Connecting to private corporate networks from a public location is made possible through virtual private network (VPN) and remote access technologies. Though related in their ability to facilitate external access to internal resources, VPN and remote access use different methods. The key difference lies in VPNs creating encrypted tunnels for all traffic between the external device and internal network, while remote access protocols transport data over standard networks, sometimes applying encryption to the data or transmission. Essentially, VPNs focus more on total encryption rather than just access to specific internal resources.
A VPN creates an encrypted tunnel between the remote device and the private corporate network, essentially extending the network to the external endpoint. All traffic passing through the tunnel receives encryption, including internet traffic. This allows remote users to access local network resources like file shares, databases, web applications, and productivity software, without exposing sensitive data to public networks. Only the tunnel endpoints can decrypt the data. Remote access technologies like VNC, RDP, and SSH provide access to specifically enabled resources over standard, sometimes unencrypted networks. While they allow interaction with internal servers, applications, and files, they transport data over public channels, only encrypting login credentials in some cases. An organization needs to enable and configure each internal resource to allow remote access over these protocols.
Understanding the nuances between VPNs and remote access assists organizations in determining the best approach to securely enable external connectivity based on their specific access requirements and resources. A VPN tunnel essentially makes a remote device an encrypted node on the internal network, while remote access facilitates interaction with discrete internal resources across public networks and channels.
What is a VPN?
A Virtual Private Network, or VPN, extends a private network across a public network to enable users to send and receive data across shared infrastructure. A VPN creates a secure, encrypted tunnel between the user’s device and the private network. All data transmitted through the VPN tunnel is encrypted and secured from external parties.
Some key aspects of a VPN include:
- Encrypts data sent over public/shared networks
- Allows access to resources on a private local area network (LAN) externally
- Requires VPN client software on user devices
- Tunnel all internet traffic through the VPN server
Common uses of VPN technology include:
- Securely accessing a corporate intranet when working remotely
- Anonymizing internet usage by hiding browsing activity and IP address
- Bypassing internet censorship and access restrictions
What is Remote Access?
Remote access refers to any technology that allows a user to access a computer or network from an external location. Users gain remote access through client software or web-based applications.
Some examples of remote access technology include:
- Virtual Network Computing (VNC) – Graphical desktop sharing
- Remote Desktop Protocol (RDP) – Access Windows desktop sessions
- SSH (Secure Shell) – Command line and tunneling
- Web-based management interfaces – Router, server, service UIs
Remote access enables activities like:
- Administration of servers, networks, and other infrastructure
- Remote technical support and management
- Accessing work resources from home or on the road
What Are Differences Between VPN and Remote Access?
While VPN and remote access can both enable external connectivity to internal resources, there are some important ways they differ:
A VPN is fundamentally about security – encrypting data and obscuring the source of network traffic. Remote access technologies enable access as a convenience, but security is not always a central focus.
A VPN typically tunnels all traffic from a device through an encrypted channel. Remote access usually provides access to specific services and resources. Traffic may be encrypted during transmission, but the connection is not as far-reaching as a VPN tunnel.
VPN access is most commonly used to access web apps and file shares on an internal network. Remote access tools are more commonly used for server administration, command line access, and other infrastructure-level activities.
Location of Tools
A VPN client is installed locally on a user’s device to handle encryption and tunneling tasks. Remote access tools tend to reside on servers and systems being accessed remotely. Minimal software may be required on the client side.
Common Use Cases
To better understand the appropriate situations to use each technology, let’s explore some common use cases:
When to Use a VPN
Some examples of ideal VPN usage include:
Accessing Corporate Apps and Files
Employees can leverage a VPN to securely access internally hosted web apps, file shares, databases, and other business apps on the corporate LAN. All traffic is encrypted end-to-end to protect company data.
IT departments can require employees to connect via an IPsec or SSL VPN when working remotely on personal devices. This ensures traffic is secured regardless of the security of the remote device.
When using public Wi-Fi, subscribers can use a VPN to encrypt all traffic sent and received from their device, securing sensitive data from snooping.
In some countries and networks, users may leverage VPN technology to bypass bandwidth throttling, access restrictions, or internet censorship. The VPN tunnel encrypts traffic, obscuring its source and destination.
