TechTernative

The Role of VPNs in Modern Cybersecurity

by

Joe Smith
in

When we think about how work gets done in the modern world, a lot of work is done remotely. Well, that is if the return to office folks don’t get too carried away with bringing people back. Let’s hope that doesn’t happen. Remote work has given people part of their lives back… but that’s a different discussion…

Today, I wanted to talk about Virtual Private Networks and their history and role today.

What are VPNs

A VPN is essentially an established secure line of communication through the unsecure communication path. It has the ability to take traffic that would normally be seen by anyone and everyone in the communication path and make it private, so only the device that needs to know about the communication can get it. It does this by establishing what are called tunnels. How do we get from one side of the mountain to the other without going over it? We tunnel through. Same kind of concept here. We have a starting point (user, device, etc) and an ending point (user, device, etc.) and we build a tunnel between the two. As long as both side of the mountain agree on certain standards the tunnel is going to be built. This is done through various different methods, including IPsec, encryption, passphrases, certificates, etc. Don’t have time today to talk about each individual item but basically tunnels are built doing those things.

Benefits of VPNs

As I mentioned before, VPNs make things PRIVATE. You don’t want traffic that is sensitive too your environment just floating around the internet somewhere where people could potentially see it. Now a days most traffic going across the internet is encrypted in some manner, for example TLS certificates, that is how MOST web traffic is going through the internet.

VPNs also extend the perimeter of your environment. That is to say that devices, such as printers, on site at your work are now accessible to you at your home. The VPN gives people the same comforts of being able to connect with devices on prem because the VPN extends that perimeter to your device. Your device KNOWs that anything that would be destined to your on campus devices CAN STILL GET THERE, through this specifically built tunnel for that traffic. Back before covid happened corporates used these but covid we really saw a BOOM in remote work since everyone was sent home. How do we protect our traffic for our people working at home and get them access to the files they need that are back on campus? VPNs.

Issues with VPNs

With VPNs every packet needs to go through a process of encryption and adding of headers and a lot of overhead work in order to go from your laptop at home to the corporate office. That takes a lot of bandwidth to do. When you think of just sending a file across the internet, think about how long that takes, now increase the size of that file because of the additional overhead and it takes longer. The bigger the packet the longer it takes to break it down into sizable chunks, send it across the internet, to your office and then off to where it needs to go… That a lot of work. It should just go straight there if it can… but VPNs can cause issues that everything NEEDS to go back to the office before it can be sent anywhere else.

When we look at time sensitive packets, zoom calls, if those packets are so big and slow communication for these applications suck… So how do we enable workers to be able to communicate without crazy buffering and stuttering? Why don’t we just send the traffic that NEEDS to go to the office to the office and everything else can just use the internet that is at the house? This is where split tunneling comes in. Split tunneling is a phrase that means just that, split the traffic, some goes over the tunnel to the office while the rest goes to the internet. Problem solved right?

Sort of. It does solve issues such as zoom calls buffering and stuttering. But, now I have traffic that should be encrypted to my office where it can be inspected by my big bad firewalls and potentially stop traffic from going to a destination that is…. Very bad.

At home, not mine obviously because I am the most securitiest,  you don’t have the same level of security as your office does. They have spent millions of dollars probably to help protect their assets. You have spectrum…

Its not as safe.

They also have single points of failure and cause latency and all of those things as well, but the big limitation to VPNs are the fact that there are ways.

In conclusion

VPNs are not fully going away yet, but there are a lot of people starting to see that there are limits to their effectiveness and safety. I don’t see VPNs going away, but they are going to be reimagined to try and incorporate more security features. The principles of the VPNs, encryption, ipsec, are all going to be moved to the next solution. The big idea coming out right now is Zero Trust Network Access… we will talk about that one next week.

Stay curious, stay healthy

Joe

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *