Demystifying VPN: What It Does and Does Not Do
by Joshua Silberman, IT/Cyber Security Consultant, MGO Technology Group
In recent weeks, the global economy has entered uncharted territory. For the first time ever, many workers are under strict orders by state and local governments to ‘work from home if possible.’ For some firms this has not presented any issues, as they’ve had some employees work from home for years and mobile work capabilities are baked into the foundation of day to day activities. But many enterprises that did not previously have robust technology solutions to support a remote workforce, are now scrambling to establish adequate capabilities and protocols.
The silver-lining here is that any investments in remote capability are not only stop-gap measures. They represent a useful, long-term addition as employees are likely to expect remote capabilities moving forward – and are an essential disaster preparedness measure, in the event of another office site disruption.
To continue supporting firms navigating the trials of establishing remote capabilities, this piece of thought leadership examines one of the most common tools employed by companies to allow their staff to work remotely, the Virtual Private Network (VPN).
What is a VPN?
A VPN is a device that allows you to create a secure connection to another network over the Internet. In laymen’s terms, it will allow your employees to securely connect to your company resources over the open and unsecure internet. So this begs the question, how do you put a VPN into action to allow for remote access? In most cases it can be done by installing a simple device into your company’s server rack and then making sure all outside internet traffic is routed through the VPN. Setup of the device within your server room or closet requires technical knowledge of server wiring and network engineering.
If you do not have staff that meet the technical requirements, it is recommended that you reach out to an organization like MGO Technology Group, which has the expertise and technical staff needed to get a VPN racked and running in no time.
Identifying the “right fit’ VPN
Know that not all VPNs are created equally. While the market will provide any number of products that can meet your firm’s needs, not every product will be a fit. This is especially true in terms of capacity. When most companies consider a VPN solution, they typically look at how many staff members may need to work remotely on a regular basis. In the wake of a natural disaster such as the COVID-19 outbreak, your entire staff may need to work remotely for a sustained period of time. As such, it is important to factor the capacity of your VPN device into your decision making process. You may not need 100% of the VPN’s capacity most of the time, but you’ll be glad you have it when disaster hits.
It is also important that the outside internet connection you have into the VPN is adequate to handle the incoming traffic. You will need to work with your internet service provider to make sure the plan you choose has adequate bandwidth to handle the regular work activities of your staff. As with choosing and setting up the VPN, you are not alone in this endeavor. MGO Technology Group is ready to step in and help you make the choices you need for the uptime you desire.
Establishing VPN access
Once a VPN is installed, the next step is having your staff login into it in order to access company resources such as Exchange or FileShares. There are many different configurations a firm can employ to accomplish this task, but for now we’ll look at one of the more popular setups, VPN client software that is installed on company-owned laptops. Many VPN providers, such as CISCO or Check Point, offer VPN client endpoint software that you, your team, or your service provider can pre install into company laptops. This client endpoint software will automate the process of having your users connect to the VPN when they are outside of your office location. When installed and configured, an employee will only have to connect to the internet and then login to the client software to connect to the VPN.
The client software will also allow the user to connect to the VPN suing the same credentials that they use to login to their laptop thus eliminating the need to remember an additional password. By using client endpoint software the process of activating, using, and monitoring the VPN is simplified.
Understanding VPN vulnerabilities
As stated previously, the VPN will create a secure connection over the open internet back to your company resources. However, the VPN will not make everything secure. Like any device or setup, it has its vulnerabilities that must be acknowledged and mitigated. First and foremost, a VPN will not compensate for human error. While providing protection for the open and unsecure internet connection that an employee might use, it will not protect your employees from falling victim to a phishing scheme or downloading suspect software from a less than reputable website. Most VPNs are nothing more than a secure gateway into your company resources. Once that gateway is opened by a legitimate user, or a bad actor that has managed to steal legitimate credentials, anything can get through. Though a VPN secures the connection, it’s important that your employees still maintain good cyber hygiene by not sharing credentials, regularly changing passwords, and following the instructions of either your technical staff or managed service provider.
Though not as forward facing, but just as much of a threat are the vulnerabilities of the VPN device and software itself. Much like your company laptops and servers, VPN devices need to be properly maintained and updated less they become susceptible to newly discovered threats and vulnerabilities. This is where expertise comes into play. No matter how the VPN is deployed, you will need a technical team handling three distinct tasks after the VPN and associated software is put into place:
- They will need to train your users on how to properly use the VPN.
- They will need to make sure the both the VPN software and physical device remains secure.
- Finally, they will need to troubleshoot any issues that may come up from day to day operations. Even the most robust devices will require troubleshooting at some point.