NordLayer - Network Security

Virtual Private Networks are crucial network security tools. They conceal traffic via encryption and anonymize user IP addresses. These twin features protect confidential data, hide your browsing history, and make life much harder for potential cyber attackers.

With a Virtual Private Network, all traffic passing between networks and devices is encrypted. Encryption also applies to outward-bound traffic to the external internet. These features make VPNs a popular choice for creating a protected network connection to remote devices. They are an essential element of most corporate security settings.

How do VPNs work?

Scheme how VPN works
Scheme how VPN works

One way to understand the basic VPN meaning is as a tool to "bury" internet traffic and hide it from the outside world. To achieve this, VPNs use a technique called tunneling that creates secure private connections between devices and networks.

  1. VPNs encrypt data passing over the user's internet connection. They then send this encrypted data to VPN servers that could be located anywhere in the world.
  2. Servers assign a new IP address to each packet and route traffic to its final destination.
  3. Software at the destination completes the process, decrypting the information, and returning it to its original format.

If Virtual Private Network protection is reliable, data remains secure at every point in its journey. Governments, Internet Service Providers, and cyber attackers will not have access to data. The identity of users is hidden, and the source of data remains completely private.

What do VPNs do?

VPNs overlay existing network infrastructure and have two major functions: encryption and IP address anonymization.

The VPN server assigns each packet a new IP address. This makes it look like data originated from the server itself. As a result, employee searches or document downloads are effectively invisible to external observers.

Meanwhile, encryption turns readable text into a "hash". This is a string of symbols and letters that makes no sense to outsiders. Encryption keys convert this hash into the original text when data completes its journey.

What happens without a VPN? Data travels freely across the internet and is constantly visible to outsiders. The IP address of each data packet makes it easy to identify. Observers can find out the device location and even the device owner.

Attackers can intercept and read data with few obstacles in their path. Anything employees do or communicate can be tracked with ease, from their browsing history to the transmission of client data.

In a world of constant cyber threats, VPNs combine the function of padlocks and masks. They lock down data in transit and conceal the identity of those transferring data. Without them, an internet connection is wide open to potential attacks.

Why do you need a VPN?

Businesses need Virtual Private Network protection for a number of reasons. Most importantly, VPNs secure data effectively. Unsecured internet traffic can carry confidential information such as login credentials. Criminals can steal this data or exploit unsecured connections to execute network attacks.

VPNs are also crucial in the context of rising surveillance. Remote workers may wish to hide traffic from governments. Companies may want to conceal sensitive data from competitors. Whenever privacy is vital, VPNs have a role to play. IP address reassignment and encryption represent the simplest privacy solution for most businesses.

Remote work also makes VPNs a must-have security tool. Many businesses rely on a global workforce, and working from home is becoming more popular. VPNs encrypt data on public wi-fi networks. Workers can use their devices in public settings, minimizing the risk of interception by hackers.

VPNs also assist with secure file transmission. Companies routinely share documents or code. Geographically dispersed team members need ways to safely share files without worrying about theft or interception. Robust Virtual Private Network encryption provides the level of assurance required.

The History of VPNs

VPNs are not new. In fact, Bell Labs created the first modern VPN in 1993. Software IP encryption protocol (or swIPE) pioneered encryption protocols at the Internet layer. swIPE enabled the encryption of traffic transferred via the TCP/IP protocol, which had emerged as the basis for the emerging internet.

SwIPE was followed in 1994 by the creation of IPSec by Trusted Information Systems. IPSec established a simple end-to-end security method for sending encrypted packets over IP networks.

In 1996, Microsoft's Gurdeep Singh-Pall introduced another core part of modern VPNs: the Point-to-Point Tunneling Protocol (PPTP). As Microsoft explained in a historic press release, PPTP sought to provide an "easy, low-cost, and secure way to extend a private network across the Internet."

From then on, companies would not need their own remote access infrastructure. Instead, they could use the general internet to link offices or allow home working. Encrypted tunnels would protect confidential information, while web-based connections kept networking costs low.

