Over the past year organisations, large and small have had to learn how to cope with remote access to their systems in a very short timeframe. Most have had to resort to the use of what are referred to as VPN (virtual private network) solutions. These are critical solutions that enable remote workers to access corporate resources via secure and reliable links which allow for improved connectivity. This improved secure connectivity is the basis for increased document sharing and overall productivity as it ensures that the relevant updated documentation is available to authorised users through the VPN connection. The importance of the VPN connections cannot be overstated. It is the critical element which allows for structured secure sharing of data across different networks ensuring that both on-site workers and remote workers have access to shared documentation and resources.
In general, there are three types of VPNs available and often businesses will select a combination of two or more. The first type is the fixed VPN that’s usually provided by a network provider or perhaps an internet service provider (ISP). These would typically connect a branch office to the main office so that the branch office would be part of the corporate network. These are very popular and most multi-location businesses have them. However, do to their configurations, these are not particularly flexible. The second type of VPN requires the installation of a specialized server or a router with a VPN server feature built in. These are managed by the business’ IT department. Many large companies take this approach as it allows them to leverage their in-house expertise and gives them varying levels of flexibility in connecting their networks with VPN clients. The third option is the VPN service. These are cloud-based and provide a secure tunnel through the internet between the user’s device and their server, effectively replacing the ISP for the connectivity. This type of VPN has various advantages, particularly for SMEs. They are relatively low cost and easy to use, although many are aimed at the personal user market and may not be suitable for a corporate environment.
Matterson provided a useful review of enterprise VPNs to use in 2021. He refers to the physical security benefits of using company-owned workstations that use restricted in-house networks to access in-house systems and data. This practice provided high levels of security for those within the network. The realities of today’s remote workforce are challenging this practice, to provide the greater flexibility and convenience of having a remote workforce that can connect to systems from all around the globe.
Matterson recommends VPN solutions that include “multi-factor authentication to reduce risk of cyber attack. In this regard, multi-factor authentication carried out on different channels for example with authentication code sent via sms adds to the security of the system. He recommends the disabling split-tunnelling options on VPN solutions. This ensures that all traffic, including internet traffic, goes over the VPN back to the headquarters and out of that internet pipe or to the network. His suggestion to implement a maximum connection-time window after which employees must re-authenticate is another very practical manner to reduce risk of Cyber attacks. He reiterates the importance of using only complex passwords which need to be changed regularly. At a more technical level Matherson recommends setting up a dedicated subnet for VPN users exclusively and then implementing role-based rules to determine which systems and networks they can access. In this way system administrators would likely have a broader level of access than end users, who can be segregated into groups based on department and only provided the ability to get to the bare minimum of systems or services needed to perform their jobs. Best practice is to carefully identify with data and files different users and user groups require and to provide access only to what is needed.
Matterson’s ranking of the top six VPN solutions are:- #1. Cisco AnyConnect; #2. Checkpoint Secure Remote Access; #3. Sonicwall Global VPN Client VPN; #4 Fortinet Forticlient; #5. Palo Alto GlobalProtect; #6. ZScaler Private Access. For more details refer to Materson’s article.
Max Eddy contends that a VPN, or virtual private network, is one of the easiest ways to improve online privacy and on behalf of PCMag he carried out an extensive review of the more popular solutions on the market. On the basis of their evaluations Eddy contends that VPN services, while tremendously helpful, don’t protect against every threat. Using a VPN can’t help if a person mistakenly downloads ransomware or from being tricked into giving up data to a phishing attack. Eddy recommendations tie in with those of Matteson highlihged earlier, namely use local antivirus software, enable two-factor authentication wherever available, and use of complex strong passwords. For the latter, Eddy recommends the use of a password manager to create and store unique, complex passwords for each site and service used.
In his article, Eddy highlights the limitations to anonymity with a VPN and strongly recommends privacy-focused web browsers that can block third party tactics to gather data on users and track their movements. He confirms that many VPN services also provide their own DNS resolution system to counter any DNS poisoning which could be used to direct users to bogus phishing pages designed to steal data. Using a VPN’s DNS system adds another level of security to the secure DNS which is already a strong defence. Eddy refers to the debate among security experts about the efficacy of VPNs since most sites now support secure HTTPS connections which means that traffic to such sites is already encrypted. A VPN covers the information not already protected by HTTPS, placing an important buffer between the user and those controlling internet infrastructure, thereby makes online tracking more difficult.
In this day and age where remote work is the norm and not a luxury, organisations need to provide secure, reliable and fast connectivity to authorised users working on-site or remotely. Carefully defining the system requirements is an essential starting point to identifying which type of VPN solution is best for your organisation. The eBS Tech Support team have the resources and the competencies to assist clients in the analysis and definition of their needs and then to match these to the more appropriate VPN solution. Selecting the right VPN solution will ensure that all the required functionality is at hand, without additional costly functions or levels of security which an organisation may not require. Extra features that an organisation will not implement will only will add cost and complexity at the very least. The challenge is to optimise the VPN solutions on offer to ensure effective security targeted directly at what is needed to maintain and improve operations without overly disrupting current practices.
For more details contact email@example.com
 Matteson, Scott, 2021, The top 6 enterprise VPNs to use in 2021, Security, Feb 22,