Scaling Privileged Access for Modern Infrastructure: Real-World Insights
Apr 25
Virtual
Register Today
Support
LOG IN
Teleport logoTry For Free
Contact SalesTry for Free
Support
LOG IN
Home > Teleport Academy > Infrastructure Access

What is a VPN (Virtual Private Network)?

Posted 22nd Mar 2023 by Travis Rodgers
What is Secretless (Passwordless) Authentication?
What are Access Requests?
What is Authorization?
What are Ephemeral Privileges?
What is Just-In-Time (JIT) access?
Principle of Least Privilege: What It Is & How to Implement It
What is RBAC?
Configure RBAC for Kubernetes EKS
RBAC for Google Cloud Kubernetes Engine (GCP GKE)
What is ABAC?
What is MAC (Mandatory Access Control)?
What is OAuth 2.0 (Open Authorization)?
What is FIDO (Fast IDentity Online)?
What is U2F (Universal 2nd Factor)?
What is WebAuthn?
What is OIDC (Open ID Connect)?
What Is SAML (Security Assertion Markup Language)?
The Failures of Shared Secrets and How We Can Replace Them
How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters
Just-in-Time Access for Amazon EKS
Authenticating GCP GKE with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with GitHub SSO
Authenticating Azure AKS Kubernetes Clusters with GitHub SSO
Authenticating Google Kubernetes Engine Clusters with Okta SSO
Authenticating AWS EKS Kubernetes Clusters with Okta SSO
Authenticating Azure AKS Kubernetes Clusters with Okta SSO
Configuring Okta as an Identity Provider for Kubernetes Clusters
Azure AKS RBAC

A VPN, or Virtual Private Network, is a tool that allows you to create a secure and private connection between your device and the public internet. A VPN connection will encrypt your internet traffic and route it through a remote server, keeping your activity hidden from hackers, ISPs, and any third-party with malicious intent.

Why use a Virtual Private Network?

Let’s look at a typical device accessing the web. The device request goes through your router with a packet of data including what device made the request and what is being requested, among other things. From your router, the data goes to your Internet Service Provider (ISP) and gets assigned an Internet Protocol (IP) address on their network, pinning you to a general location in the world. The ISP then performs the DNS lookup keeping logs of your request, sites you connected to, etc. And if a site uses HTTPS, once your request arrives there, data is then encrypted between you and that server.

Now, there are a few problems with this flow:

  1. Your online activity is public. Your IP address reveals your location and your ISP keeps information on your activity. What if you aren’t at home or on a secure network? What if you are at a coffee shop or a hotel, using their public network? Well, there’s the risk of a man-in-the-middle-attack, Wi-Fi sniffing, and attackers even setting up their own fake router to intercept your data.
  2. Geo-restriction. Since your location is known, you are subject to geo-restrictions enforced by your internet service provider.
  3. ISP throttling. Since your activity is known, your ISP can intentionally slow down your internet if a high demand of bandwidth is detected. This has often been the case for those using streaming services like Netflix or YouTube.

Therefore, to ensure more security while using the public internet, many adopt a VPN solution.

How a Virtual Private Network works

A VPN works by tunneling your traffic through an encrypted tunnel hiding your IP address and encrypting your data. The VPN client on your device encrypts the data, it travels through your ISP, encrypted, to your VPN server where it handles the rest of the DNS lookup process. The VPN works to encrypt the entire process in such a way that your ISP and other third parties can’t peek at what websites you visit or data that you send or receive online.

VPNs can protect you when using public WiFi networks by encrypting your location and activity and by providing a secure connection between you and the internet. Since your IP address is hidden from your ISP and other third parties, you can often get around geo-restriction by connecting to a VPN server in other locations. And you can use streaming services without your ISP detecting it and slowing down your speeds.