Pall's innovation kick-started the quest for secure and fast tunneling protocols. More secure alternatives soon replaced PPTP and IPSec. The Internet Key Exchange (IKE) arrived in 1998 and was superseded by IKEv2 in 2005. James Yonan also created the open-source VPN protocol OpenVPN in 2001. Both OpenVPN and IKEv2 remain common components of secure VPNs worldwide.

New protocols did not immediately result in global Virtual Private Network adoption. Until the 2000s VPN usage was relatively rare, but this changed as the demand for digital privacy expanded.

Edward Snowden's revelations about NSA spying and ISP complicity raised suspicions about the privacy of internet users in the USA. States such as China became keener to restrict online freedoms and limit dissent. Concerns about public wi fi grew as more people used laptops and smartphones in public. High-profile data breaches also hit the headlines, driving companies to lock down their traffic.

These factors drove the expansion of the VPN sector. Companies started to offer global server portfolios, strong encryption, easy-to-install clients, and IP address anonymization. Anyone could secure their connection and shift their IP address around the world.

In 2010, only around 1.5% of US internet users employed a VPN. By 2019, the number had reached 6.2%. The Covid pandemic saw usage rise by 124% as home working spiked. By 2022, over 16% of American web users downloaded a VPN client, and as many as 68% use a VPN on a daily basis.

Why are VPNs beneficial?

The popularity of VPNs has increased for many reasons, both from personal and business perspectives.

Benefits of a VPN connection for individual users

  • Global protection from surveillance. Governments in nations like Russia, China, Iran, or even the USA are increasingly keen to track individual behavior. VPNs allow individuals to travel the world and work anywhere while avoiding official surveillance.
  • Access to foreign content. Travelers may encounter problems when accessing news sites, blogs, or entertainment portals in their home country. Workers can struggle to access professional apps and resources. Entertainment fans may not be able to enjoy the content they love. VPNs work around this. With a good VPN, travelers can enjoy total digital freedom. Access content anywhere in the world, wherever you travel.
  • Safer browsing. Using an insecure internet connection invites hackers to target your device. Man-in-the-Middle attacks target public wi fi users without encryption. Without VPN protection, public wi-fi users can leak confidential data and compromise their devices.
  • Avoiding ISP throttling. Individuals may want to conceal their data usage from Internet Service Providers. IP address reassignment is one way to achieve this. If ISPs cannot discover the identity of data packets, it is much harder to assess data usage levels. Users are less likely to suffer ISP throttling as a result.

VPN benefits for businesses

  • Affordable, easy-to-scale network security. VPNs create a protected internet connection between remote work devices and centralized network assets. Workers can download a VPN client and log on anywhere. Information flowing between remote workers and network assets is encrypted and anonymized. This is a low-cost, simple security option for many companies.
  • Secure intranet solutions. Site-to-site or router-to-router VPNs are tailor-made for businesses with multiple locations. VPNs apply encryption to connections between branches or offices, adding an extra layer of intranet security.
  • Safer remote working. Hybrid or remote work is becoming more popular with workers and companies. VPNs extend the corporate network to homes and public settings and reduce the risk of data loss by concealing the identity of users. Wherever employees work, the source of your data will remain private.

What kinds of VPNs exist?

VPNs differ in many ways and it is crucial to know the range of available options:

VPN clients

Clients are apps that allow users to connect with VPN services. Clients are available for different operating systems and devices. They authenticate VPN users, create an encrypted tunnel, and route traffic to private servers. Business clients may also feature certificates that identify VPN-encrypted internet traffic to corporate firewalls.

Extension VPNs

Users can install VPNs as browser extensions. Extensions are a popular way to encrypt web traffic on Google Chrome or Mozilla Firefox. However, they only apply to traffic handled by the browser itself. This limits the protection that extension VPNs provide. Some extension VPNs have also been associated with logging browsing history data. Nevertheless, they are a valuable add-on to protect private or professional browsing.

