The advent of the work-from-home era, the rise of new cybersecurity threats, and recent advancements in cloud technologies have combined to increase the need for VPN networks with high-security standards for organizations all over the world. When it comes to Virtual Private Networks, it can be overwhelming to distinguish between technologies, especially for those who are less tech-savvy. Wondering which type of VPN protocol is right for your business? Discover below an informative overview of the main types and decide which one best suits your needs.
VPN Types: Not All VPNs Are Created Equal
A VPN is basically a private tunnel between a device and the internet. All traffic is encrypted as it passes through this tunnel, keeping sensitive data out of malicious hands. These tools can be divided into two main types: remote access and site-to-site.
Remote Access VPN
Remote access VPN is the most popular type today, being the foundation upon which commercial VPN services are built. Simply put, this type of virtual private network connects the user to a secure remote server in order to access a private network. The main benefits of remote access VPNs are easy setups and hassle-free use.
Site-to-site VPN
Site-to-site VPNs work differently and are used to extend a company’s network to different locations. Although this type is more difficult to implement, it’s ideal for business environments because it gives multiple users working from various fixed locations the ability to securely access each other’s resources. Site-to-site VPNs are further divided into two categories: intranet-based and extranet-based.
Top VPN Tunneling Protocols: Pros and Cons
PPTP (Point-to-Point-Tunneling Protocol)
Originally developed by Microsoft for dial-up networks, PPTP is the oldest widely-used VPN protocol. PPTP is one of the fastest VPN protocols, is easy to set up, and can be used for connecting to both the internet and intranet. Almost every modern system and device supports PPTP, making it the most popular on the market. Its main drawback is the low level of security. Even though it normally uses 128-bit encryption, PPTP is easy to crack (NSA admitted doing it regularly) and can be blocked by some firewalls.
L2TP/IPSec (Layer 2 Tunneling Protocol)
Designed as a replacement to the PPTP, Layer 2 Tunnel Protocol is simply a tunneling protocol and doesn’t actually provide any encryption or authentication. L2TP is usually combined with another VPN security protocol like IPSec to create a highly secure VPN connection. This protocol has a few convenient features, such as strong security, high compatibility, and an easy setup procedure. The main issues: slower than other protocols, some vulnerability concerns, easily blocked by firewalls (L2TP doesn’t have a clever way to get through firewalls, which requires a more complicated configuration).
SSTP (Secure Socket Tunneling Protocol)
Secure Socket Tunneling Protocol was developed by Microsoft and made its debut as part of Windows Vista. Similarly to other leading protocols, SSTP supports AES-256 encryption, it’s fast, and can easily pass through most firewalls. Its main strength is also its greatest weakness: being developed and owned by Microsoft, SSTP is fairly easy to set up on Windows machines, but can be a nightmare if your employees run Linux. Apple computers don’t run SSTP protocol and probably never will.
IKEv2 (Internet Key Exchange – version 2)
The IKEv2 protocol was developed by Microsoft and Cisco and it stands out of the crowd by being stable, secure, easy to set up, and very fast. IKEv2 usually employs the Mobility and Multi-homing Protocol, which is especially useful for mobile devices running 3G or 4G LTE because it’s good at reconnecting whenever devices lose connection. Like SSTP, IKEv2 isn’t compatible with too many systems and there are some fair security concerns (in 2016, NSA whistleblower Edward Snowden revealed that the Agency had managed to crack its encryption).
OpenVPN
Released in 2001, OpenVPN is an open-source protocol that allows developers access to its underlying code and uses a strong custom security protocol that relies heavily on OpenSSL. Because it’s highly configurable and can easily be disguised as normal internet traffic, OpenVPN is now the default protocol used by most paid VPN providers. The pros list include top-notch security, versatility, the ability to bypass firewalls, and the fact that it’s open-source. The main drawbacks are the complex setup procedure and a lack of speed.
WireGuard
WireGuard is the latest tunneling protocol and it aims to be “faster, leaner, and more useful than IPSec, while avoiding the massive headache”. WireGuard utilizes state-of-the-art cryptography and is fairly easy to set up. Initially released for the Linux kernel, it is now cross-platform and widely deployable. However, since it’s still considered experimental, it’s pretty rare to find this protocol in a consumer VPN app.
Establishing the best VPN protocol is no easy task, especially since there’s no such thing as a VPN protocol suitable for everyone. Business managers and IT leaders should take into consideration how and why teleworkers use VPN connections before choosing the right one.
