How secure is a VPN? Is it the most secure remote access method?
Generally speaking, a virtual private network (VPN) is a common way to allow remote users to connect to your corporate network. VPNs are widely used by telecommuters, business travelers and those simply seeking to get in a few extra hours of work from home at night, but how secure is a VPN?
VPNs work by using encryption to simulate a direct connection to a private network. When you’re in the office, you usually have an Ethernet cable extending from the back of your computer to a jack in the wall that provides you with direct access to the corporate network, where your activities are protected from prying eyes by physical security and network perimeter protection.
Obviously, those security controls don’t apply when you’re sitting at home or on the road. Your communications must travel over the Internet back to your office and, during that transit time, they’re visible to anyone who may happen to be at a waypoint between the two locations. VPNs allow a software client on your computer to connect to a VPN endpoint on your corporate network. The client and endpoint then establish an encrypted tunnel that protects all of the communications between your computer and your corporate network so they are essentially illegible to prying eyes.
The downside to a VPN is it grants direct access to systems on your network to remote computers you may or may not control. While many organizations depend exclusively on VPNs to provide security for remote users, you may also wish to consider the use of additional security controls to supplement them, especially if you will have computers you don’t manage connecting to your network.
One common approach to achieve the most secure remote access is to require remote users connect to a VPN and then use application virtualization to allow screen sharing of an application running on a server on your corporate network without allowing direct access to the network by the remote computer. This reduces the risk of an infection on the remote computer spreading to systems on your corporate network.
You should also consider limiting the access VPN users have to devices on your corporate network by segregating them into a special VPN network that is firewalled off from the remainder of your enterprise network.
This was first published in November 2011