VPNs

VPNs

Virtual Private Networks provide encrypted communication over an insecure (or secure) network such as the Internet. This enables a user or users to send/receive data over the insecure network with access to the private network (such as home, work, etc). Security of the private network can be offered or provided to applications running on the client.

Corporate network access (Intranet) while out of the office is a primary use of VPNs, but home users take advantage of VPNs this way as well. Offices very remote from each other can be joined together using VPNs to form a single network and share data just as if the systems were in the same office. This allows the client system to send/receive data through often restricted network locations or foreign countries, but there are some services such as Netflix which restrict or block use of VPNs when connecting to their services. They have their reasons, but the other method discussed in this series of blog posts - ssh tunneling - overcomes detection of the VPN for such blocking.

There are security implications for VPN use as the client systems must be protected by the same or higher level of anti-virus or malware prevention software to decrease the chances of infections of the Intranet resources. This is a less common method of infection of a network’s resources (most come from phishing attacks), but still remains a concern.

Historically VPN type of connections were through phone modems or DSL connections via frame-relay or ATM virtual circuits and other telecom providers, but these are not true VPNs because they use passive security. IP VPNs replaced these more primitive methods after larger bandwidth communication methods became available.

VPNs today can allow users of a device to also protect web browsing from malicious website domains using DNS black holes such as can be provided by the Pi-hole for a home user. Blocklists provided in a DNS black hole can include any website or URL corporate management or a home user requires to prevent a malware infection or advertiser from presenting adverts to the user. Such ad blocking methods can also provide excellent bandwidth savings to the cellphone user connected to the VPN with this service.

Other uses of VPNs are for remote access to VPN services providing access to the more “open” Internet. Uses could be to access sites blocked by the user’s own ISP or country, and provide anonymity, but do not provide any increase in privacy as the traffic can be intercepted on the remote target. In the event true privacy is required, the Tor browser can be used in conjunction with VPN service.

The VPN provides:

• Confidentiality - network traffic could be sniffed at the packet level, but only encrypted data would be recognized.
• Sender authentication to prevent unauthorized users from accessing the VPN
• Message integrity to detect any instances of tampering with transmitted messages

VPN protocols include IPsec, SSL/TLS, DTLS, MPPE, SSTP, MVPN and OpenSSH.

Authentication must occur for VPN tunnels to be built or established. Network to network VPNs use passwords and/or certificates as well as biometrics (such as iris or fingerprint), two-factor authentication (such as Google authenticator), passwords or other cryptographic methods.  All traffic on the remote or client system can be routed out through the VPN gateway to the Internet or directed to only provide access to internal network resources.