VPN — “Dinosaur” Technology to Tech Warrior
Virtual private networks or VPNs for short, have always been an essential part of day to day life and corporate life.
It has provided instant and reliable methods for accessing sensitive data, applications or entire company infrastructure using encrypted connections over the internet from remote locations to users.
“Many of us considered VPN to be obsolete or near irrelevance, until COVID-19. The exponentials increase in remote workers has given the VPN industry a new lease of life and now it's thriving with great power.”
In the past, it was always about controlling VPNs and ensuring that minimal people had access to VPNs. Now VPN access requests are exploding and security admins are struggling to manage VPN requests.
“With great power comes great responsibility”
Although many companies provided VPN access during the pandemic, it has many challenges and is not very scalable.
· VPN credentials need to secured and closely managed
· Higher possibility of malware spreading via a VPN without adequate controls
· Limited by licenses or infrastructure
· Device-based compliance may restrict VPN usage
· Low Bandwidth or Network interruptions can also cause VPN to disconnect
· Do not work well on mobile or tablet devices
New Attack Vector for Hackers
Cyber-criminals are targeting individuals as well as corporations by using phishing emails or exploiting vulnerabilities of legacy VPN solutions. Remote workers are easy targets because they may be using insecure Wi-Fi/home connections and unknowingly become a bridge to the corporate network via their VPN connections.
Secure VPN Setup
It’s scary but true that VPN is the easiest gateway for malicious attackers to get inside the network but Before giving access to employees a VPN connection via the client, it must be secured with a layered approach of security so we can ensure we are in safe hands from prying eyes of hackers.
An enterprise must consider strong security features before choosing any VPN Product. It must have secured features to support both the VPN server as well as the VPN client.
We can divide the protection of VPN into two parts for easy setup.
Server Side:
· Server must support strong encryption algorithms for inbound and outbound traffics.
· Server must support the strongest possible authentication methods with two-factor authentications.
· Server must be protected from DOS/DDOS attacks.
· Server must be secured from managing and administering only by the authorized admins.
· Effective/Strong and restricted security policy and rules must be applied for the users.
· The Server Must be placed inside the DMZ (Demilitarized Zone) in order to protect the internal Network.
· Server must have the capabilities to evaluate clients based on AV, Firewall, updated browser and allow them to connect if they pass security considerations.
· Server must be capable of providing seamless connectivity in case of disaster using different Failover options.
· Server should support easy logging/Auditing.
· Access to Servers / Files and networks should be restricted to only authorized users based on RBAC.
· Unsecured and vulnerable ports should not be allowed to enter the network through a VPN.
Client-side
· Client must have antivirus / Endpoint protection with updated virus definitions before connecting to VPN otherwise connection should be rejected or should be quarantined.
· Clients must have the most updated patched OS.
· Clients must have the most updated browsers.
· Client must be connected to only one VPN solution at a time.
· Client-side security should also allow administrators to eliminate any “footprints” that might be left behind during the course of a user session.
Types of VPN
Virtual Private Network (VPN) is basically of 2 types which use protocols like, IPSec, PPTP, L2TP, SSL VPN, etc.
1- Remote Access VPN
A remote-access VPN securely connects a device outside the corporate office. These devices are known as endpoints and may be laptops, tablets, or smartphones. Advances in VPN technology have allowed security checks to be conducted on endpoints to make sure they meet a certain posture before connecting. Think of remote access as a computer to the network.
2- Site to Site VPN:
A site-to-site VPN connects the corporate office to branch offices over the Internet. Site-to-site VPNs are used when distance makes it impractical to have direct network connections between these offices. Dedicated equipment is used to establish and maintain a connection. Think of site-to-site access as network to network
Looking ahead, we can still doubt that VPN use will extend beyond outbreak, but we are sure that employees who have been attached to VPN will try to escape from long office commute and save their day for other productive work.
Adapting a strong VPN service with security and availability is the key here for your organization and remote office work to make your employees happy.
Security researchers are now considering other technologies to replace old VPN with SD-WAN, No-VPN, and Zero Trust Network but deep down we all know “Remote Access VPN is not going to die soon”.
Useful links:
https://www.paloaltonetworks.com/cyberpedia/what-is-a-remote-access-vpn
