Virtual Private Network (VPN)

A Virtual Private Network (VPN) creates an encrypted connection (tunnel) between a user's device and a network, securing all data that travels between them. VPNs are widely used for remote access to company resources and for securing internet connections.

Types of VPN:

• Remote access VPN: Individual users connecting to company network from anywhere
• Site-to-site VPN: Connecting two networks (e.g., office to data centre)
• Client-to-site: Software on the user's device connects to a VPN server
• SSL/TLS VPN: Browser-based VPN access (no client software needed)
• IPsec VPN: Network-layer encryption for site-to-site connections

VPN use cases:

• Remote work: Secure access to company resources from home or travel
• Cloud connectivity: Encrypted connection between office and cloud
• Branch offices: Connecting multiple office locations securely
• Public WiFi protection: Encrypting traffic on untrusted networks
• Compliance: Meeting data protection requirements for remote access

VPN solutions:

• Enterprise VPN: Cisco AnyConnect, Palo Alto GlobalProtect, Fortinet FortiClient
• Cloud VPN: AWS Client VPN, Azure VPN Gateway, Google Cloud VPN
• Modern alternatives: Cloudflare Access, Zscaler Private Access (ZTNA)
• Open source: WireGuard, OpenVPN

VPN vs. Zero Trust Network Access (ZTNA):

• VPN gives broad network access once connected (trust the network)
• ZTNA provides application-specific access with continuous verification (trust nothing)
• ZTNA is increasingly replacing traditional VPN for remote access
• VPN remains relevant for site-to-site connections and network-level access

VPN best practices:

• Use split tunnelling carefully (only route company traffic through VPN)
• Require MFA for VPN authentication
• Monitor VPN connections for anomalies
• Keep VPN software and firmware updated
• Implement always-on VPN for high-security environments
• Ensure adequate VPN capacity for remote workforce
• Consider ZTNA as a VPN complement or replacement