A virtual private network (VPN) is something that allows you to access the Internet privately. If you’re a freelancer or working from home, using a VPN can help increase productivity by accessing remote resources such as shared drives and servers.
If you’re an employer, a VPN can allow your employees to access and share files securely. A VPN is also useful for travelers who want to access their home network remotely.
All this talk about private access to the Internet sounds great, but at what cost? Is a VPN secure? If so, how secure?
This article will give you some insight into the security of VPN remote access.
How Does a VPN Work?
In its simplest form, a VPN is a connection between two computers or networks. One computer or network is akin to the Internet or any other network. This computer is the client and the other computer is as the remote host or server. The client can connect to the server via software or hardware.
The connection between these two computers allows for data transmission between them without anyone else knowing about it. The client sends encrypted data, which makes it unreadable by anyone other than the intended recipient.
In this way, it provides security and privacy for all your Internet traffic, whether that’s browsing, emailing, or file sharing. The remote host can also send encrypted data back to the client. This can be neat for authentication when you log in to your remote host from another computer or device using your VPN software.
VPNs are often useful in business settings. Because they can also help protect corporate data from both internal and external threats while on the road. In this case, a VPN is neat with L2TP (Layer 2 Tunneling Protocol) over IPsec (Internet Protocol Security). Our article on L2TP/IPsec will give you more information on this protocol combination.
What Makes a VPN Secure?
A secure VPN has a few things going for it that keep it secure: encryption, authentication, and tunneling protocols like L2TP/IPsec discussed above. Let’s discuss each one in more detail.
Encryption:
Encryption is necessary because it helps protect data during transmission between computers and networks. Most VPNs use SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both of these provide cryptographic protection of transmitted data and help keep data private in transit.
Encryption is also to protect data when it’s at rest on your server. The encryption key is safe on the remote host and it’s up to you to provide this key when you install your VPN software.
You can even set up your own encryption keys instead of using those provided by the VPN company if you have special requirements for key management. Encryption is also what we call cyphers and keys in this case.
Authentication:
Authentication ensures that users are who they say they are and that they have permission to access their destination. Some VPNs use user names and passwords for authentication, but more often, VPNs use digital certificates for authentication purposes.
Digital certificates authenticate users by verifying their identity on their public key. A unique identifier with a user’s certificate that is from a public/private encryption key pair. Most often, digital certificates are issued by trusted Certificate Authorities (CAs), and certificates are valid for a period of time.
Most VPN providers will automatically renew your digital certificate upon expiration so you don’t have to worry about not having one when you need it most.
Tunneling Protocols:
A tunneling protocol enables data transfer between two computers or networks via an encrypted tunnel. Tunneling protocols include Point-to-Point Tunneling Protocol (PPTP), Internet Key Exchange (IKEv2), Layer 2 Tunneling Protocol (L2TP) and Secure Socket Tunneling Protocol (SSTP).
PPTP is considered to be one of the most secure protocols because it provides 128-bit encryption of transmitted data and uses Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) for authentication purposes.
L2TP/IPsec provides tunneling by using security protocols between two hosts in order for them to communicate securely, but it doesn’t provide encryption. SSTP is a secure TCP connection over SSL/TLS and uses 2048-bit SSL certificates for authentication purposes.