Virtual Private Networks - VPN

Here at Gammacom, security is paramount. Protecting company data, customer data, communications and more. Simple password protection of your workstations and servers is not enough, although heavily recommended. In an age where inappropriate access to a network could lead to the end of a business, network security should be very high on any company's shedule of longevity.

Amongst other security methodology, virtual private networks are a 'must have' in today's computing environments. With more and more business operating from remote locations, salesmen on the road, employees working from home, and mobile devices communicating from anywhere, VPNs ensure that all access into your network is secured, encrypted and in some cases, checked for suspicious activity.

Gammacom offer a number of hardware, software and hybrid based VPN solutions to suit all manner of business security needs. From small, local office to office communications through to complex multi-point access solutions covering the globe. Talk to Gammacom today to discover how your business can enhance security and protect against the unwanted prying eyes.

VPN Explained

Put simply, a Virtual Private Network, or VPN, is a group of computers networked together through the internet. Businesses use VPNs to connect remote locations, and individuals can use VPNs to get access to network resources when they're not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they're using an untrusted public network.

When you connect to a VPN, you usually launch a VPN client on your computer, log in with your credentials, and your computer exchanges trusted keys with a security device. Once both computers have verified each other as authentic, all of your communication is encrypted and secured from eavesdropping.

VPN Usage

There are numerous ways in which VPNs can be used on a daily basis to secure communications. We have highlighted just a few so you can compare your activities and see whether your habits are exposing yourself, or worse, the company you are working for.

Site-to-Site

A number of business have a central office with various smaller offices in geographically seperated locations. These offices need to collaborate their data in order to run their normal operations. Many of these businesses will pass that data via email, or perhaps login via terminal services to inject data to the central location. Although the communications seem secure to the regular person, all of these methods have been compromised in one form or another and cannot be relied upon for security.

The Road Warrior

Traditionally the road warrior, or 'on-the-road' salesman, would go about his day collecting his orders and data on paper, returning to the office once daily or weekly to input his data. Now days, the road warrior has his laptop, tablet or mobile device in which the data is sent to the head office in real time. More often than not, the data is sent to a web interface, or worse, emailed to another person in the office to input the data.

The Home Worker

With the age of the internet, workers are working from home more than ever before. They can either take their work home and complete which ever task is neccessary and bring the work back the next day, or perhaps connect to the business and work remotely for days or weeks at a time.

In all of these cases (and more), users are exposing themselves, their data, company data and communications to anyone who has more than a little knowledge about how the internaet operates. Make sure your business isn't at risk of this exposure - install and use a VPN to ensure all your data and communication is secured.

Types of VPN

There are various types of VPN technology available. Hardware VPN devices, software based and hybrid solutions that combine hardware and software. With service providers now reaching into the market, there are a number of managed VPN solutions also available. Each has its advantages, but the real security lies in the VPN protocols used to secure the communications. In some cases, add-on services also increase the security - such as malware and virus detection on the wire.

In some countries there are laws governing the use of security solutions and in various cases, the law demands  such usage. Make sure you are aware of the laws before installing a solutions (or deciding not to). You may land your business in hot water.

Protocols
  • Internet Protocol Security (IPsec) as initially developed by the Internet Engineering Task Force (IETF) for IPv6, which was required in all standards-compliant implementations of IPv6 before RFC 6434 made it only a recommendation. This standards-based security protocol is also widely used with IPv4 and the Layer 2 Tunneling Protocol. Its design meets most security goals: authentication, integrity, and confidentiality. IPsec uses encryption, encapsulating an IP packet inside an IPsec packet. De-encapsulation happens at the end of the tunnel, where the original IP packet is decrypted and forwarded to its intended destination.
  • Transport Layer Security (SSL/TLS) can tunnel an entire network's traffic (as it does in the OpenVPN project) or secure an individual connection. A number of vendors provide remote-access VPN capabilities through SSL. An SSL VPN can connect from locations where IPsec runs into trouble with Network Address Translation and firewall rules.
  • Datagram Transport Layer Security (DTLS) - used in Cisco AnyConnect VPN and in OpenConnect VPN to solve the issues SSL/TLS has with tunneling over UDP.
  • Microsoft Point-to-Point Encryption (MPPE) works with the Point-to-Point Tunneling Protocol and in several compatible implementations on other platforms. This is not a recommended protocol as it has been severely compromised through-out time.
  • Microsoft Secure Socket Tunneling Protocol (SSTP) tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL 3.0 channel. (SSTP was introduced in Windows Server 2008 and in Windows Vista Service Pack 1.)
  • Multi Path Virtual Private Network (MPVPN). Ragula Systems Development Company owns the registered trademark "MPVPN".
  • Secure Shell (SSH) VPN - OpenSSH offers VPN tunneling (distinct from port forwarding) to secure remote connections to a network or to inter-network links. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself does not support personal authentication.
Anti-Malware and Anti-Spyware Features

Using a VPN doesn't mean you're completely invulnerable. You should still make sure you're using HTTPS whenever possible, and you should still be careful about what you download. Some VPN service providers, especially mobile solutions, bundle their clients with anti-malware scanners to make sure you're not downloading viruses or trojans. When you're shopping, see if the providers you're interested in offer anti-malware protection while you're connected. There are a number of in-house solutions that also provide great scanning and blocking capabilities - usually tied up in hybrid solutions.