Brendon
Baxter

VPNs – Are they a timeless classic or an outdated concept?

Brendon Baxter

Mar 22, 2022

13 min read

Have you ever used the incognito mode of your browser to remain anonymous online? Well, if your answer is “yes”, I have bad news for you. Incognito tabs aren’t enough to keep you anonymous online.

This is where VPN comes in handy. Everyone uses a VPN these days, whether it’s to watch a TV show that isn’t available in your country or to keep your data safe while using the internet. VPN or Virtual Private Network is mainly used to give users privacy online and make them anonymous when they access the internet.

Explore advanced data privacy features with Hexnode

VPN securely connects a device or a user to a public or private network. By securing the connection, the data in transit is not visible to anyone else in the network, thereby stopping anyone from snooping in on confidential data.

Whether it is for personal use or office use, it is always recommended to use VPN while accessing the internet through public Wi-Fi. Otherwise, anyone on the same network can eavesdrop on your browsing data.

General misconceptions about VPN

VPN masks your IP address and also encrypts the connection between the device and the internet. It creates a secure tunnel between your device and the network. In this way, no third-party source will be able to access your browsing data.

There are some misconceptions about VPN, like:

  • Your internet is slowed down while using a VPN

    Your internet connection might get slowed down when you connect to a server that is thousands of miles away from you but apart from that VPN won’t slow down your internet speed.

  • You can remain 100 percent anonymous if you use a VPN

    It is not possible to stay 100 percent anonymous online with or without a VPN. VPN protects your data from a lot of possible cyber threats but still, it cannot stop cookies from tracking you. So, if you want to stay hidden online, you’re going to have to use a lot more than a VPN.

  • Free VPN tools are enough to secure enterprise networks

    VPN is a security or privacy tool that requires a lot of resources to stay functional. This requires a decent amount of money. So, if these free VPNs do not get money from their customers, then they must get it from somewhere.

    To make money, some free VPNs (but not all) sell user data to the highest bidder. So, rather than compromising your privacy with a free VPN, I recommend investing in a paid VPN.

  • A VPN can protect you from every online threat out there

    From all of the above points, you must have realized that VPN can’t protect you from every cyber threat out there. No single solution is capable of protecting users from every online threat.

Is VPN necessary for remote workforce?

Ever since the start of the pandemic, there has been a huge rise in the number of remote workers. Even as situations are getting better, more people prefer working remotely as this gives them the freedom of working from anywhere in the world, with a good internet connection.

What about data privacy when remote workers use public Wi-Fi to access corporate resources? A lot of cybercriminals target devices that are connected to public Wi-Fi. A VPN can help remote workers connect to company resources safely even if they use public Wi-Fi.

A VPN can make sure that even if a cybercriminal manages to eavesdrop on the connection between an employee’s personal device and corporate resources, it would be useless as the data in transit is always encrypted.

Types of VPN tunneling protocol

As mentioned earlier, VPN creates a tunnel between a user and a network or between two networks. This allows users to access the internet securely without anyone spying on them. VPN uses different protocols, known as Tunneling protocols, to secure network connections.

VPN tunneling
VPN tunneling
 

Some of the most common protocols are as follows:

1. Point-to-Point Tunneling Protocol (PPTP)

PPTP is one of the first protocols developed and it was introduced back in the 90s. PPTP has very few advantages, including a super-fast connection speed and compatibility with most devices out there.

Apart from these, the protocol has no other advantages. PPTP provides the weakest encryption and a lot of vulnerabilities have been found with this protocol. Since PPTP is easy to penetrate, it is outdated and serves as the bare minimum encryption standard.

2. Layer 2 Tunneling Protocol (L2TP)

L2TP is a tunneling protocol that can’t encrypt connections. L2TP can only create a secure connection between the user and the network. L2TP is usually paired with other protocols like IPsec (Internet Protocol security) to provide an encrypted connection.

Even though this protocol doesn’t have an encryption ability of its own it is considered more effective than PPTP. A major problem with L2TP is that it slows down the connection as data is encapsulated twice.

