Skip to content

DA2. VPNs Defined

Statement

  • Explain the meaning of a Virtual Private Network. Are VPNs truly secure? Comment.
  • Your Discussion should be a minimum of 200 words in length. Please include a word count.

Answer

A Virtual Private Network (VPN) is a private network within another public network, usually the Internet (Angelo, 2019). It is a relatively new concept that started in the early 2000s and gained popularity around 2008 due to the numerous and devastating data breaches that had happened in the previous decade (Jadhav & Sheth, 2021).

Prior to VPNs, organizations made their networks private by creating a parallel network infrastructure, that is creating a network that is physically isolated from other networks by leasing private wires and other communication devices. In that era, routing information was stored on the hardware and reconfiguring a network requires accessing those devices and re-programming them. This made private networks impossible for small or even medium-sized organizations to afford (Angelo, 2019).

The invention of virtual circuits made the VPNs possible, as routing information is stored in software, thus making it possible to configure a private tunnel on the same wire along other traffic. Layer 2 Tunneling Protocol (L2TP) and Point-to-Point Tunneling Protocol (PPTP) were the main players in this area. After the tunnel is established, the data flowing through that tunnel is kept private by utilizing IPSec protocol which uses encryption, thus it is possible to have multiple private tunnels running side by side on the same wire as listening to the flowing packets would not help in understanding them unless the decryption key is known (Angelo, 2019).

Both (Jadhav & Sheth, 2021) and (Angelo, 2019) agree that VPNs are not fully secure, as they are limited to the effectiveness of the encryption algorithms in place which are getting weaker over time as the computers get better. Both agree on the types of VPNs, which are remote access and point-to-point. The first connects a VPN client to a VPN network server, while the second connects two different networks, although it requires one of the networks to work as a server and the other as a client (Jadhav & Sheth, 2021).

(Angelo, 2019) discussed a use case for VPNs in organizations to keep their data safe while records are being shared between locations or employees working from home and accessing their work portals. (Jadhav & Sheth, 2021) discussed the use of VPNs for personal privacy, as users seek anonymity while browsing or making transactions, this requires a VPN service provider to act as a proxy for sending and receiving data, thus hiding the user’s IP address and location.

Each use case has its own security problems, with the organizational VPNs mostly prone to data breaches, insider threats, and malware while the personal VPNs are prone to logging, data leaks, weak provider’s privacy policies, malware, and provider use user’s IP as exit node which are mostly on the service provider side. (Jadhav & Sheth, 2021).

VPNs were a huge breakthrough in empowering businesses of all sides to protect their data; IPsec is doing a good job on this leveraging other protocols like L2TP, TLS, SSL, etc. However, there is nothing that is 100% secure and VPNs are no exception. Organizations should not hesitate to train their security teams and invest in keeping their infrastructure up-to-date.

Word count: 516

References