The virtual private network is a relatively low-cost solution that not only establishes connections between remote machines but enables extremely secure data traffic.
However, a question arises: how can it be safe if it makes use of public networks such as the internet?
In this article, we will address the aspects that involve the security of a virtual private network and how it can contribute to the security of the digital environment as a whole.
What exactly is a virtual private network?
A virtual private network (VPN) is a private connection that is established between computers over a public network, such as the internet, example.
So, with a VPN, users and servers in different locations can connect safely and securely.
And all this even when accessing it from an unsecured point, such as Wi-Fi in a public place.
Therefore, more than connecting remote machines in a network, VPN can guarantee secure data traffic.
How is the connection made in the virtual private network?
In summary, the connection via a virtual private network works as follows:
- First, it is necessary to have a server or a company’s internal network environment (it can be a virtualized network, such as the Virtual Data Center, for example);
- This Virtual Data Center server or private network will generate a certificate, which contains the necessary parameters for the connection, including the digital certificate, the asymmetric key, and cryptographic algorithms;
- The parameters file is imported into the client software or network (which will access the environment in a Virtual Data Center or the server remotely);
- Then, the user configures the client software by importing the parameters file, enabling it to connect to the organization’s network through IPsec tunneling or another VPN protocol used;
- Previously, a list of resources that the user can access on the network must have been defined;
- Remote access to the server and to the Virtual Data Center’s internal network will be possible from then on.
The components of a virtual private network
An internet-based virtual private network is made up of four core components:
- The internet itself, provides the medium for data transmission;
- Gateways, which make the interface between the internet and the private network; this includes VPN routers, firewalls, hardware, and software;
- The security policy server, which contains access control information that is used by security gateways;
- The VPN server, which verifies the authenticity of keys shared between websites and the digital certificates of individuals.
Security in the virtual private network
To ensure the security of a virtual private network, it must meet the following requirements:
- Authentication: to ensure that the data has a secure origin;
- Access control: to allow only authorized users to have access to the network;
- Confidentiality: to ensure that only the recipient of the data can read or copy it;
- Integrity: to ensure that data is not tampered with as it travels over the network.
Such requirements are met by the use of some tools, such as those listed below.
The firewall acts as a barrier between the internet and the VPN. It is used to establish access restrictions, such as:
- Limit available ports on the network,
- Limit the types of packets allowed for traffic,
- Limit authorized protocols,
Also, since all traffic passes through the firewall, it can keep a log of internet activity.
With encryption, data is masked at the source of transmission and only the true recipient knows the rules for restoring the content.
Data encryption is performed using a set of rules, using a standard key, which can be symmetric or asymmetric.
Symmetric keys (or private keys) use the same key, both to encrypt and to decrypt data.
On the other hand, asymmetric keys (or public keys) use two related but distinct keys, one for encrypting and one for decrypting the data.
The IPsec protocol
IP Security is an extension of the IP protocol, used to provide security and privacy to data packets that travel on the network.
Namely, IPsec is considered a very secure protocol, has become a reference for virtual private networks.
Client and server authentication and data confidentiality and integrity are provided by this protocol and the encryption algorithms it negotiates.
IPsec can be used in transport mode or tunneling mode.
In transport mode, encryption is applied only to the message, while in tunneling mode, the entire packet is encrypted, including the IP header.
The AAA servers
Thus, AAA servers reinforce the security of the network, verifying who the user is (authentication), what he can do (authorization), and what he actually did (audit).
Even with all the technical resources, security in a virtual private network, and in digital environments in general, remains dependent on a strict and detailed security policy.
In effect, a network will always be safer if all its nodes follow the same security policy.
In fact, a single point on the network that presents a failure or vulnerability can compromise your security as a whole.
Nodes that access a virtual private network often also access the internet directly, characterizing a vulnerability.
Thus, a good security policy for virtual private networks can establish points such as:
- Rules for access to equipment, in order to prevent them from being stolen or improperly accessed;
- Procedures for the loss or theft of equipment, so that its digital certificate is revoked as soon as possible;
- The use of a password for the screensaver, preventing unauthorized access;
- Procedures for cases of sending equipment to technical assistance, preventing hard disk data from being copied;
- Mandatory definition of services that are authorized to run on equipment;
- Rules for updating operating system versions, applications, and services;
- Connection procedures, such as disconnecting the network cable at the time of VPN connection, for example;
- A virus prevention policy;
- A policy for the use of modems;