3. Secure Socket Tunneling Protocol (SSTP)

SSTP is a tunneling protocol developed by Microsoft and integrated with every Windows operating system starting from Windows Vista. SSTP uses a 2048-bit TLS or SSL certificate for authentication. The protocol makes use of a 256-bit SSL key for encryption.

SSTP has its fair share of advantages, including the ability to easily bypass firewalls and use strong encryption. The main problem with this protocol is that this protocol is not compatible with every device.

4. Internet Key Exchange version 2 Protocol (IKEv2)

IKEv2 was developed by Microsoft along with Cisco. IKEv2 is similar to L2TP in the sense that it is also commonly paired with IPsec encryption and authentication. The major advantage of IKEv2 is that it can easily re-establish a connection when the network type is switched (that is, from Wi-Fi to cellular or vice versa). So, this protocol is perfect for users who are on the go.

5. OpenVPN

OpenVPN is an open-source protocol and it is supported by all the leading operating systems like Windows, macOS, Linux, Android, and iOS. The protocol uses a 2048-bit RSA authentication and 256-bit AES key encryption.

Even though this protocol is an open-source protocol, it is considered one of the most secure and widely used protocols out there. The protocol owes its popularity to the fact that developers can access the source code and make tweaks to it.

Types of VPN

There are mainly 4 types of VPN, they are:

1. Remote-access VPN

A remote-access VPN allows remote working employees to securely connect to the company’s private network safely through an encrypted connection. It creates a secure tunnel between the user and the company network even if the user is connected to public Wi-Fi.

Remote access VPN makes sure that users can access company resources from anywhere in the world the same way they would do in an office. Organizations can securely transfer data without having to worry about it being spied upon.

2. Personal VPN

As the name suggests personal VPN is mainly used by people for personal uses rather than for business uses. Normally when a person connects to the internet, a connection is made between the user and the server hosted by the website.

When a person uses a personal VPN, the user is connected to a VPN server, which then connects to the website server. In this way, the user remains anonymous and the VPN server becomes the source of traffic.

Personal VPN differs from remote access VPN in the sense that personal VPN does not allow users to connect to private networks.

3. Mobile VPN

Mobile VPN is like a better version of remote access VPN. The main problem with remote access VPN is that it assumes that users remain at a fixed location and the connection is lost if the network type is changed or the connection is disrupted.

This is where mobile VPN can help you. Here the connection does not get disrupted if the users change the network type, there is any connectivity issue, or even if the device is inactive or switched off for a while.

4. Site-to-site VPN

Site-to-site VPN basically makes a secure connection between two networks rather than a user and a network, which is normally observed. This is useful for companies having offices in multiple locations.

Person switch on VPN on his personal device
A person connecting to VPN to access a private network

Risks of using VPN

As mentioned above, VPNs have a number of benefits, including providing online privacy, masking a user’s IP address, and allowing users to safely connect to networks using public Wi-Fi.

Despite its numerous benefits, a VPN cannot protect users from all types of assaults, and there are numerous attacks that might render a VPN worthless. Some of the attacks are:

  1. VPN hijacking
    VPN hijacking refers to the incident where an unauthorized person takes control of a VPN server and takes over the connection. Once the server is taken over, the person can view your entire online activity.
  2. Man-in-the-middle (MITM) attacks
    A man-in-the-middle attack is where a person eavesdrops on another person’s online activities by intercepting data. VPN protects users from MITM attacks up to a certain extent but cannot provide full protection against MITM attacks. Even though VPN secures data in transit from the user to the VPN gateway, it has no control over the data once it leaves the VPN gateway.
  3. Malware infection
    VPN just ensures a secure connection and it cannot provide any protection against malicious entities that might enter a device from the site. So, VPNs are of no use when it comes to malware infection.
  4. Granting too much access to users
    A user with a remote access VPN is allowed total access to a network. If for any reason the device is compromised, then the entire network is exposed to unwanted personnel and a VPN can’t do anything to avoid this situation.
  5. DNS leak
    DNS leak is where a device is connected to the default DNS server rather than connecting to the VPN’s secure DNS server. This opens up the door for DNS-related threats to enter the system. A VPN becomes helpless in this situation because the traffic goes through the ISP’s server, which is usually the default server.

Is VPN enough for data security in enterprises?

Even though VPN provides a certain level of anonymity online, it is the bare minimum for today’s security standards of most organizations. Since more and more cyberattacks are surfacing, VPN on its own might not be enough to provide complete data privacy.

Some tips that might help you make the most out of your VPN are:

  • Select strong VPNs that use a strong encryption algorithm, like AES or RSA algorithms.
  • Making use of an Anti-virus and an Intrusion prevention system.
  • Selecting a VPN with a Killswitch cuts the connection when the VPN is disconnected.
  • Making use of perfect forward secrecy, which is a feature that makes sure that the data stored from the past actions are irretrievable.

VPN alternatives

The need for a strong security structure is at an all-time high because there is a large increase in the number of remote workers. So, just adopting a VPN might not be enough anymore.

Whether it is to strengthen the current VPN system or to completely replace the VPN system, some great alternatives for VPN are:

  1. Zero Trust Network Access (ZTNA)

    Zero Trust Network Access can grant users access to a network, like a VPN, but with added security. When a user attempts to connect to a network, ZTNA performs user authentication, and even if access is granted, the user will have limited access to the network.

    Zero Trust and cybersecurity with Hexnode MDM

    The users will be able to access only those apps and data in the network that they have access to. In this way, companies can make sure that even if a cybercriminal attacks a user’s device/system, the attacker can access only a small part of the network.

    ZTNA coupled with a network monitoring solution can constantly scan devices and networks for threats and any other suspicious behavior. If any threats are found an automatic alert can be generated and the device can be suspended.

  2. Software-defined perimeter (SDP)

    SDP is defined as a security structure that is used to control access to networks or resources based on identity. SPD uses software to build a perimeter or a fence around the company network so that only authorized people can access it and no other person can access it.

  3. Secure Access Service Edge (SASE)

    SASE is a network security structure that is cloud-based. It brings together a lot of security technologies like ZTNA, WAN or wide area network, security broker, and so on, under one roof. SASE can help organizations cut down the cost of network security. It makes the life of IT admins simpler since all the security solutions are available under the same roof.

  4. Identity and Access Management (IAM) and Privileged access management (PAM)

    Identity and Access Management (IAM) makes sure that only authorized people get access to the company network. Since the network access is connected to a user, each session can be monitored and evaluated.

    Privileged access management (PAM) works like a ZTNA in the sense that it is used to ensure restricted access to the network depending upon the user. This means that PAM can be used to make sure that only essential users get access to critical data. PAM also makes sure that this critical data is highly secure.

  5. UEM

    Apart from securing and managing your corporate environment, UEMs can be used to provide users conditional access to corporate networks. This is normally done by setting up a list of compliance rules for devices and granting access to the network only if the device follows every rule.

    IT admins can constantly monitor devices and make sure that each device is compliant and is behaving as it should. If even one of the devices deviates from the expected behavior, then its access to the network can be suspended. UEMs that help enforce ZTNA provide an added layer of security.

  6. Decentralized VPN (dVPN)

    A decentralized VPN is a serverless VPN where the server is replaced by a node. A node can be a server, a phone, a PC, or a laptop. dVPN gets access to these nodes by giving credit to the actual device owner.

    A question that might pop up is, is it safe to allow strangers to access your device? The answer to that is, no users get access to the data stored on the nodes, just the traffic is routed through the nodes instead of the server. Since the servers and nodes are not maintained by a single authority, browsing data is not being stored anywhere.

    Although this option is great for personal use, it is not recommended to be used in a corporate setup. So, go for a dVPN only if you are looking for a VPN alternative to personal use. In the case of corporate environments, you can go for the alternatives mentioned above.

In conclusion,

Even though VPN is still a useful tool, newer tools in the market can ensure a higher level of security for devices in the enterprise. As the digital world is moving forward every single day, the need for a complete and all-around security system is high. So, even if you use a VPN solution in your devices, it is always better to include more advanced security solutions to protect your corporate network.

Share

Brendon Baxter

Product Evangelist@Hexnode. Read. Write. Sleep. Repeat.

Share your thoughts