VPN Security Basics

Welcome to the first post of a multi-part series on virtual private networks (VPNs). Today, with a large part of the workforce working from home due to COVID-19, VPNs have never been more important. A VPN is an extension of a private network over the Internet. Critically, this needs to be done in a secure manner. For the last several years, the main security focus of many companies has been securing and strengthening their internal/external IT systems, but VPN security is an aspect that is commonly neglected. Bitstream Technologies believes that this is a mistake because if a VPN system is compromised, attackers can bypass external firewalls and have complete access to internal systems.

VPN representation

VPN Patches/Updates

Whatever your company uses today as a VPN gateway, it is very important that it stays updated with the latest security patches. It is also important to ensure that the system is still a supported solution from the vendor, and therefore still receives security patches periodically. Once a vulnerability is known to others, it is only a matter of time before attackers use it as an attack vector for the VPN gateway. The attack might not only be limited to gaining access to the corporate network, but also to force the system offline by overloading the VPN gateway and leaving legitimate remote users without connectivity.

Two-Factor Authentication

In the last decade, a push has been made for almost all services to have some sort of two-factor authentication method, and VPN services should not be left out. Two-factor authentication requires someone to not only authenticate with something they know (a password) but a second key that is supplied to them (a one-time code). In the case of a company computer being stolen, and the attacker gaining access to the user’s account (the first factor of authentication), the attacker would still not be able to access the VPN without the employee’s second factor of authentication, usually supplied to the employee’s phone. The two-factor authentication method helps protect users who have their passwords compromised, either from an internal attack or password reuse with another service that was attacked and information was stolen. 

Bitstream Technologies’ Solutions

Bitstream has deployed several different methods of a secure VPN to its clients depending on their needs and current hardware. One example is a combination of the software firewall platform, pfSense, and the open-source VPN server, OpenVPN running on Netgate hardware. This solution works well for companies that mostly have an on-premises corporate network with servers or computers that need access externally. To authenticate users, FreeRADIUS is used in the back end to define users, groups, and two factor authentication settings. The great thing about this solution is that it can all run on one physical Netgate appliance and no additional licenses or hardware systems are needed.

Next is the Azure VPN. This is great for companies that have all or most of their computing resources in the cloud because it allows users to directly connect to Microsoft Azure rather than having to manage hardware at a physical office location. In most cases, there is no reason for the users to “trombone” their network traffic to the corporate office, then from the office to the Azure cloud. This solution integrates very well with Azure active directory, and all users can have two-factor authentication enabled.

Bitstream Technologies also offers support contracts in which one of the benefits you will receive is patching/software upgrades of currently owned IT equipment. No matter the vendor or solution, Bitstream Technologies monitors and keeps alerts for any security updates and will apply them as soon as possible. 

Conclusion

Having a strong and secure VPN with two-factor authentication enabled is an important need in keeping your company and network secure. There are multiple technologies and options to build this strong VPN solution. This is where Bitstream Technologies can help in finding the best solution for your company. If you or your company are interested in this solution, or any other IT needs, be sure to reach out to us on our contact form, and request a free quote today!

Finally, stay tuned for future posts, where we go into detail into how to configure some of these VPN options.

Address

215 Win Ridge Drive Moon Township, PA 15108

Leave a Reply

Your email address will not be published. Required fields are marked *