Different VPN types and protocols

There are other types of VPNs that differ in how they work from the above example, a personal VPN. For instance, a site-to-site VPN is an encrypted connection between two or more networks on an ongoing basis. In the case of a major cloud provider like AWS and its site-to-site VPN offering, it can provide a secure, encrypted connection between your office or data center, directly to an AWS gateway and ultimately your private cloud resources. Read about the other types of VPNs here.

VPNs also come in various protocols which will determine how data is routed through a connection. With these, you’ll get different levels of security and specifications depending on your specific needs. You can explore these further here.

Shortcomings of VPNs

While VPNs seem to offer many advantages, there are a number of setbacks:

  1. Outdated use of secrets. Many VPN clients require only a username and password to access. Given the increasing number of breaches over the years due to mishandling of secrets, it only takes one compromised credential to inflict damage.
  2. Anonymity isn’t guaranteed. While your location and internet activity is encrypted, it doesn’t have an effect on cookies and other web trackers which can serve to overturn much of what you intended to be hidden, like your location or other identifiable information.
  3. VPN provider trust. Many VPN providers keep logs of your activity and identity and could even sell this data to third parties. In addition, cheap or free VPN services may use lower degrees of encryption which may give you a false sense of security while using them.
  4. Broad access. While IP addresses are hidden and privacy is addressed, the user still has implicit broad access to the network. In addition, the intended privacy makes it difficult to enforce granular access to resources within a network.

VPN alternatives

With these shortcomings in mind, a few alternatives have surfaced to better improve your online security.

  1. For complete anonymity that VPN’s often can’t provide, many look to using the Tor browser search engine.
  2. The Wireguard VPN protocol — an alternative to traditional IPSec — provides a faster, more cryptographically secure tunneling protocol compared to classic VPNs like OpenVPN. Companies like Tailscale offer a zero-config, VPN-as-a-service solution, with WireGuard under the hood.
  3. For remote access to internal systems and infrastructure, users can instead use a proxy server like Teleport, serving as a gateway between the user and the internet. Read how Teleport works here.

Looking forward

Overall, a VPN is a decent tool for anyone wanting to protect their online privacy or security with public WiFi usage, remote access to private networks, or access to geo-restricted content. However, it’s important to choose a reputable VPN provider/solution as well as to understand that it’s not foolproof. And, with the emergence of Zero Trust tools over TCP, we can ultimately do better than the implicit broad access that remote access VPNs provide — by restricting users and devices to only the gateway(s) they are individually authorized to access. Read about how Teleport fully implements a BeyondCorp and Federal Zero Trust Architecture Strategy and how we ensure that only trusted devices are used to access infrastructure.

What is Secretless (Passwordless) Authentication?
What are Access Requests?
What is Authorization?
What are Ephemeral Privileges?
What is Just-In-Time (JIT) access?
Principle of Least Privilege: What It Is & How to Implement It
What is RBAC?
Configure RBAC for Kubernetes EKS
RBAC for Google Cloud Kubernetes Engine (GCP GKE)
What is ABAC?
What is MAC (Mandatory Access Control)?
What is OAuth 2.0 (Open Authorization)?
What is FIDO (Fast IDentity Online)?
What is U2F (Universal 2nd Factor)?
What is WebAuthn?
What is OIDC (Open ID Connect)?
What Is SAML (Security Assertion Markup Language)?
The Failures of Shared Secrets and How We Can Replace Them
How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters
Just-in-Time Access for Amazon EKS
Authenticating GCP GKE with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with GitHub SSO
Authenticating Azure AKS Kubernetes Clusters with GitHub SSO
Authenticating Google Kubernetes Engine Clusters with Okta SSO
Authenticating AWS EKS Kubernetes Clusters with Okta SSO
Authenticating Azure AKS Kubernetes Clusters with Okta SSO
Configuring Okta as an Identity Provider for Kubernetes Clusters
Azure AKS RBAC

Table of Contents

Background image

Teleport Enterprise

Protect your infrastructure with essential security & compliance capabilities

Tags
connectivity