Router VPNs

These intranet-based VPNs protect devices connected to a single router. In this case, VPN software operates on the router's firmware. There is no need to configure clients on separate devices. Router VPNs are a good option for offices with many devices, especially hard-to-configure devices such as Smart boxes or IoT technology.

Business VPNs

The VPN varieties above are provided by third-party companies that maintain servers and manage encryption. Third-party provision is convenient but may not be ideal for all companies.

It's also possible to create a business VPN managed by internal IT experts. A company VPN makes sense when businesses want complete control. There is no risk of third parties harvesting data, and companies can set up protocols as they wish. But internal management raises costs and may be too expensive for smaller organizations.

Cloud VPNs

The rise of SaaS has led to the creation of Cloud VPN services. These VPNs exist on cloud infrastructure, and no hardware is involved. Users connect directly to cloud-based servers, which apply encryption and route internet traffic to relevant SaaS or network resources. Cloud VPNs can also be more efficient, as traffic does not need to flow via hardware servers.

Can VPNs be used on mobile devices?

Yes, they can. Virtual Private Networks are now commonly used to protect data on mobile devices. Workers can (and should) install secure VPNs on Android and iOS smartphones. But be aware that fake or insecure mobile VPNs are commonly available. Check any clients for security features and reputation before downloading.

How to choose a good VPN provider?

VPN providers are as diverse as any other IT vendors. Some vendors provide reliable, high-quality protection with full visibility and excellent support. But this isn't universal. Here are some things to remember when selecting VPN partners.

  • Protocols. Look for robust protocols such as OpenVPN or Wireguard, and avoid older standards like PPTP or L2TP/IPSec. VPNs should be fully transparent about which tunneling protocols they use. If not, avoid their services entirely.
  • Encryption. Match up reliable tunneling protocols with the most advanced encryption. NordLayer offers military-grade AES-256 encryption as standard. Of the main types of encryption this is currently the gold standard and is almost impossible to crack.
  • Zero logs. Low-quality VPNs have been accused of logging client data. This data can then be used in marketing or sold to the highest bidder. Check privacy statements closely and opt for a VPN provider with a track record of keeping client data safe.
  • Server numbers. Good VPNs maintain servers across the world. This matters if you depend on a global remote workforce. Workers need to be close to Virtual Private Network servers to enjoy optimal speeds. And generally speaking, the VPN connection speed will be higher when more servers are online.
  • Data limitations. Providers may restrict client data allowances to manage server loads. Avoid services that choke VPN connection speeds or limit internet traffic. This is common among cheaper VPN providers that maintain few servers.
  • Connection speeds. Businesses demand high-speed networking, and VPN usage should not compromise this. Before signing up, check online VPN connection speed comparisons. And take advantage of trial periods to ensure actual speeds match those promised in marketing materials.
  • Strong support for customers. Businesses can encounter configuration problems when setting up VPNs and connection issues can occur during everyday usage. These reasons make it vital to find a provider that takes support seriously.
  • Router compatibility. Not every VPN provider offers the ability to install software on network routers. If this feature applies to your situation, choose a reliable router VPN provider.
  • Authentication. Cyberattackers can breach VPN protection if they obtain worker credentials. For this reason, it is advisable to seek partners that offer 2-factor-authentication (2FA). 2FA adds another layer of access control, making the risk of credential theft less severe.
  • Connection safeguards. A good VPN provider will include features to deal with security alerts. For example, they may include a "kill switch" that breaks the underlying internet connection if VPN coverage is interrupted.
  • Static or dynamic IP address assignment. Some VPNs offer static IP addresses. These addresses remain the same whenever you log on, but are not linked to your device. This can help when accessing certain services which block IP addresses connected to VPNs.

VPN types & protocols

Earlier, we looked briefly at the kinds of VPNs currently available. But companies must also be aware of two other important ways VPNs differ.

Firstly, there are two major types of VPN that serve corporate clients. Companies must also know about the various protocols when selecting the ideal configuration.

