In the wake of the COVID-19 pandemic, and the government directives to curb the spread of the virus, there is a demand now to connect to internal networks from distant locations. Staff have now been advised to work from home and connect to resources in the internal private office networks over the Internet, which is by nature insecure. This makes data security a major consideration when staff or business partners have constant access to internal networks from insecure external locations, threatening business continuity.

How can we secure this data?

VPN (Virtual Private Network) technology provides a way of protecting information being transmitted over the Internet, by allowing users to establish a virtual private “tunnel” to securely enter an internal network, accessing resources, data and communications via an insecure public network such as the Internet.

What is a Virtual Private Network (VPN)?

VPN (Virtual Private Network) is a generic term used to describe a communication network that uses any combination of technologies to secure a connection tunneled through an otherwise unsecured or untrusted network. Instead of using a dedicated connection, such as leased line, a “virtual” connection is made between geographically dispersed users and networks over a shared or public network, like the Internet. Data is transmitted as if it were passing through private connections.

VPN Deployment

VPN is mainly employed by organizations and enterprises in the following ways:

1. Remote access VPN: This is a user-to-network connection for the home, or from a mobile user wishing to connect to a corporate private network from a remote location. This kind of VPN permits secure, encrypted connections between a corporate private network and remote users.

2. Intranet VPN: Here, a VPN is used to make connections among fixed locations such as branch offices. This kind of LAN-to-LAN VPN connection joins multiple remote locations into a single private network.

3. Extranet VPN: This is where a VPN is used to connect business partners -such as suppliers and customers- together so as to allow various parties to work with secure data in a shared environment.

Types of VPN Tunneling Protocols:

Point to Point Tunneling Protocol (PPTP)

Point to Point Tunneling Protocol (PPTP) is one of the oldest protocols still being used by VPNs today. Developed by Microsoft and released with Windows 95, PPTP encrypts your data in packets and sends them through a tunnel it creates over your network connection.

PPTP is one of the easiest protocols to configure, requiring only a username, password, and server address to connect to the server. It’s one of the fastest VPN protocols because of its low encryption level.

Layer 2 Tunneling Protocol (L2TP)

L2TP is an extension of the PPTP (Point to point tunneling protocol), used by internet service providers to provide VPN services over the internet. L2TP tunneling starts out by initiating a connection between LAC (L2TP Access Concentrator) and LNS (L2TP Network Server) – the protocol’s two endpoints – on the Internet. Once that’s achieved, a PPP link layer is enabled and encapsulated, and afterwards it’s carried over the web.

The PPP connection is then initiated by the end-user (you) with the ISP. Once the LAC accepts the connection, the PPP link is established. Afterwards, a free slot within the network tunnel is assigned, and the request is then passed on to the LNS.

Lastly, once the connection is fully authenticated and accepted, a virtual PPP interface is created. At that moment, link frames can freely be passed through the tunnel. The frames are accepted by the LNS, which then removes the L2TP encapsulation and proceeds to process them as regular frames.

Internet Protocol Security (IPSec)

IPSec was developed for secure transfer of information at the OSI layer three across a public unprotected IP network, such as the Internet.  IPsec enables a system to select and negotiate the required security protocols, algorithm(s) and secret keys to be used for the services requested. 4 key functions or services of IPSec are as follows;

Confidentiality – Encrypting data, and scrambling.

Data Integrity – data has not been changed.

Data Authentication – authenticating receiver. Sender receiver is who they say they are.

Anti-replay – each packet is unique, has not been duplicated or intercepted.

IPSec provides data security in various ways such as encrypting and authenticating data, protection against masquerading and manipulation. Being a collection of different protocols or algorithms, IPSec is a complex framework consisting of over 30 different settings, which is why it provides a powerful and flexible set of security features that can be used to secure traffic from site to site or site to a mobile user.

As the world is constantly changing and growing with technology, IPSec suits this as it’s a framework, which allows you add new and better algorithms coming out.

PPTP vs L2TP vs IPSec; which one works best?

While it boasts fast connection speeds, the low level of encryption makes PPTP one of the least secure protocols you can use to protect your data. With known vulnerabilities dating as far back as 1998, and the absence of strong encryption, you’ll want to avoid using this protocol if you need solid online security and anonymity.

L2TP used in conjunction with IPSec creates a more secure tunneling protocol than PPTP. L2TP encapsulates the data, but isn’t adequately encrypted until IPSec wraps the data again with its own encryption to create two layers of encryption, securing the confidentiality of the data packets going through the tunnel. L2TP/IPSec provides AES-256 bit encryption, one of the most advanced encryption standards that can be implemented.

Optace gives you a L2TP/IPSEC VPN solution to provide a secure means for an organization’s staff to access internal network resources from anywhere as long as they have an internet connection. Do talk to us today, and let us ensure your business continuity during and after the COVID-19 pandemic. Our certified in-house consultant is ready to set you up.

Browse through our catalog of VPN capable hardware by MikroTik, Ubiquiti, and Cisco.