Many companies are now introducing a VPN (Virtual Private Network) to ensure the safety of inter-site communication. In the past, “private lines” were used as secure communication lines. Still, various VPN services such as “Internet VPN” and “IP-VPN” have appeared due to the evolution of communication technology. This time, we will explain the features and secure way of VPN, which has been attracting more and more attention in recent years due to the increase in remote work etc. in “Workstyle reform”, and also consider future trends.
What is a “VPN”? Achieves secure communication without a dedicated line
VPN is an abbreviation for “Virtual Private Network” and is translated as “virtual private line”. As its name suggests, it is a technology for establishing a virtual private network (dedicated line) on the Internet and exchanging data using a secure route.
With the widespread use of mobile PCs, smartphones, and tablet terminals, the number of users who want to securely access their homes or in-house systems via the Internet from outside is increasing. It is also common to exchange information by connecting a secure network between the company and the business base.
However, services that use the Internet are diversifying, and there is a growing need for secure communication without being aware of the applications used. Then, a technology called “VPN” appeared. By using a VPN, information can be protected from threats such as wiretapping and alteration of data.
VPN has a long history in Internet communication technology and has been used since the 1990s. Also, the technology named VPN is very diverse and has many uses. VPNs can be broadly classified into two types, “Internet VPN” and “IP-VPN”.
Difference between Internet VPN and IP-VPN
The Internet VPN uses a general Internet access line. On the other hand, IP-VPN uses a closed network (closed network) that is independently owned by a communication carrier and is isolated from a general Internet access line.
The difference between the two is the access line used, but there are some differences depending on this difference.
For example, Internet VPN uses an Internet line contract, and you can build a VPN without the need for an additional line contract. The Internet is generally a low cost because it is a network that is premised on “best effort”. On the other hand, since there are many unspecified users, there is a risk of communication delay due to increased traffic, and wiretapping and falsification during data communication.
In that regard, IP-VPN uses a closed network, so it is provided with SLA (Quality of Service). A certain bandwidth is guaranteed even when traffic is congested, and the risk of eavesdropping and tampering is low and reliable, but the cost is high.
|Difference between the Internet and closed networks|
|the Internet||Low||Low (best effort)|
|Closed network (IP-VPN, wide area Ethernet, etc.)||High||High (with SLA)|
Features of Internet VPN What is tunneling technology?
To use the Internet VPN, a dedicated device or dedicated software is required on the sending and receiving sides. A technology that is especially important for Internet VPNs is called “tunneling.” In tunneling, technologies called “encapsulation” and “encryption” are used.
On the Internet, when transmitting and receiving data, the unit of data is a packet. A packet is an “parcel” in English, and it’s easy to understand if you put the data in small boxes little by little and deliver a lot.
Since the Internet is a huge autonomous distributed network shared by many people, it is designed so that specific users cannot send a large amount of data at one time. Therefore, data is divided into units called packets and exchanged. The maximum amount per packet is set to “64 kilobytes”.
The Internet is a network in which countless pieces of this small packet of data flow back and forth. In tunneling, a new header is added to a packet and “encapsulation” is performed to perform communication. This additional destination becomes the public address of the VPN terminating device. Therefore, all encapsulated packets are sent to the same VPN termination device regardless of the destination contained in the original header.
Also, the contents of the data can be seen only by tunneling. In order to prevent eavesdropping and falsification of tunneled packets, a mechanism is used to encrypt and transmit packets using the “function to encrypt communication packets”. The packet is encrypted so that the contents cannot be identified even if it is seen by someone on the way. Since both ends of the VPN device are encrypted and decrypted, it is impossible to snoop on the way.
Main applications are “connection between bases” and “remote access connection”
There are two main uses of the Internet VPN: “connection between bases” and “remote access connection”.
A connection between bases is a network that connects bases such as our offices and data centers. It is common to contract closed networks provided by network operators such as IP-VPN and wide area Ethernet, but the number of cases where Internet VPNs are used here is increasing considerably.
The reason is simple, easy and low cost. Most companies and individuals have already contracted to connect to the Internet.
Then remote access connection. This is a form of usage where users connect from homes, cafes, or other locations where a private corporate network is not available.
For homes and cafes, there is no option to contract a closed network like connection between bases. However, access to the Internet can be easily secured. Free Wi-Fi provided by cafes and tethering for personal smartphones will also provide sufficient internet connection for remote work. Japan has a well-established internet communication infrastructure, and according to some data, stable broadband communication is ranked 8th in the world as of 2017.
By using these lines and VPN software together, you can easily connect to your company’s private network from a PC on the go. You can see that it has a high affinity with remote access because it can be used only with an Internet connection and VPN software.
As we have seen, Internet VPNs are widely used for inter-site connections and remote access. Especially in the latter case of remote access connection, the use is expanding due to the increase in home work and remote work accompanying the recent “work style reform”. On the other hand, security is attracting attention.
Easy to understand characteristics of PPTP, L2TP, SSTP, IKEv2, OpenVPN.
This section describes the protocol for the VPN connection. VPN is a secure network, but the protocol used for connection varies depending on the provider. Each has different characteristics, such as compatibility and security strength, but protocol-based measures are essential for reliable access.
In addition to considering VPN encryption technology, bandwidth, etc., the range of communication protection depends on the type of protocol selected, so it is necessary to choose an excellent protocol according to your needs.
In this article, we will summarize the protocols that are important when selecting a VPN and outline their characteristics.
What is a protocol
A protocol is a communication standard or procedure for communicating between different computers, and is called “communication protocol” or “network protocol”. Protocols that have different roles are layered depending on the target, such as network and application and are the basis of Internet communication. And this protocol affects the encryption strength and communication speed efficiency of the network.
In VPN communication, security enhancement and privacy protection can assume to be the foundation of the service. The security of a VPN consists of protocols and encryption, as each provider exposes a choice of protocols. It is essential to choose which protocol to use for VPN because they compared in categories such as security, communication speed, and compatibility, and their advantages and disadvantages are different. When higher security is required, a protocol specialized for security measures should be selected.
Currently, there are five types of protocols that are commonly use.
Each characteristic explained.
it Developed in 1999, and this is the first VPN protocol introduced by Windows. It is installed on most platforms and has the characteristic of high communication speed. However, the handshake authentication “MS-CHAP v2” has been reported to have security vulnerabilities, and its safety regarded as an issue. There is also a weakness in blocking, so blocking by a firewall makes communication impossible. It is a protocol that is not suitable when you require a high level of security.
- High communication speed
- Compatible with almost all terminals
- Low-security performance
- Decrypted by NSA (National Security Agency)
SSTP protocol is more secure than PPTP. It has been deployed to Mac and Linux, etc., but it is mainly Windows, so the feature is that the platform is limited. It’s loud in security, but unclear because it’s Microsoft’s proprietary encryption standard. It has characteristics such as communication protection and firewall evasion, but it is not a perfect protocol due to its limited platform and non-open source.
- Highly secure communication
- Avoid firewall
- Low compatibility
- Not open source
VPN protocol developed in 1999 as an enhanced version of PPTP. Since L2TP alone does not come with encryption, it is used together with a security system called IPsec. The data processing requires two steps, so the communication speed will decrease. It is more secure than PPTP, but it is suspected of being compromised by the NSA. It has a right balance of security and compatibility, but there are concerns that it is easy to be blocked by a firewall because the ports are limited.
- High compatibility
- Highly secure communication
- Slow communication speed
- May be blocked by a firewall.
VPN protocol developed by Microsoft and Cisco. Of particular note is the ability to follow communication signals automatically. The transition from the mobile terminal to Wi-Fi connection → cellular communication will be smooth. It’s great for people who frequently move around in a Wi-Fi environment, as it’s great for when you need to switch connections. The security and speed are better balanced than PPTP, SSTP, and L2TP, so safe and high-speed communication is possible. It is suitable for VPN communication on mobile terminals.
