How secure is a VPN? Is it the most secure remote access method?
Generally speaking, a virtual private network (VPN) is a common way to allow remote users to connect to your corporate network. VPNs are widely used by telecommuters, business travelers and those simply seeking to get in a few extra hours of work from home at night, but how secure is a VPN?
VPNs work by using encryption to simulate a direct connection to a private network. When you’re in the office, you usually have an Ethernet cable extending from the back of your computer to a jack in the wall that provides you with direct access to the corporate network, where your activities are protected from prying eyes by physical security and network perimeter protection.
Obviously, those security controls don’t apply when you’re sitting at home or on the road. Your communications must travel over the Internet back to your office and, during that transit time, they’re visible to anyone who may happen to be at a waypoint between the two locations. VPNs allow a software client on your computer to connect to a VPN endpoint on your corporate network. The client and endpoint then establish an encrypted tunnel that protects all of the communications between your computer and your corporate network so they are essentially illegible to prying eyes.
The downside to a VPN is it grants direct access to systems on your network to remote computers you may or may not control. While many organizations depend exclusively on VPNs to provide security for remote users, you may also wish to consider the use of additional security controls to supplement them, especially if you will have computers you don’t manage connecting to your network.
One common approach to achieve the most secure remote access is to require remote users connect to a VPN and then use application virtualization to allow screen sharing of an application running on a server on your corporate network without allowing direct access to the network by the remote computer. This reduces the risk of an infection on the remote computer spreading to systems on your corporate network.
You should also consider limiting the access VPN users have to devices on your corporate network by segregating them into a special VPN network that is firewalled off from the remainder of your enterprise network.
Ask the Expert!
Have questions about enterprise network security? Ask expert Mike Chapple! (All question submissions are anonymous.)
Dig Deeper on IPsec VPN Security
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.