How secure is a VPN? Is it the most secure remote access method?
Generally speaking, a virtual private network (VPN) is a common way to allow remote users to connect to your corporate network. VPNs are widely used by telecommuters, business travelers and those simply seeking to get in a few extra hours of work from home at night, but how secure is a VPN?
VPNs work by using encryption to simulate a direct connection to a private network. When you’re in the office, you usually have an Ethernet cable extending from the back of your computer to a jack in the wall that provides you with direct access to the corporate network, where your activities are protected from prying eyes by physical security and network perimeter protection.
Obviously, those security controls don’t apply when you’re sitting at home or on the road. Your communications must travel over the Internet back to your office and, during that transit time, they’re visible to anyone who may happen to be at a waypoint between the two locations. VPNs allow a software client on your computer to connect to a VPN endpoint on your corporate network. The client and endpoint then establish an encrypted tunnel that protects all of the communications between your computer and your corporate network so they are essentially illegible to prying eyes.
The downside to a VPN is it grants direct access to systems on your network to remote computers you may or may not control. While many organizations depend exclusively on VPNs to provide security for remote users, you may also wish to consider the use of additional security controls to supplement them, especially if you will have computers you don’t manage connecting to your network.
One common approach to achieve the most secure remote access is to require remote users connect to a VPN and then use application virtualization to allow screen sharing of an application running on a server on your corporate network without allowing direct access to the network by the remote computer. This reduces the risk of an infection on the remote computer spreading to systems on your corporate network.
You should also consider limiting the access VPN users have to devices on your corporate network by segregating them into a special VPN network that is firewalled off from the remainder of your enterprise network.
Ask the Expert!
Have questions about enterprise network security? Ask expert Mike Chapple! (All question submissions are anonymous.)
Dig Deeper on IPsec VPN Security
Related Q&A from Mike Chapple
Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. ...continue reading
Healthcare clearinghouses like Mass HIway are a new trend in health IT, but what are the security implications? Expert Mike Chapple explains what you...continue reading
The FFIEC Cybersecurity Assessment Tool has faced harsh criticism since its 2015 release. Expert Mike Chapple reviews the tool and how it can be ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.