VPNs - who needs them?
- Thread starter annenap
- Start date
Sky-Knight
Well-Known Member
- Reaction score
- 5,614
- Location
- Arizona
I can't get through my day without using at least one. Though, a business with properly deployed O365 might be able to forgo direct use of them.
What do you use it for and what about an average home user?
Sky-Knight
Well-Known Member
- Reaction score
- 5,614
- Location
- Arizona
Well, I use a VPN when I'm traveling to access my home network, because that's my office network. I can remote to my desktop and do stuff there, or I can fire up a web browser and stream off my Plex server.
But for your normal home user, I can't see VPN technology being all that useful outside of telecommuting to their offices wherever they may be. And even these use cases are fading a bit because we have cloud services that are capable of securely filling that role without using the so called "VPN".
Anytime you need to connect a computer to a network it's not directly connected to, over a public network, the use of a VPN is recommended. Unless, the thing you're connecting to is designed to deal with the realities of the Internet all by itself. Many people will think about the encryption involved and say that's what VPN is all about, but that's actually not true. VPN is about authentication, not encryption. It's about verifying that a given remote device or user, is to be trusted with access to a network's resources. The encryption is an auxiliary feature bolted on to help meet the security goals in question. But before that can happen, you have to determine if the connection is to be trusted or not, authentication... it's hard.
But for your normal home user, I can't see VPN technology being all that useful outside of telecommuting to their offices wherever they may be. And even these use cases are fading a bit because we have cloud services that are capable of securely filling that role without using the so called "VPN".
Anytime you need to connect a computer to a network it's not directly connected to, over a public network, the use of a VPN is recommended. Unless, the thing you're connecting to is designed to deal with the realities of the Internet all by itself. Many people will think about the encryption involved and say that's what VPN is all about, but that's actually not true. VPN is about authentication, not encryption. It's about verifying that a given remote device or user, is to be trusted with access to a network's resources. The encryption is an auxiliary feature bolted on to help meet the security goals in question. But before that can happen, you have to determine if the connection is to be trusted or not, authentication... it's hard.
YeOldeStonecat
Well-Known Member
- Reaction score
- 6,737
- Location
- Englewood Florida
Years ago used to use them a lot. For our MSP work, we'd VPN into the clients network...and RDP or UltraVNC into computers. But around 12 or so years ago we got N-Central for our RMM and that pretty much eliminated that.
Used to VPN to our office to work on our workstations too, from home, but...our RMM now. Or..the fact that much of our stuff is in O365..don't need to connect to the office.
These days...not nearly as much as we used to. Don't have as many clients using VPNs either..for similar reasons above.
Or perhaps the OP is talking about those anonomizer VPNs..to "hide your tracks" as you surf around. I have zero interest in those....I have nothing I need to hide or cover my tracks from..even occasional porn..so what, I'm an adult, so is my wife.
Used to VPN to our office to work on our workstations too, from home, but...our RMM now. Or..the fact that much of our stuff is in O365..don't need to connect to the office.
These days...not nearly as much as we used to. Don't have as many clients using VPNs either..for similar reasons above.
Or perhaps the OP is talking about those anonomizer VPNs..to "hide your tracks" as you surf around. I have zero interest in those....I have nothing I need to hide or cover my tracks from..even occasional porn..so what, I'm an adult, so is my wife.
Sky-Knight
Well-Known Member
- Reaction score
- 5,614
- Location
- Arizona
Those 3rd party VPN providers don't provide the privacy people think they provide anyway.
Mick
Well-Known Member
- Reaction score
- 811
- Location
- Cambridge, UK
@annenap Be aware that if your client starts using one of these (3rd party) services, sites he visits that rely on geographical location may not work as expected. He might even wind up getting served pages in a different language. If you/he just want to experiment, install Opera browser. It has a built-in VPN. All you need to do is switch it on for him - I'm just assuming it's a 'him'...
SAFCasper
Well-Known Member
- Reaction score
- 830
- Location
- United Kingdom
On a very high level you generally see 3 "Types" of VPN
Anonymizer VPN
Usually an application you install on your computer/phone/tablet.
Forms an encrypted tunnel to some remote server then routes all your network traffic through this tunnel.
From the outside it looks like your network traffic is coming from the remote server (you will be seen to have it's public IP address) and makes it very difficult to "spy" on your traffic. For example all your ISP can see is encrypted traffic on port 443 flowing between yourself and the remote server. They can't see the content of that traffic or the end target.
This is mostly what home users are referring to when they mention VPN. It's main uses are anonymization, bypassing filters, and to make it look like you are in another country (eg. to access USA only Netflix content while in the UK).
Remote access VPN (also know as Teleworker VPN, Dial-in VPN, Road Warrior VPN)
Again, this is usually an application installed on your computer/phone/tablet but can also use the built-in VPN functionality of Windows.
You essentially create a tunnel between your device and a remote network (eg. your work office). Through this you can access resources on the remote network is if you were connected locally. So network printers, file shares, Exchange etc can be accessed from home as if you were in the office (although usually at a much slower speed).
Site to Site VPN
A permanent tunnel between two fixed sites. Prime example is a business with 2 offices who want to share network resources. Users in Office1 can access file shares in Office2 etc etc
This is usually configured at the router of each site or using a dedicated VPN device at each site. You don't need to install or configure anything on client devices.
Very basic overview but hopefully points you in the right direction.
Anonymizer VPN
Usually an application you install on your computer/phone/tablet.
Forms an encrypted tunnel to some remote server then routes all your network traffic through this tunnel.
From the outside it looks like your network traffic is coming from the remote server (you will be seen to have it's public IP address) and makes it very difficult to "spy" on your traffic. For example all your ISP can see is encrypted traffic on port 443 flowing between yourself and the remote server. They can't see the content of that traffic or the end target.
This is mostly what home users are referring to when they mention VPN. It's main uses are anonymization, bypassing filters, and to make it look like you are in another country (eg. to access USA only Netflix content while in the UK).
Remote access VPN (also know as Teleworker VPN, Dial-in VPN, Road Warrior VPN)
Again, this is usually an application installed on your computer/phone/tablet but can also use the built-in VPN functionality of Windows.
You essentially create a tunnel between your device and a remote network (eg. your work office). Through this you can access resources on the remote network is if you were connected locally. So network printers, file shares, Exchange etc can be accessed from home as if you were in the office (although usually at a much slower speed).
Site to Site VPN
A permanent tunnel between two fixed sites. Prime example is a business with 2 offices who want to share network resources. Users in Office1 can access file shares in Office2 etc etc
This is usually configured at the router of each site or using a dedicated VPN device at each site. You don't need to install or configure anything on client devices.
Very basic overview but hopefully points you in the right direction.
Similar threads