When to Use Remote Access
Examples where remote access technology is the better fit:
Server and Service Administration
IT staff often require remote access capabilities to perform administrative tasks on servers, databases, networks, and other systems and services. Native remote access tools provide the required functionality.
Since remote access solutions provide access to specific systems, they can be used to tightly restrict what users are able to do remotely. For example, developers may get access to dev servers via SSH while outsiders are limited to a web portal.
Remote Support and Control
Many remote support apps utilize remote access technology to enable control of another computer for assistance purposes. This allows support staff to diagnose and address issues remotely.
Infrastructure components like routers and switches are typically managed via dedicated remote access interfaces designed specifically for configuring that equipment from a centralized location.
There are a variety of VPN and remote access technologies available. Some notable options include:
VPN Protocols and Software
Internet Protocol Security (IPsec) is a secure network protocol used to setup a VPN tunnel over the public internet. IPsec is supported natively in most devices and operating systems today.
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) can also be used to build VPN tunnels. SSL VPN clients are commonly integrated into web browsers for easy access.
OpenVPN is a popular open source VPN software option. OpenVPN can be configured using both IPsec and SSL VPN configurations.
An innovative new tunneling protocol that uses modern cryptography and streamlined connection management. Fast becoming a popular VPN option.
Remote Access Systems
RDP – Remote Desktop Protocol
Native Microsoft Windows remote access technology that provides graphical remote access to a Windows desktop session.
VNC – Virtual Network Computing
A common open source and commercial graphical desktop sharing system used widely for tech support and infrastructure access purposes.
SSH – Secure Shell
SSH is a network protocol that allows administrators to access command lines and tunnel traffic over an encrypted connection. SSH is ubiquitous for Linux/Unix server access.
Many infrastructure components and enterprise services provide dedicated web-based interfaces for remote administration without any client software requirements.
While VPNs provide a clear security advantage for remote connections, both technologies come with important security considerations:
VPN advantages include traffic encryption and obscuring the source of network communications. However, VPN risks include:
- VPN endpoints become high value targets for attackers – Infrastructure must be locked down
- Attackers can perform man-in-the-middle attacks by impersonating the VPN server
- Buggy VPN software/plugins introduce vulnerabilities on endpoints
Proper VPN hygiene is required for secure deployments.
Remote Access Security
While remote access technologies differ substantially in their capabilities, risks associated with remote access include:
- Brute force attacks against logins – Strong passwords are key
- Unpatched software vulnerabilities enable takeover by attackers
- Users may fall for social engineering schemes and grant access
- Improper access controls lead to excessive data/system access
Locking down remote access infrastructure, implementing principle of least-privilege, multi-factor authentication, and user education help mitigate risks.
Is VPN the Same as Remote Access?
While VPN and remote access serve some overlapping use cases for secure external connectivity, they excel in different applications:
- Use a VPN to encrypt all external traffic and obscure browsing activity – Great for public Wi-Fi usage and accessing web apps on internal networks.
- Leverage remote access for administration of infrastructure and systems. Enables usage restrictions tailored to administrator duties.
- VPN access is client-driven – software runs on user devices and encrypts/tunnels traffic.
- Remote access tools usually reside on servers and systems being accessed remotely by users.
Choosing the right technology comes down to the use case, performance needs, and convenience for end users. Utilizing a combination of both remote access and VPN technologies enables a flexible and secure external access infrastructure for organizations and end users alike.
In closing, while VPNs and remote access technologies may seem interchangeable at first glance, they serve very distinct functions.
VPNs excel at encrypting general external traffic and anonymizing activity, while built-in remote access tools provide administrative access for managing infrastructure.
Understanding the key differences in security posture, scope, user experience and infrastructure requirements allows IT organizations to build a robust and segmented external access plan leveraging both VPN and purpose-built remote access tools tailored to use case.
By leveraging both solutions for appropriate use cases, enterprises realize the performance, management and security benefits of each technology where they excel. Just don’t make the mistake of thinking VPN access can solve for all external connectivity use cases – pick the right tool for each job.