Security Recommendations When Using VPN Networks

For many companies, teleworking has meant having to adopt special measures so that their workers could continue to carry out their functions from home. The biggest challenge is to allow access to business information with the least possible risk and investment. For this, the most effective and commonly adopted solution is the implementation of virtual private networks (VPN, Virtual Private Network), so called because a private network (virtually speaking) is used on a public channel (Internet).

A VPN is not a physical network as such, as the corporate intranet could be, but a network for the transmission of sensitive information, encapsulated and encrypted to prevent it from being seen and used by third parties.

The use of this type of chrome extension for vpn in the company lowers logistics costs, allowing secure access to information from any site with Internet access and providing absolute privacy to communications. Getting all of this to work requires the adoption of effective security measures in terms of proper user authentication and information encryption to prevent theft of it.

Advantages of a VPN

Currently we can choose to use VPN networks by deploying them in our own way in the company or by using third-party services.

If we choose to use third-party VPNs, the deployment, configuration and security are maintained by the provider, which makes it easier for the company to start its activity in the shortest time possible, without worrying about the cost and configuration of the necessary equipment. However, the management of the network, its security and its speed, as well as privacy, will depend on the level that the provider has implemented. It should also be remembered that when contracting third-party services, it is considered a recommended practice to sign a confidentiality and service level agreement or SLA (Service Level Agreement) with their provider, in order to have written guarantees.

On the contrary, deploying a private VPN in the company involves higher costs in terms of equipment and configuration, as well as qualified personnel. In return, it allows you to control security, privacy and improves bandwidth, avoiding connections from intermediaries in the cloud and possible outages outside the company.

 

In both cases, using a private tunnel or VPN to transmit information has a number of advantages compared to doing it directly through the Internet:

  • Verified authentication:¬†the user using the tunnel is who he claims to be thanks to a certificate exchanged between the client and the server.
  • Data integrity:¬†the use of¬†hashes makes it possible to verify that the data that is transmitted has not undergone modifications between the legitimate parties of transmission.
  • Confidentiality:¬†thanks to the use of increasingly advanced encryption techniques, no one will be able to access the information.
  • Use of the corporate internal network, as if it were in front of the company computer, allowing the person connecting to be applied the security policies of the corporate network and the corresponding access permissions.
  • They allow the use of open networks safely, for example, at the airport or in a cafeteria.¬†In these cases, the information we send through an unsecured Wi-Fi network travels through its own tunnel (encapsulation) and in an unreadable (encrypted) way, and only the legitimate recipient at the end of the tunnel can decrypt the information and access it. .

However, the inappropriate use of VPN networks involves significant security risks, since we must not forget that access to information is taking place through a public channel such as the Internet, which implies that companies must expose a gateway entry to your private information.

Recommendations for use and deployment

When deploying or choosing a VPN service, we must carefully choose the protocol that we will use and the type of encryption, as they have a significant influence on security and speed. The most secure types of encryption currently used are:

  • L2TP / IPsec:¬†by itself L2TP does not include encryption, it is combined with IPsec, whose encryption key is 256bit, which sufficiently guarantees the security of a connection.¬†It is considered insecure if pre-shared keys are used, that is, previously known by both parties through a channel that should be theoretically secure.
  • SSTP:¬†created by Microsoft, with a 256-bit encryption and 2048-bit SSL / TLS secure certificates, it would be enough to guarantee good security in this protocol.
  • OpenVPN:¬†Open source protocol, which means that any flaw is quickly identified and corrected by the developer community.¬†Considered one of the most secure, it uses AES 256-bit encryption and RSA 2048-bit authentication.

Choosing the right protocol responds to the specific needs of the company. There are other less secure protocols, but faster and easier to implement, that could be sufficient for the transmission of low confidentiality data in the company.

Finally, as general recommendations, we must remember:

  • Filter traffic and monitor the addresses using the VPN.¬†In this way, we improve security and in the event of an incident we will be able to respond more quickly and effectively.
  • Use secure encryption algorithms,¬†as a minimum recommended SHA-256 with AES 128/256 or SHA-384, in case of very sensitive information.
  • Review the default settings of the VPN configurations,¬†especially on servers, where we must not forget to maintain a¬†secure password policy¬†for clients and servers.
  • Eliminate those algorithms not used in servers,¬†avoiding as far as possible the negotiation of the encryption protocol by the devices.
  • Software¬†and¬†hardware¬†updates of¬†the machines that host a VPN, thus avoiding vulnerabilities.
  • DNS¬†leaks:¬†periodically check if the VPN server maintains privacy or there are leaks through DNS not specified in the initial configuration.
  • Network segmentation.¬†It is an important point that, in the face of unauthorized access, only the segment of the network is compromised and not the entire corporate network.
  • Deactivate Internet accesses that are not tunneled,¬†increasing privacy and thus preventing third parties from accessing or modifying the information.
  • Use double authentication factor¬†to access VPN networks, which allows a more reliable identification of the person who is going to use the connection.

From the perspective of the worker who uses VPN networks, it is necessary to emphasize or raise awareness about some essential points:

  • Keep the operating system and VPN connection tools up to date.
  • Use a specific user account to work with the VPN and without administrator privileges.
  • Have up-to-date¬†antivirus and¬†antimalware¬†software.
  • Connect via Ethernet cable to strengthen the security and persistence of the VPN network.
  • In the event of any incident or strange behavior, immediately contact the IT Department of the company, paying attention to the details that have led to it.

CONCLUSIONS

Currently, as a general rule, we can consider that the appropriate balance between security and speed would be to use any protocol that implements AES 256-bit encryption with 2048-bit SSL / TLS authentication, more than enough to deter any cybercriminal from their malicious intentions. . In some protocols, the encryption and authentication key can be increased, but this will result in a significant reduction in speed. Generally, it is reserved to work with extremely confidential information to the detriment of speed.