VPN traffic essentially opaque — meaning unauthorized users can’t detect the contents of the network — as it transits the public internet. If a third party inspected traffic in transit, it wouldn’t be able to access packet payloads.
VPNs prevent arbitrary third parties from inspecting traffic flow between specific users and the resources they access online. This is especially true for situations where employees use VPNs to protect work-related activities, transactions, file transfers, application use and more.
VPNs also hide specific user details in the traffic they protect. IP addresses, geographic locations, browser histories, devices and software are examples of information not readily available to those outside the VPN umbrella.
Enterprises primarily use VPNs to overlay a secure, private network over the public internet. Typical use cases for VPNs include the following:
Network admins need different elements at various steps when setting up a workable VPN, from the client, through the cloud, to the network boundary and into enterprise networks.
Basic requirements to set up a VPN include the following:
Some key design objectives to keep in mind when selecting VPN features include the following:
Choosing which kind of VPN to accommodate an enterprise network comes with its own share of difficulties. Network professionals are often caught between management dictates and user preferences when deciding which VPN to deploy, and this can pose some challenges for staff.
Upper management typically chooses VPN designs based on a few criteria. Existing infrastructure dictates which new VPN components match compatibility requirements, and management might also base purchase decisions on the best price or optimal features-to-price tradeoff. Sometimes, however, management chooses a VPN due to a specific vendor choice or existing relationship.
When management follows this VPN design rationale, network and IT teams are rarely given the choice of which VPN to set up. They may have input into the selections, but their choice is subject to considerations and final selections from higher-ranking personnel.
Instead, organizations may want to adopt a bottom-up approach driven by users. In a user-driven approach, user platforms dictate VPN protocols and services, while low-cost or freeware VPN clients drive the remaining component choices.
A user-driven approach creates a free-for-all: Organizations can use multiple VPNs for different user groups or platforms. Ideally, the organization settles on a single choice or a limited number of choices, where network teams carefully balance security requirements against ease of use and productivity considerations.
Choosing a VPN client involves considerations across a wide spectrum of capabilities and functionality:
Learning how to set up a VPN correctly can help network teams avoid future complications. To prevent potential problems, network personnel must be aware of areas that could cause VPN issues and technical problems.
Below are some common VPN deployment challenges:
VPN technology offers specific and focused security technologies, but it can also be a magnet for attacks and exploits. In March 2022, the Infosec Institute reported that the rise of VPN use to enable the demand for remote access led to an increase in attacks. It is pivotal to secure a VPN to create a safe remote network experience.
The National Security Agency and the Cybersecurity and Infrastructure Security Agency recommend organizations follow some best practices for security that can minimize their attack surface when using a VPN. Some of those tips are the following:
A detailed approach to network security monitoring and maintenance enables a VPN to boost security and provide users with secure enterprise network access.
Enterprises should set up standards-based VPNs that meet their users’ platform needs. For example, a VPN can accommodate mobile devices and stationary devices, but all VPNs — regardless of the device on which they run — should support strong authentication and encryption. MFA is one way to implement secure remote access for users outside office locations. Network architects should closely monitor VPNs and update them to accommodate security updates, patches and fixes.
By itself, a VPN can’t make remote access safe and secure. Network users should undergo security awareness training to avoid unsafe habits and minimize the risk of encountering online attacks. Network professionals should also carefully monitor the VPN and stay alert for anomalies or unusual access patterns to prevent attacks. For enhanced security, network professionals can consider limiting VPN access within a zero-trust framework that checks and limits IP and media access control addresses when necessary and enforces POLP for all use.
Managing VPN bandwidth requirements, speed and overhead
How to use two VPN connections at the same time
Cisco Webex users now have more hybrid work features, including a new whiteboard and integration with Teams, iPhone and iPad …
Weighing employee productivity monitoring against remote workers’ privacy is a serious issue that requires protecting personal …
Enterprise collaboration is an integral part of doing business. But companies must learn to guard against voice security issues …
Jamf executives at JNUC 2022 share their vision of the future with simplified BYOD enrollment and the role iPhones have in the …
Jamf will pay an undisclosed sum for ZecOps, which logs activity on iOS devices to find potential attacks. The companies expect …
Apple shifted its attention to premium smartphones in the latest iPhone 14 lineup with features such as Lockdown Mode that IT …
Data center network optimization can improve business impact and promote long-term equipment health. Look to pilot new equipment,…
Airflow in data centers is crucial for equipment health. While the hot aisle/cold aisle is popular, examine other options like …
File server reporting within File Server Resource Manager can help admins identify problems and then troubleshoot Windows servers…
CIOs next year are likely to summon service providers, once more, into the breach as they look to overcome the skills gap and …
The Nexus platform seeks to help clients modernize IT and could fit into EY consulting’s emergence as a separate entity; other …
Propriety tools for fast-tracking change are sweeping the industry, with offerings from professional services giants such as …
All Rights Reserved, Copyright 2000 – 2022, TechTarget
Do Not Sell My Personal Info