VPNs and firewalls are highly recommended security solutions that can be used to protect your IT assets from threats and they are essential elements of both business networks and personal device connections. Learn more about the different kind of firewalls, benefits of VPN use and general deployment recommendations.
Protecting your IT assets from threats is an essential part of business and personal digital activities. VPNs and firewalls are two commonly used security tools to help reduce risk while maintaining usability. When used in concert, IT communications are filtered and encrypted. This white paper defines what these tools are, describes when you would want to use them, and offers suggestions for deployment.
Overview of the State of Internet Security
The online world is no longer a safe place to play or do business without being properly prepared. Gone are the days of being anonymous by default and an unlikely target for hackers and attackers. Today, every communication, every website visit, every file transfer, every email, and every e-commerce transaction puts you at risk of interception, spoofing, impersonation, hijacking, man-in-the-middle, account takeover, malicious code infection, and much more.
Our daily personal activities and work tasks often mandate the use of the Internet. Whether from a smartphone or a personal computer, many of us are online for most of the day. We perform personal tasks, like shopping and banking; social tasks, such as planning dinner or a rendezvous; and work tasks, such as communicating with customers or participating in video conferences and document collaboration over the Internet. It is these very tasks that put our information, our businesses, and us at risk for attack. Fortunately, there are options for large organizations, small office/home office (SOHO) environments, and individuals that can reduce online risks considerably. Those options are to consider deploying a VPN and/or a firewall.
What Is a VPN?
A virtual private network (VPN), is a secure remote network or Internet connection that encrypts your communications between your local device and a remote trusted device or service. A VPN is a digital or electronic re-creation of a physical world concept; specifically, the idea of a dedicated isolated physical network cable that only you can use and access. A VPN creates a virtual or electronic version of a physical cable by wrapping up or containing a normal or standard insecure network communications in a tunneling protocol that encrypts the content being transported. Communications protected by a VPN still traverse the same, shared network pathways as normal traffic, but because the payload is encrypted, the result is the equivalent of a dedicated isolated physical cable.
The Different Types of VPNs
There are three main types of VPNs. They are:
Transport mode host-to-host – A transport mode host-to-host VPN creates a secure connection between two individual systems. In such a VPN, only the payload is encrypted. The headers of the protocol packets, which guide the communication across the intermediary network, remain in their original plain-text form. Thus, the contents of a communication are protected, but the identity of those communicating is exposed. This type of VPN is commonly used inside private network environments where there is a general level of modest trust of the network, but when additional protection is needed for specific host-to-host communications, such as database replication or periodic backups.
Tunnel mode site-to-site – A tunnel-mode site-to-site VPN creates a secure connection between two different networks or physical locations. In such a VPN, both the payload and the original packet headers are encrypted. An additional tunnel header is added to the encrypted content to direct the communication from one endpoint of the VPN to the other. Communications between two systems are only encrypted while in the tunnel itself. Thus, if a client in Network A sends data to a server in Network B, the initial communication would cross Network A in plain text; then become encrypted as it entered the VPN on the border of Network A; remain encrypted across the Internet until it reached the border of Network B; and then the communication would be decrypted and sent across Network B to the server in plain text. This type of VPN is commonly used to connect remote networks.
Tunnel mode host-to-site – A tunnel-mode host-to-site VPN creates a secure connection between a single computer and a remote network. In such a VPN, both the payload and the original packet headers are encrypted. An additional tunnel header is added to the encrypted content to direct the communication from one endpoint of the VPN to the other.