Individual users and small businesses that cannot afford the cost and administrative requirements of a large private voice and data network can use VPNs for remote communications. Using the internet as the network infrastructure, VPNs connect remote users to websites and private corporate networks and their embedded resources with software and appliances that translate internal data streams into secure encrypted transmissions. The technology has been around for decades and is among the most popular remote access technologies.
But what about VPN alternatives? Are there remote access technologies that can take the place of VPNs?
Think of a VPN as analogous to a proxy, as it facilitates the link between a user and a remote server. VPNs provide anonymity by disguising the requesting source. They also have increased security features and policies to protect the requestor's identity. Different protocols are used with VPNs, often depending on the vendor and user requirements.
VPN pros and cons
VPN technology can be relatively inexpensive, especially with free or low-cost VPN packages. In these offerings, users simply access the VPN service, complete secure access procedures and enter the desired domain, such as a website address. More costly VPN technologies are likely to be used for large corporate networks. The main cost is the license fee for each user who uses VPN services.
Security in the form of encryption is generally available for VPNs. When evaluating VPN candidates, users should closely inspect the security features to ensure they're sufficient.
VPNs also have several limitations. The principal concerns revolve around data security. If vendors say their security policies are rigorous and compliant with security standards, then those claims should be verified. Vendors could monitor user online transactions and use that information for their own purposes, such as selling customer data to other vendors.
The need to mask IP addresses may be exaggerated by vendors that claim a user IP address may be vulnerable to unscrupulous activity. Vendors that log VPN activity may sell user transaction information to other firms. VPN service providers may offer services to prevent DNS issues, such as leakage of user IP data when it should be secure.
Vendors may also make claims about how they provide end-to-end encryption. If encryption only occurs from the user client to the VPN service provider -- and not onward to the desired resource -- user data security can be jeopardized.
In light of these VPN weaknesses, what are some alternatives to VPNs? Three VPN alternatives in particular are gaining favor among networking professionals.
1. Smart DNS
Smart DNS provides a proxy server resource for additional protection of a user's identity by masking a user's ISP-generated DNS address with a different address -- generated by the Smart DNS device -- before sending the user request into the internet.
2. The Onion Router
The Onion Router (Tor) network protects user data by encapsulating the data in multiple layers of secure encryption -- using the Onion Protocol -- as it routes the data from sender to receiver. The Tor process ensures that a user's identity is protected from ISPs and advertisers.
The Lantern network provides end-to-end security by encrypting all data traffic as it passes through Lantern servers. It differs from Tor in that it does not facilitate anonymity across the internet. It features higher-speed browsing and provides access to blocked websites and applications.
Planning considerations for VPN alternatives
The following are guidelines for planning a change in VPN technology or if the user is relatively new to VPNs:
- Determine VPN requirements, such as the number of potential users, security requirements and access restrictions to certain websites and networks.
- Review existing security policies, and make changes as needed to accommodate VPN users.
- Identify candidate VPN providers, such as hosted ISPs, open source VPN software and free or low-cost VPN products.
- Carefully examine security policies from potential vendors to ensure they are consistent with corporate requirements and do not provide loopholes that vendors and hackers can exploit.
- Test-drive candidate VPN products and services if possible to validate their security and performance.
- Speak to other users of the candidate product if possible.
- Ensure the VPN supplier will support service-level agreements.
- Document VPN operational procedures.
- Schedule and conduct training classes if needed.
- Ensure that backup copies of VPN software and appliances are available in case of technology disruptions.
- Set up a deployment plan to roll out the VPN alternative.
- Conduct periodic tests of the VPNs to ensure they are working properly.
- Incorporate the alternate VPNs into existing technology disaster recovery plans.
Depending on financial requirements, security requirements and the need for expanded use of remote access, numerous VPN options are available to provide secure, end-to-end encrypted remote access.