What is VPN and why should I use it?
If you’ve ever wondered about this question, then this article contains all the information you need to know about VPNs.
But let’s start with the history. VPN or Virtual Private Network is technology that was first used in 1996 by a Microsoft’s employee who developed PPTP (Point to Point Tunneling Protocol). Since 1996, VPN technology has seen widespread use and continuous development in various forms.
Reason for developing VPN technology is to reduce costs from telecom operators for dedicated lines which cost a fortune in the 90’s. If you had a company with a lot of branch offices, something like supermarket chains or banks or government offices to connect them all together that only for dedicated lines could cost a lot of money. Business was looking for a solution to reduce that costs and VPN was born.
VPN technology uses public internet connection to connect two or multiple offices ensuring end-to-end encryption for data transferred over the public network.
The best practice for companies with multiple branches and centralized data centers at their headquarters is to implement IPSec site-to-site VPN solutions. Multiple VPN technologies and methods can be deployed in these scenarios, including::
- DMVPN
- DVTI VPN
- Flex VPN
- GetVPN
- Client IPSec VPN
These types of VPN use two phases for encryption traffic.
Phase 1 — Negotiate exchange of proposals for how to authenticate and secure the channel.
Phase 2 — Negotiate security associations (SAs) to secure the data that traverses through the IPsec tunnel.
When deploying this kind of solution you should use the most secure protocols supported by your devices.
The best practice for IT professionals is to employ client-based VPN solutions enabling them to access data centers regardless of their location, whether the data centers are in the cloud or on-premises. This kind of VPN solution is the most suitable for IT professionals as it allows them the access from anywhere and at any time, facilitating their tasks efficiently.
Client based VPN solutions expanded during the COVID19 pandemic so other employees who had not used VPN previously needed to configure it and use them for remote work.
Client based VPN is a virtual private network created between a single user and a remote network. There’s often an application involved to make the connection. In most scenarios, the user manually starts the VPN client and authenticates with a username and password. Client based VPN solutions mostly use SSL protocol to encrypt traffic. But it is not secured enough as we know username and password is not secure enough for authentication of users. So for this kind of connection to be secured it should be mandatory to use multi factor authentication for all users.
In order to improve security, organisations and companies should ensure that all resources accessed by employees, including admin tools, databases, and servers, are exclusively accessed through a VPN. Only resources that are customer-related should be accessible publicly using HTTPS or some other secure protocol while access to all unnecessary ports should be restricted.
If we use the line of least resistance and ignore VPN and access publicly to our internal resources from anywhere, we expose our resources to risk to be hacked and misused. If we do not get rid of technical debt and do not upgrade on a regular basis we are at very high security risk. If we can access internal resources from anywhere, means that anyone, including unauthorized individuals, can potentially access them. If we think that credentials will stop hackers from accessing publicly accessible resources. We are wrong and probably hacked already.
So, the answer to the question why should I use VPN is to securely access remote resources from anywhere.
Protect your resources and ensure security by using a VPN.. Mitigate security risk and limit or restrict public access to company resources.
Is VPN everything we need for security or are there more secure alternatives available?
Is VPN everything we need for secure access to remote resources? No, it is not.
It is just a good start and secure way to access remote resources.
However, there are a few security questions to consider:
- Should all users access all resources in the company? No
- Is there a possible malicious user in the company? Yes
- Do all remote workers have protected workstations? No
From a security perspective, we should not trust anyone and that is how the concept of Zero Trust Network Access is born. Zero Trust Network Access (ZTNA) is a security framework that emphasizes the principle of “never trust, always verify” in network communications. It’s designed to enhance cybersecurity by providing granular control over access to applications and resources, regardless of whether users are inside or outside the corporate network.
With Zero Trust Network Access or ZTNA, IT teams like DevSecOps or Security teams have power to control this kind of access to resources.
ZTNA solutions give you the possibility to granulate access to resources by user or user group. So, for example, a legal team has access only to legal applications or trading team has access only to trading applications by needed ports and nothing more. With this granularity we can effectively prevent malicious users from accessing resources they shouldn’t have access to.
ZTNA solutions also give you the ability to restrict access to unpatched or not updated devices so it can control which device is permitted to access. With this capability, we can prevent vulnerable devices from accessing critical resources, thereby reducing security risks.
From a startup perspective, VPN usage should be mandatory for all engineers and developers who need to access infrastructure.
ZTNA solutions should be considered as security enhancing which can benefit both startups and employees. Some benefits for startups can be:
- Scalability: Startups often experience rapid growth. ZTNA solutions are designed to scale as your organization expands, ensuring that security remains effective and manageable.
- Compliance and Regulations: ZTNA can help startups meet compliance requirements by providing robust security controls and audit trails for access to sensitive data and applications. It is a great solution for fintech startups.
- Visibility and Monitoring: ZTNA solutions often provide detailed visibility into user behavior and network traffic. This visibility aids in identifying unusual activities and potential threats.
- Cost Efficiency: ZTNA reduces the need for hardware and infrastructure investments associated with traditional perimeter security solutions. This can be especially beneficial for startups with limited budgets.
- User Experience: ZTNA solutions often provide a seamless and user-friendly experience. Employees and partners can access resources without the hassle of connecting to a VPN or dealing with multiple authentication steps.
- Prevent Data Loss/Leakage: ZTNA solutions provide granular access, allowing us to prevent code and data leakage from full startup solutions or ideas. Engineers or contractors should only have access to the services they are actively working on.
It’s important to note that while ZTNA offers significant benefits, it’s not a one-size-fits-all solution. Startups should carefully evaluate their security needs, the types of applications and data they handle, and the level of control required before implementing ZTNA.
…
Ministry of Programming is a supercharged startup studio specialized in building startups and new products💡 We were voted in the top 1000 fastest growing companies in Europe by Financial Times. Twice.
We offer product management, design, development, and investment services to support entrepreneurs and startups towards product success.
Building your next startup? We would love to hear more. If you want to work with us on your startup feel free to reach out at — https://ministryofprogramming.com/contact/
