21 May Safer remote access with VPN
The COVID 19 pandemic has forced us to take refuge in our homes and work remotely. As a result, we have left the security of our corporate intranet, and now use the Internet to access our local network and obtain the information we need to carry out our daily duties. In other words, our data is more exposed than it has ever been before, therefore we should consider making access more secure by means of a VPN.
What is a VPN?
A VPN (Virtual Private Network) is a networking technology that allows you to set up a secure link to your local network (LAN) over a public network such as the Internet.
In essence, what it does is hide our IP address and route our Internet connections through an encrypted VPN tunnel.
Initially, local networks depended exclusively on cable, and in most cases, we could only connect to them from a terminal located in the office.
This is probably the most effective solution from a data security point of view, but it is completely ineffective in terms of production.
Soon, companies realized that they needed to cross-reference their data between their offices in order to operate with complete certainty and started to contract dedicated lines. Unfortunately, these lines were very expensive and thus the Internet became the most viable option.
Sending data over the Internet was and still is the most logical and consistent option. The evolution of other technologies such as WIFI, and especially technology related to mobility has transformed communication and changed our way of life.
Today, it is not only possible to connect to other offices, but we can also continue working on the go, from our home, or even from our favourite cafeteria. However, it is also true that our data has never been as exposed as it is now.
How a VPN works
With a VPN, we connect to the Internet service through our ISP (Internet Service Provider), and from there we are directed to our VPN server, which takes us to the requested page. This is what we call a tunnel.
For example, if I want to access Google’s website and I don’t use a VPN, I enter the website’s address in the browser’s search bar and the browser contacts the router to look for the website’s IP address in the DNS server provided by our Internet Service Provider.
Sorry to disappoint, but on the Internet the addresses that matter are more like 188.8.131.52 than www.google.com, however using a name is not only easier to remember, but also more reliable as the numerical address could change for many reasons, without changing the name of the website. If you want to try, type “ping Google.com” into your MS-DOS console.
A DNS (Domain Name Server) is a server that converts human readable domain names into Internet Protocol (IP) addresses.
Returning to the subject, I should tell you that a router is the intermediate point between the Internet and the local network. Its main function is to request the data on the Internet and distribute among the network devices (computers, laptops, tablets, etc.). To do this, once the IP address of the requested page has been found, it will be transferred to the browser, which will in turn contact the web server that hosts the page, and finally transfer the data needed to view it.
The problem is that for communication between devices to be possible, both the router and the browser must provide data such as our IP address, the operating system we use, the type of device from which we used to send the request, etc.
But wouldn’t this happen anyway if I used a VPN?
For the exchange of data to access a website, we provide data that lets the user to know our public IP, the page we want to visit, what operating system we use, browser, physical location, etc.
The big difference, however, is that with a VPN, it is the VPN server that makes the request for the page. Therefore, the data that is going to be collected will correspond to the VPN and not ours.
In addition, when we use a VPN our data is encrypted so that not even our ISP will be able to know what we are looking for.
We can make a comparison between data traffic on the Internet and the money that is transported between banks. The VPN client is the first bank, the VPN server is the second bank and the VPN encryption is the security truck that transports the money between the locations.
Why we need a VPN
From a company’s point of view, a VPN connection can be used to allow employees from other offices to access the organization’s private network, or to work remotely, minimizing the exposure of your data.
There are many situations that put our password at risk of being captured. All of us, without exception, have connected to a public WIFI connection at some point. This connection can be a decoy to connect to a hacker’s computer.
In this case, if our connection is not encrypted, we will do the hacker’s job for him.
VPN and encryption
Encryption is not unique to VPN but in general, whenever these connections are used, they are accompanied by an encryption, so it is quite recommendable to use a VPN if you are going to connect to a public WIFI access point.
The most common encryptions offered by the different VPN providers are OpenVPN, SoftEther, IKEv2, L2TP/IPSec, PPTP and SSTP (SSL).
Multiple authentication tools
There are already many services that offer two-factor verification to increase the security of user account access. Some platforms also allow you to configure the authentication mechanism and choose whether you want to receive the access code by mail or directly on your mobile.
Integration with Active Directory
It is also very common for some VPN solutions to use SSL cryptography and allow access via Active Directory login.
In this case, a certificate is created. This certificate can be for individual or collective use. When access is required, the administrator can assign a certificate to a group of people, so if any of these users no longer need access, they can simply remove this user from the group, without having to revoke the certificate.