Types of VPN

There are two common types of VPN. Both of them are routinely used to secure business assets.

Remote access VPNs

Also known as Client-to-server VPNs. A Remote Access VPN requires the installation of clients on network endpoints such as remote work devices. Workers use these clients to access the internet, and clients route traffic via private servers instead of standard ISPs. Servers encrypt and anonymize data before routing it to the company network.

Site-to-site VPN

Site-to-Site VPNs function as a cloak, hiding private intranets from external observers. They gather together multiple locations and are used in situations where Local Area Networks (LANs) connect to a Wide Area Network (WAN). This style of VPN commonly serves larger companies where creating direct links between parts of the network is not feasible.

VPN Protocols

Protocols are basically the rules used by VPNs to create an encrypted tunnel. They have two main functions. Firstly, protocols authenticate packets as they pass across VPN infrastructure. Authentication makes sure data flows along safe routes in an efficient manner. Secondly, protocols create an encrypted connection, wrapping data in a layer of unbreakable code.

Since the invention of VPNs in the 1990s, different types of VPN protocols have come and gone. Some protocols failed for speed reasons. Some fell away due to security concerns. But the five protocols below are still in use and may well be employed by potential VPN providers:

PPTP

The Point-to-point tunneling protocol remains popular where VPN connection speed is the most important factor. However, this speed is due to the lack of cutting-edge security features. PPTP is relatively easy to crack and should not be used by company networks.

L2TP/IPSec

IPSec offers enhanced encryption compared with PPTP, while the Layer 2 Tunneling Protocol is comparatively fast. This protocol is hard to crack but may create compatibility issues due to the reliance on User Datagram Protocol (UDP). UDP is a simple communication protocol that is easy to detect and block.

SSTP

The Secure Socket Tunneling Protocol works well with Microsoft products and employs advanced 256-bit encryption. It features heavily in Microsoft's own network security tools but is relatively inflexible. Businesses desiring complete freedom may want to seek other solutions.

OpenVPN

OpenVPN is an open-source protocol with extremely strong AES-256 encryption. It can be calibrated to meet specific needs but is also relatively slow. So it may not perform well when encrypting streaming content. However, OpenVPN is regularly inspected by cybersecurity experts. And it is well-suited to router installation.

IKEv2

One of the best mobile VPN options. IKEv2 performs well when moving data between device types and delivers excellent security in combination with IPSec encryption.

VPNs exist to make life difficult for governments. Because of this, it's not surprising to learn that governments have contested the legality of VPNs since the beginning.

Some countries have adopted a hostile stance towards all VPNs. For example, using VPNs is illegal in Saudi Arabia and Iran. These cases are fairly clear, but in other places, different regulations apply.

China allows officially approved VPNs to operate. However, these official VPNs may not be secure from official surveillance and IP address information is probably exposed. The UAE permits VPNs, but there are laws against "illegitimate uses" such as accessing adult content.

Then there are countries where VPN usage is virtually unregulated. This includes the United States, most European nations, most African nations (aside from Egypt and Uganda), and Latin American nations like Brazil or Argentina.

If you intend to use Virtual Private Networks for working abroad, be aware of local conditions. Check the legal restrictions of the country, as improper VPN connection usage could lead to financial penalties or imprisonment. Even better, find a jurisdiction that is VPN-friendly and base yourself there.

However, just because a country is friendly towards VPNs doesn't mean you can let your guard down. As Snowden's disclosures showed, governments are keen to collect data and track citizens. VPNs may assist authorities and hand over client data. It's important to check VPN privacy policies to make sure your information is safe.

Secure your data with the right VPN protection

Virtual Private Networks combine encryption and IP anonymization to protect data on intranets and the wider internet. The flexibility, simplicity, and effectiveness of VPNs makes them a popular security option for companies worldwide. As we've seen, there are many potential benefits of adding VPN protection to your internet connection. Explore Nordlayer's product range to find a security solution that meets your needs.