What A Virtual- Private Network Concentrator Is

As the Coronavirus continues, and no clear certainty as too when businesses will open back up again, employees will still be continuing to work from home. Of course, the security issues that surround this have made the news headlines quietly. Workers have been told at nauseum to use strong passwords, to change them often, use a Password Manager, make use of multi-factor authentication (MFA), etc.

But there is one thing that many news headlines have not talked about using: what is known as a “Virtual Private Network Concentrator”. This is a tool that is not implemented by the employee, but, but by their employer. This is the focal point of this article.

What A Virtual Private Network Is

Before we dive into what a concentrator is, it is first important to review what a Virtual Private Network (VPN) is. It can be technically defined as follows:

“A virtual private network gives you online privacy and anonymity by creating a private network from a public Internet connection. VPNs mask your Internet protocol (IP) address so your online actions are virtually untraceable. Most important, VPN services establish secure and encrypted connections, guaranteed to provide greater privacy than even a secured Wi-Fi hotspot.”  (SOURCE:  1).

In other words, two lines of communications are established with the VPN. The first is the public Internet connection, and the second is a much more secure, and in fact, secretive connection upon which all communications take place. In this regard, the data packets that contain the mission critical information and data are encapsulated into another data packet, so that they cannot be detected by the Cyberattacker.

But it is also important to note that the above definition assumes just a one-way connection has been established. For example, this would be from where the remote employee is working to where the physical location of the corporate server is, and vice versa. However multiple VPN connections must be made, and this is where the role of the “VPN Concentrator” comes into play.

The VPN Concentrator

The VPN Concentrator can also be defined as follows:

“A VPN concentrator is a networking device specially designed to give people access to a network remotely (from anywhere in the world) through multiple VPN tunnels.”

(SOURCE:  2).

Thus, as one can see, this sort of device is not meant to be used for just a few VPN connections; rather, it is meant to be used for many, many VPN connections. As a business owner, it is important for you to understand exactly what the functionalities of a VPN Concentrator are. They are as follows:

  • It establishes secure networking tunnels.
  • It authenticates remote users who are attempting to access the central server(s).
  • It negotiates and defines the tunnel permutations and parameters.
  • It can encrypt as well as decrypt the information and the data that is transmitted across in it.
  • It can manage the security keys that are associated with the VPN network that you are using.
  • It can optimize the flow of Data Packet traffic across the various tunnel connections that have been established.
  • It can also manage inbound and outbound network traffic at the endpoints.

Also, you need to be aware that VPN Concentrators can be configured in many ways and formats, depending of course upon the total number of remote employees that you have, and the security requirements of your business. The diagram below illustrates a typical configuration, in which the VPN Concentrator is situated just right next to the Firewall (it can also even be situated just behind it as well):

Key Deployment Issues with a VPN Concentrator

Although one of the prime advantages of using a VPN Concentrator is that you can literally “amplify” your network connections to your remote workers in probably one of the most robust and secure means that are possible today.

But also, as a business owner, you need to be aware of the major issues, or considerations that are involved when deploying it. The following are the most typical kinds of scenarios that you could encounter:

  • Using a VPN Concentrator vs. using a VPN Router:

Before you can decide what you need to go with, it is important first to conduct an assessment into the Security requirements, and the total number of remote users that are involved. If the business entity is small enough, then going with a VPN Router would be the optimal choice. The costs of implementing a VPN Concentrator can be quite high, especially for a small business. Therefore, it is most cost effective to have this set up in a medium to large sized enterprise, where there are many more remote employees that will be constantly needing access to shared resources and files.

  • A VPN Concentrator vs. a Site to Site VPN:

It is important to keep in mind that a VPN Concentrator is typically used in those scenarios where there is a One to Many (1: N) network connection set up. This simply means that there are many remote employees logging into just one physical location, where the server resides at. But there are also those instances where there will be many remote employees logging into multiple corporate locations (for example, that of a Fortune 100 company). In these instances, a solution known as the “Site to Site VPN” will be required.

  • Using Secure Sockets Layer (SSL) or IPsec:

In order to establish a secure connection, the VPN Concentrator typically makes use of either SSL or IPsec. However, there are careful considerations that must be made in this regard. For example, using IPsec requires that a separate client software package be installed onto the computer of the remote employee. Although this networking protocol does offer some of the highest levels of Security that are available, this typically requires extra IT staff to set up and deploy. Because of this, IPsec is the choice to be used where most of the remote employees remain in a fixed location. But, if your employees are constantly travelling, then using SSL becomes the network protocol of choice. By using this, the VPN Concentrator can be accessed from virtually anywhere around the world; there are fewer implementation costs, and extra client software does not have to be installed. SSL is also much more preferable to use with a VPN Concentrator if the remote employee has to constantly access many Web based shared resources and files.

Conclusions

In the end, deploying a VPN Concentrator does take careful consideration and planning, as there are both Security and financial aspects that need to be considered. One of the greatest assets that a VPN Concentrator has to offer is that it makes use of Dynamic IP Addresses, where new ones are being constantly assigned. This makes it that much more difficult for the Cyber attacker to penetrate the actual VPN Network. This is in stark comparison to that of a Static IP Address, where only one is issued. Therefore, it can be easily guessed and thus be a grave Security vulnerability.

Sources