- Communication speed is faster than PPTP, SSTP, L2TP
- Strong security
- Stable connection
- Supports BlackBerry
- Not open-source (There are open-source versions other than Microsoft and Cisco)
- platform is limited
OpenVPN is the most reliable protocol. The strength and speed of security is superior to other protocols, and the highest level of encryption, “256-bit AES,” is available. In addition to being able to use all ports such as UDP port and TCP443, it has the strength of avoiding censorship by pretending to be HTTPS communication.
With OpenVPN, you can flexibly customize security measures and speed. We can say this is very safe because it supports various encryption. Being open-source, it is the best of the protocols. If you are concerned about safety in a VPN, you can surely choose OpenVPN.
- High-security level
- High communication speed
- Can avoid severe censorship
- May require third-party apps
OpenVPN is secure in all respects.
From the characteristics of each protocol, OpenVPN is the most reliable protocol at the moment. In addition to high-speed communication without sacrificing security, firewalls in highly regulated countries can be bypassed, ensuring VPN safety and flexibility. The wide range of compatible platforms also improves convenience. When choosing a VPN, it is a good idea to consider whether an OpenVPN connection is possible or not.
The risk behind Free VPN. 3 things you need to know to use it safely
VPN introduced to improve network security. There are paid and free versions, but the free version has some caveats. Even a VPN used to improve security is meaningless if it cannot play its original role. To protect your important corporate information from threats, be aware of Free VPN risks.
I will discuss three risks you should know before using Free VPN.
Not just a secure VPN
Now that the Internet has become indispensable for corporate activities, VPNs are beginning to spread in many companies and organizations. In addition to preventing the risk of eavesdropping and information leakage through encrypted communication, it is also expected to improve business efficiency through communication between bases that connect the head office and each branch.
At the same time, the number of businesses offering VPN services is also increasing, and it has become an environment where a wide variety of VPNs can be used from corporate to individual, paid version and free version. However, there are some Free VPNs that are not operating properly, and there are cases where the original VPN functions cannot be utilized.
In companies that exchange a large amount of information every day, information security measures also affect the relationship of trust with customers and business partners. Choosing a reliable and well-secured VPN is important from a management perspective. Free VPN can be cheap, but it is important to understand its danger and security level.
Three things you need to know when using Free VPN
There are the following risks in the released Free VPN.
- Risk of malware infection / cyber attack
Free VPN is a security vulnerability. There are cases where the VPN itself is maliciously created, and there is also the risk of launching cyber attacks aimed at security weaknesses. In some cases, you may have been infected with malware without your knowledge, which could lead to troubles such as extracting important internal information and falsifying data.
In addition, there is a possibility that the data on your device may be misused or you may be caught in a crime by remote control. To protect your company’s assets and avoid getting involved in crime, it’s important to choose a reliable VPN that minimizes these risks.
- May not be encrypted
In VPN communication, it is basically designed to prevent interception of communication contents by encryption technology. However, it has been reported that some Free VPN communications are not encrypted, which threatens the right to protect privacy and personal information.
Even with an encrypted VPN, the strength of encryption varies depending on the selected protocol. At present, if you use a protocol that does not have a high security level such as “OpenVPN” (such as PPTP), there is a high risk that a third party may snoop or tamper with it.
For a company that handles sensitive information, using such a low-security VPN can be very risky.
- Log data may be used
”No log policy” is one of the measures to secure VPN. VPN logs are data such as sites and communication history that users browse through VPN. Many VPNs have declared that they do not keep this log from the viewpoint of privacy and protection of personal information, but there are some services that get the log in Free VPN.
In addition to the connection logs such as IP address and communication data volume, the visited sites and files may also be saved. The log data saved in this way may be resold to a third party, so it cannot be said that privacy is protected.
What are the criteria for using Free VPN?
Although it cannot be asserted that Free VPN is not necessarily good, it can be said that the free version has a higher risk of being involved in troubles aimed at security vulnerabilities than the paid version. Be careful when using it as it is likely to violate your company’s security policy.
It is especially dangerous when you use a private notebook PC for private use, or when you use Free VPN on a smartphone or tablet that contains corporate data. Even if you have a strong VPN built in-house, using a weak VPN can quickly put you at risk.