Sorry if this is a little techy at times, but I’m afraid that it’s a slightly techy subject… but I must emphasise that a VPN is easier to implement that it may appear.
To get straight into things VPN… there are 3 fundamental reasons for employing a Virtual Private Network: firstly, security and confidentiality; secondly, remote access to private (ie. business) networks; and thirdly, access to geographically restricted services.
For us all, at home or business, implementing good security and privacy practice is critical to ensure we are not prey to hackers. We are constantly transferring personal, confidential or valuable data through our computers and mobile devices, and often we cannot be sure of the security of that data’s transmission. Connecting with – or, more correctly, through – a VPN can help protect your privacy, your data’s integrity, and safeguard your online activities.
So, what Is a Virtual Private Network?
A VPN is an additional layer of technology which establishes an authenticated connection, and encrypts the data transmitted, across an insecure public network (ie. the internet): in other words, it creates a protected tunnel between your device and the remote computers (‘servers’) with and through which it’s communicating, hence ‘virtual private network’.
There are a couple of distinct forms or applications of VPN (which these days often cross over):
The first is employed primarily for connecting remote workers’ devices (‘endpoints’ or ‘clients’) to their business network (particularly if the organisation hasn’t yet moved its resources to the ‘cloud’), through the business’ ‘gateway’ (router or server), utilising a simple software utility (a client application configured with communication ‘protocols’, and authentication credentials).
Once connected, the permitted internal business network resources – shared file storage, application servers, printers, intranets etc., and the internet (the web etc.) – will be accessible as if the employees were present in the office. Any business-wide network security deployed will therefore also protect their activities whilst connected via the VPN.
The benefits of this strict user authentication, and central access control, should be obvious to business owners and managers, as they reduce the likelihood of 3rd party/undesirable access or intervention, and prevent remote working becoming a compromise to business security. Furthermore, as most VPN products require the installation of a low-level application/agent on the endpoint, many extend into the wider aspects of endpoint and internet security, with features such as content filtering and malicious site blocking. Therefore a VPN can be more than just an enabler of business connectivity, but a foundation for secure communications between systems, people and sites.
Please be aware that all applications used when in the office will need to be installed if accessing the business network from a different device than normally used (personal laptop etc).
If a proposed remote worker has a dedicated (ie. not shared) office computer which is not mobile or practical to take away, it is worth mentioning that there is an alternative – and secure – method of remotely connecting directly to that machine (which will need to switched on), and effectively controlling it remotely: this negates the need to install all the applications on the secondary device, which can be particularly useful if there’s an issue with licences or incompatible software, eg. Windows only applications can be operated remotely from an Apple/Mac. There are a number of Remote Desktop Connection (RDC) applications to choose from, free and paid, such as TeamViewer, LogMeIn and Chrome Remote Desktop.
‘Site-to-site’ VPNs are deployed on a greater scale for connecting to the entire network in one location to a network elsewhere, such as linking IT infrastructures across a multi-office/site business.
VPN products of greater purpose for most users are the internet/cloud-based gateway services which provide secure and anonymous internet access over encrypted connections via internationally distributed servers. These offer features including: watching regionally restricted media (eg. BBC iPlayer, Netflix) from abroad; browsing and communicating securely when connected to a public or ‘open’ wi-fi network (particularly important when online banking or shopping, and submitting personal information); and allowing remote workers to securely connect their personal devices to their business services (eg. email, cloud storage), or safely use their work devices online, particularly if using a public hotspot.
Such VPN users’ connections to the internet are routed – after the initial local internet service provider – though a secondary independent service (the VPN) which encrypts and forwards their ‘traffic’ to its destination, and the response back. VPN service providers deploy servers across the world, which allow users to remain anonymous and to circumvent geographical restrictions, such as online streaming services’ regional controls, by routing users’ traffic through these localised servers. All of which explains why VPNs are a popular tool within the ‘black hat’ community (hackers, spammers etc.).
I should point out that a VPN does not encrypt any data at rest, only in transit.
New cloud-based gateway hybrid-access scenarios now exist offering secure links from the cloud service provider into the internal network.
A standard VPN can greatly add to the users’ computer’s workload, and somewhat diminish its capabilities when active on a wireless network, consequently it’s best to download and run a mobile-specific VPN designed and optimized to ensure a seamless user experience, particularly when devices are switching networks or moving in and out of coverage. They generally have a low memory footprint, and require less processing power than traditional VPNs, and allow other applications to run faster and the battery to last longer.
The increasing usage of mobile devices and wireless connectivity emphasises the importance of ensuring that your data is transported securely. A VPN allows users to access the internet while remaining protected behind a firewall.
Which VPN service should you subscribe to?
There’s quite a range of VPN products and services available, but, put simply, one that offers the bandwidth (speed), security features, and levels of support, appropriate to your needs and budget, and which operates servers in any specifically required locations.
VPNs aren’t too pricey, most are on subscription-based tariffs, and the professional solutions will offer central management, employ enterprise-grade technologies, have more servers with a greater distribution, more ‘IP addresses’ available and offer unique IP addresses (otherwise called ‘dedicated’ or ‘static’ IP addresses), and include the strongest security features: 128-bit encryption, anonymous DNS servers, an absence of connection and activity logging (if privacy and surveillance prevention is a significant concern), connection failure protection, and some also include virus and spyware protection. Generally, connections through the enterprise services will be more reliable and stable. Be aware that connection time, bandwidth, and/or data volume caps (limits) are commonly imposed according to the tariff/service level subscribed to.
Potential customers may be interested in ascertaining ownership and operation of the VPN providers’ infrastructures, and whether any external service limitations are imposed.
The free services usually have slower connection speeds (especially as most are ad-supported) and most apply significant caps, whilst some have unaccountable and questionable backing!
Do read the impartial online reviews to make confirm that your choice of service is capable of fulfilling your particular needs, and do take advantage of the free trial period offered by all VPN providers (which vary greatly in length).
Apologies again if that wasn’t entirely fathomable, but If you have any questions, or would like help setting up a VPN or RDC, please contact us .