VPN technology began to develop in the 1980’s and 90’s with dial-up Internet connections, frame relay, and packet switching. VPNs have advanced significantly since then to become the simple tools that users see today. From private networks for business entities, they have become key online privacy and security tools.
VPN clients used frame relay and packet switching to build the foundations of VPN remote connectivity and point-to-point connections. These first networks allowed developers to build up to a range of more affordable networking technologies. This evolution unfolded logically through internet-based channels. We now have data connections where we want them and how we want them.
The Internet opened up free connection options for all. But this networking technology allowed dedicated connections to be created. Corporate entities required more private channels to secure their data traffic. The idea of the virtual private network (VPN) was born out of this need. VPN clients actually work to create a private network across public communications, like telecommunications infrastructure. And the Internet provided a very convenient and functional transport protocol.
VPN clients used the technology to connect remote points made up of users and database servers to an office network that was central and secured. VPN client became popular as more affordable security solutions as compared to the available dedicated leased line connections. Today, the advances in VPN client services provide both companies and individuals with the option to deploy VPNs. They are the practical and affordable online security and privacy option for small to medium-sized enterprises (SMEs) and regular Internet users.
The VPN functions such as tunneling protocols and encryption are what allow VPN clients to provide security for users. The data is encrypted before transport at both ends of the tunnel created by the VPN client between their server and the user. Network addresses at both ends can also be anonymized. There are seven layers in the Open System Interconnection networking framework model, but layer 2 is where the encryption and synchronization is executed for the most common VPN clients.
VPN clients began by using the Point-to-Point Tunneling Protocol developed from Microsoft’s PPP. This was a fast but not very secure protocol which caused data integrity problems. Later, IPSec was developed and became the standard for VPN clients. IPSec allows flexible and configurable network connections. Traffic carried by the VPN client is encrypted and furthermore authenticated. This protects the data from being secretly intercepted and altered. IPSec operates at the network IP layer, it is compatible with any protocol that is carried by IP. The result is the ideally flexible VPN for general use. Different implementations have been developed which sometimes cause inter-operational issues, but IPsec remains the best choice for single-supplier VPN client implementations or organizations that maintain IT support staff.
Another development in Internet security was the Secure Sockets Layer. This transferred over to VPN client implementations of SSL VPNs that connected individual computers to an application gateway on an office network. SSL VPNs used the VPN client’s web browser as an interface. This meant that installing additional software on the computer was no longer needed in most cases. VPN client support was therefore made easier so that the client could run any of the usual Operating Systems provided they supported a web browser and SSL. Without additional software, however, SSL VPNs are limited to proxying web pages, or HTML/HTTP-aware applications. This was done for OS independence. SSL VPNs can execute application translation with a little extra software on the VPN client. This limits platform independence, though, so rather than add more VPN client software, it is better to use an IPSec VPN.
The latest VPN client advancement was mobile VPNs. Mobile VPNs are essential in public safety, emergency services, and other industry cases. Mobile VPNs are different from other VPNs in that the endpoint is not fixed. This mobility was needed so that users could maintain their connections while communicating with different endpoints using a VPN client. Thus modern VPN clients provide this flexibility in deployment, which is normally a central part of a company’s main security gateway. The security comes from IPSec for secure communications between the remote database server or computer and the main gateway.
VPN clients also responded to the need for smartphone and tablet security. An increase in mobile device use called for VPN clients to support BYOD mobiles for online security. The development of a remote workforce was another factor. Remote workers increasingly communicate with the corporate networks through mobile devices. With VPN mobile support, IT teams can provision access centrally. Users then install the VPN app on their devices to manage the VPN connection. It is these clientless VPN apps that also work for regular Internet users. They require very little technical know-how and allow secure VPN access in minutes.
Traditional mobile VPNs encrypt and send data through a private tunnel across the Internet. The development of the mobile access management-based mobile VPN provided additional security. MAMs run over a private network and never go through the Internet. They therefore do not need encryption, lessening the packet overhead for faster connections. MAM was exclusively for big corporations because of the costs. Today, some ISPs have connections to mobile operator networks and can subdivide the MAM into affordable segments.
VPN clients understand that VPN deployments must vary from case to case. A one-size-fits-all approach would not work since companies all have different needs and situations. Companies that need secure access to servers from any location can for example take advantage of a client-to-site VPN solution versus firewalls. The user can install a VPN client on machines and connect remotely. Another option is a site-to-site VPN. A static VPN tunnel is built between a client’s site and their hosted firewall. Users in this case pass secure traffic, but are only able to initiate it at specified locations. Or both client-to-site and site-to-site VPNs can be used together for a more dynamic option. Depending on business needs for security, dedicated data control, mobile data management (MDM), and cloud-driven device access connections, a different deployment is required.
Secure cloud services are looking like the next big thing in Internet security. Many SMEs may prefer to move over because of the flexibility that clouds provide in terms of application and outsourcing of certain IT management aspects. For now, however, the majority of cloud services are open and uncontrolled public services that cannot provide the level of security that VPN clients do. What is happening is that VPN client and cloud service technologies are merging. VPN providers are beginning to offer people integrated public cloud services under their VPN services. This way, SMEs can have access to public cloud services secured by the VPN client. VPN providers are also learning to understand that they need to give SMEs reasonable upgrade options that allow for business growth without becoming too expensive. We may soon see a cloud-centric VPN becoming the new traditional model.
Read More: