How does a virtual private network (VPN) work?
A VPN extends a corporate network through encrypted connections made over the Internet. Because the traffic is encrypted between the device and the network, traffic remains private as it travels. An employee can work outside the office and still securely connect to the corporate network. Even smartphones and tablets can connect through a VPN.
What is secure remote access?
Secure remote access provides a safe, secure way to connect users and devices remotely to a corporate network. It includes VPN technology that uses strong ways to authenticate the user or device. VPN technology is available to check whether a device meets certain requirements, also called a device’s posture, before it is allowed to connect remotely.
Is VPN traffic encrypted?
Yes, traffic on the virtual network is sent securely by establishing an encrypted connection across the Internet known as a tunnel. VPN traffic from a device such as a computer, tablet, or smartphone is encrypted as it travels through this tunnel. Offsite employees can then use the virtual network to access the corporate network.
Connectivity Connectivity Virtual private networks (VPNs) create a tunnel between a private network and a public network, allowing users on the public network to send and receive data as if they were directly connected to the private network. VPNs have long been a popular choice for consumers seeking more privacy in their everyday Internet browsing, but the use of VPNs in the business sector has exploded in recent years. This is especially true since March
2020, when VPN usage skyrocketed by 41% in a single month, according to industry research. With our distributed workforce growing exponentially over that time, the need for secure remote access to data, applications and services became a more urgent. VPN protocols determine exactly how data is routed through a connection.
These protocols have different specifications based on the benefits and desired circumstances; for example, some VPN protocols prioritize data throughput speed while others focus on masking or encrypting data packets for privacy and security. There are two main approaches to VPN functionality: 1) two protocols are used (one protocol to move the data through the
tunnel and one protocol to secure that traffic); or 2) one protocol is used for both data transfer and data security.Enterprise VPNs
What are VPN protocols?
5 Common VPN Protocols
Here are five common VPN protocols and their primary benefits.
1) PPTP
Point-to-Point Tunneling Protocol is one of the oldest VPN protocols in existence. Developed in the mid-90s by Microsoft, PPTP was integrated into Windows 95 and specifically designed for dial-up
connections. But as technology advanced, PPTP’s basic encryption was quickly cracked, compromising its underlying security. However, because it lacks many of the security features found in other modern protocols it can deliver the best connection speeds for users who may not need heavy encryption. But while PPTP is still used in certain applications, most providers have since upgraded to faster more reliable protocols.
TL;DR: fast data speeds, wide support, many security issues
2)
L2TP/IPSec
Layer 2 Tunnel Protocol is a replacement of the PPTP VPN protocol. This protocol does not provide any encryption or privacy out-of-the-box and is frequently paired with security protocol IPsec. Once implemented, L2TP/IPsec is extremely secure and has no known vulnerabilities.
TL;DR: widely used, good speeds, easily blocked due to reliance of UDP on single port
3) OpenVPN
OpenVPN is an open source protocol that allows developers access to its
underlying code. This protocol has grown in popularity due to its use of (virtually unbreakable) AES-256 bit key encryption with 2048-bit RSA authentication and a 160-bit SHA1 hash algorithm.
TL;DR: open source, strongest encryption, slower speeds
SASE, why do we need it?
Streamlining and improving remote access for distributed workers is a challenge facing many organizations today. SASE may be the answer.
View
4) SSTP
Secure Socket Tunneling Protocol is popular due to its full integration with every Microsoft operating system since Windows Vista SP 1. SSTP utilizes 2048-bit SSL/TLS certificates for authentication and 256-bit SSL keys for encryption. The biggest drawback to SSTP is that is basically a Microsoft-developed proprietary protocol and
developers do not have access to the underlying code.
TL;DR: good security, difficult to block and detect, great support for native and third party clients
5) IKEv2
Internet Key Exchange version 2 is a common VPN tunneling protocol that provides a secure key exchange session. Similar to L2TP (and IKEv1), IKEv2 is normally paired with IPsec for encryption and authentication. This protocol is very good at re-establishing the link after temporary connection loss and
excels at switching connections across network types (from WiFi to cellular, for example).
TL;DR: fast, mobile friendly, network switching capabilities, open source options, great support for native and third party clients
The Purpose-Built VPN Protocol
Several years ago, NetMotion engineers determined that while standard security protocols meet the needs of mobile users, there simply wasn’t a delivery protocol reliable enough for the variable and unpredictable conditions of wireless environments. So in developing NetMotion Mobility, we built our own.
There are two main components of the Mobility VPN: The Mobility server and the Mobility client. These components communicate using a proprietary, secure, guaranteed delivery protocol called IMP (Internet Mobility Protocol) and RT-IMP, a version of IMP optimized for real-time traffic such as voice and video. Both IMP and RT-IMP run over UDP and on wireless networks, they provide TCP-like reliability with the performance advantages of UDP.
The Mobility client and server use a transparent, transport level, proxy architecture to isolate all tunneled IP flows from changes in the underlying physical wireless network. This ensures that the TCP connections for tunneled applications remain connected across network roams and other disruptions in network connectivity. Mobility uses industry-standard encryption and authentication protocols as well as FIPS 140-2 validated and NSA Suite B compliant cryptographic libraries.
If your workforce relies on mobile devices and wireless networks to get the job done, there is not a better option than NetMotion’s purpose-built mobile VPN—from a technical standpoint or end-user perspective.
Continue Reading
About Adam Harkness
In his role at NetMotion Software, Adam is responsible for reporting on mobility industry news and managing social media communities. He holds an MBA from the University of Alaska and a BS in Communications from Northern Michigan University. Outside the office, he enjoys snowboarding, surfing and exploring the Pacific Northwest. Connect with him on Twitter @adamsharkness.