Virtual Private Network (VPN)

Network Security and Virtual Private Networks (VPNs)Virtual Private Networks (VPNs) have been around for many years. They are a fundamental and crucial technology used to ensure private communication over untrusted networks. Businesses use client-based remote access VPNs to ensure mobile workers can securely access on-premises resources and use site-to-site VPNs to connect networks in different locations over the public Internet. Consumers use VPN services to provide online anonymity when browsing the Internet.

How do VPNs Help with Network Security?

VPNs use a combination of authentication and encryption to ensure that only trusted users or devices have access to sensitive and often confidential communication. VPNs are used to establish a secure an encrypted private communication channel over untrusted networks such as the Internet or public Wi-Fi networks.

VPN and IPsec

IPsec is the most commonly deployed technology for VPNs. It provides mutual authentication and is considered very secure. IPsec is a security framework that can leverage varying forms of encryption, the most common of which is the Advanced Encryption Standard (AES). Authentication can be performed using usernames and passwords, but the use of digital certificates is recommended for the highest level of assurance. If usernames and passwords are used, some form of multifactor authentication (MFA) should be used to prevent stolen credentials from being used to access the VPN.

VPN and SSL/TLS

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) can also be used as an alternative to IPsec VPN. The advantage of using SSL/TLS is that it uses standard, commonly open network ports that ensure VPN access from any location where the public Internet is available. VPN is not as secure and is more susceptible to interception than IPsec. However, when implemented correctly it can provide reasonable security and protection for most organizations.

VPN and Microsoft Windows Options

The Microsoft Windows client operating system includes a native VPN client that can be used to connect to a wide variety of VPN servers, including Windows Server Routing and Remote Access (RRAS). It supports modern VPN protocols such as Internet Key Exchange version 2 (IKEv2), which uses IPsec. It also includes support for Secure Sockets Tunneling Protocol (SSTP), which is a Microsoft proprietary VPN protocol that uses TLS. SSTP is only supported in Windows client operating systems beginning with Windows Vista. Windows also supports the Layer Two Tunneling Protocol over IPsec (L2TP/IPsec) and the Point-to-Point Tunneling PPTP. The use of L2TP/IPsec and PPTP should be avoided, however. For more detailed information about supported VPN protocols, click here.

Buying a VPN: Selection and Procurement

Choosing a VPN is not a trivial task. There are many factors that must be considered during the process, including number and type of supported clients, cost of implementation, maintenance, support, and user licensing, and specific security requirements. Here is a quick overview of some of the more popular VPN solutions on the market today.

DirectAccess – Microsoft proprietary solution that is Windows only. Clients must be running Enterprise edition and must be joined to a domain.

Always On VPN – Another Microsoft-only solution that supports only Windows 10 clients. Clients do not have to be joined to a domain though and can be running Professional edition.

Cisco, Checkpoint, PulseSecure, SonicWALL, Fortinet, Palo Alto, etc. – There are many excellent third-party VPN solutions that typically feature broad client support (Windows, Mac, Linux, Android, iPhone) and often include advanced security features. Typically, these solutions require investment in dedicated and proprietary physical hardware, although many now have a virtual appliance option. These solutions commonly require per-user or per-device licensing and additional maintenance and support fees.

NetMotion Mobility – This is a unique VPN solution that does not require proprietary hardware. It is a software-based solution that can be installed on any Windows server, either physical or virtual. NetMotion Mobility is a proprietary VPN technology that is designed to accelerate mobile performance in a wide variety of network conditions. VPN connections are highly optimized to improve reliability and performance. Network communication is compressed, and traffic is prioritized to ensure the best experience. NetMotion Mobility provides packet loss correction and session persistence to ensure applications stay connected even during times of intermittent connectivity. Security is provided using industry-standard AES encryption. To learn more about the NetMotion Mobility solution, click here.

What are the Best VPN Options?

Ultimately that depends on your specific requirements. DirectAccess and Always On VPN are good choices for organizations that support Windows clients exclusively. Third-party VPNs are good when broad client support is required. NetMotion Mobility is the best choice for providing stable remote access over unreliable connections such as LTE and satellite links.

Additional Information

I am an Enterprise Mobility expert and I specialize in helping companies securely mobilize their workforce. If you’d like to learn more about your remote access options, fill out the form below and I’ll get in touch with you.