The difference between a VPN and a firewall is an important thing to know when you’re either partly or wholly responsible for securing the systems that keep a business running. Yes, both of these are among the fundamentals of cybersecurity, but that doesn’t mean you’re above a refresher on what they are and what they do – and, crucially, what they don’t do.
To the layperson – or lay-office-worker – VPNs and firewalls are just “security stuff”. People know they should probably have them, but if the people running cybersecurity are doing their “security stuff”, then the users down the line don’t need to think about it. But they should.
When the security of your “cyber” is what’s keeping your business going, you have to have a crystal clear view of what you’ve got and how it’s working. If you aren’t across it, you’re vulnerable. Every day, cybercriminals case your website, portals, and accounts in a process known as “footprinting”. If they get in, that’s your business in trouble, and your head on a proverbial pike. Don’t let it happen.
If it has been a little while since you thought about your firewall or VPN, now is the time to spare a few moments getting back to grips with them, and to find out why they’re so often referred to as a “barrier” and a “tunnel”, respectively.
Virtual Private Network – What Is That?
VPNs are a surprisingly old idea. The protocol that powered the original VPN concept, Point-to-Point Tunneling Protocol (PPTP), dates from 1996 when a Microsoft employee invented a way to maintain security for remote employees. Originally, it was a purely in-house idea, but soon enough broader applications for solutions like PPTP came to the fore. It would, however, still be some years before the VPNs became (somewhat) commonplace.
“VPN” itself stands for Virtual Private Network. You may already know this, but it bears repeating, if only so we can unpack the terms. In this sense, the term “virtual” means that the system is an artefact of software and how the system is configured. The “virtual private” here does not mean “nearly private”, just that the system does not exist on hardware. The “network” term in the acronym refers to the fact that the VPN, in effect, securely extends your company’s private network into the internet by rerouting all your traffic.
The effect of this is to create a “tunnel”, a common term for the secure connection the VPN creates, through the Internet between the computer and the network resource. Like an actual tunnel, no one outside it can see what’s inside.
On The Net Yet Inside A VPN
When you access a website through a VPN, the identifying source of your connection gets bounced around a variety of servers in different places, thus concealing your identity. No one – not cybercriminals, not your ISP, not your government – can (practically) tell what data is being transmitted between you and that site.
What kinds of data can be hidden this way? Physical location, login credentials, identity information, financial documentation, credit card details and more – all are handled as if the transmission was taking place within your local network. Beyond security, VPNs also help enable your employees to be productive because they’re able to safely access all the business resources they need – no matter how commercially sensitive – without having to go through an IT or admin gatekeeper. All up, a good VPN is a way for businesses – even the smallest businesses – to support remote employees while simultaneously ensuring everything is protected.
A VPN was once considered a leading-edge security option – only used by those with highly sensitive data or a paranoid streak, or people that wanted to hide on the web. Since then, the game has changed as threats have increased. However, as great as VPNs are, they’re not a magic bullet for cybersecurity. And this is where they can work hand-in-glove with firewalls.
Firewalls – Understanding How They Can Protect Your Network Traffic
Your firewall does not double-up on your VPN’s function, but rather they work with one another (and your antivirus software) to maximise your business’s security online. This is the “barrier” aspect of cybersecurity. Like a firewall in a building will contain the spread of flames throughout, a digital firewall is what stands between your device and the wider internet and halts any threats that seek to spread through your systems.
The theory of firewalls goes that every packet (the tiny parcels of data that digital signals are chopped up into for easier management) passing between the inner and outer digital worlds will be intercepted. When the firewall makes this interception, it will then “inspect”, “verify”, or “flag” every packet in the traffic.
If something suspicious – a “threat” – is detected, the firewall will warn the user (or IT Administrators) of the situation and block the traffic. At the usual level of user access, the user can heed the warning and back out or opt-in to proceed. For users with lower levels of access, often entry-level and non-technical staff, they will simply be blocked with no option to continue. If they really need to continue to receive the “suspicious” traffic, they may need to seek permission from their manager or IT department.
How Firewalls React To Hackers … And Users
The most common kind of firewalls are those bundled in the OS of the devices through which the users access the internet – desktops, laptops, tablets and phones. Among these, ‘Windows Defender Firewall’ is perhaps the best known. Many users only really come across it when they’re installing new software. If this triggers the firewall, they may see a message something like “Windows Firewall has blocked some features of this app”. It makes sense: something new is trying to access the device and, naturally enough, this triggers the firewall, thus requiring the user to opt-in to grant access – both now and for future access.
For many lay-users, this message is an annoyance but it does reveal one of the drawbacks of firewalls: they are not aware of your intentions. There is no predictive capacity. Thus, if your system encounters a threat your firewall is not set up for, it will not be triggered.
Last, as well as software firewalls, you can also have hardware firewalls. These are physical devices that act as an intermediary between your “computer” and the internet connection. Literally the network cable from your device goes in one end and the cable to the internet-connected router goes into the other. Many routers now contain simple firewalls, particularly at the consumer and small business level, but like a Swiss-Army Knife, they’re convenient, but not necessarily the best solution for a task as a trade-off.
So, that is the theory behind firewalls. In practice, firewalls stop the overwhelming majority of attacks, but they still have their limitations so that they can’t be considered a complete cybersecurity solution. After all, cybercriminals are both inventive and persistent – always working to find ways to go around, under, over, or through the latest improvements to any firewall.
The Internet 2.0 solution though, offers a full functional firewall build on our experience inside military and intelligence operations. It’s also offers an elevated level of protection and other important features that hide users from the threats they would otherwise encounter using our own “obfuscation technology” to render your organisation invisible online.
The Differences Between What VPNs And Firewalls Do
As you have read, firewalls and VPNs both boost cybersecurity, but they do it by different means: concealment of activity on one hand, and acting as a defensive barrier on the other. So now, let’s look a little more at how these two technologies interact. The key thing to know here is that both VPNs and firewalls have characteristic limitations.
VPNs cannot counteract threats, they simply make a computer’s online activities difficult to track. Generally, a VPN will not monitor or restrict the data packets moving through it. Yes, some VPNs have a function that cuts the internet connection if it detects that your IP has been exposed, but this is hardly the same thing as detecting malicious code or active security breaches.
Configuration and Benefits
As mentioned above, a firewall is only as good as its configuration. You – or your CTO or IT Manager – must choose how your computer communicates with the internet. How these rules are configured and updated can make all the difference. Think of it like this: your castle has guardsmen at the gate, but what have they been told to watch out for? If the policy is too lenient, then anyone can wander into the castle. If it is too strict, innocent traffic gets blocked.
If you’re still with us, you’ll now see why the debate of “VPN versus firewall” is not a debate at all. It is not an either/or issue, but rather the technologies are complementary tools: the tunnel and the barrier – one works via concealment, the other as a fortification. Speaking generally, the advice these days is that while VPNs are widely applicable for many use cases, firewalls are necessary for all networked computers.
It’s the same old story: there is no silver bullet with cybersecurity. Simply having a firewall is not enough, neither is simply using VPN. The variety of threats is too broad. Still, for most users – personal or commercial – using a VPN is about as close to internet anonymity as they can get. There are other options, such as TOR, but these tend to bring serious drawbacks, such as crushingly slow speeds. If you want a more complete system, Internet 2.0 provides military-grade solutions for even small corporate networks.
In any event, if you have a properly configured firewall in place and your business uses a VPN, then you’re in good company. Or, at least, among leading companies. And there’s no compelling reason not to be a leader too. The old adage holds true yet again: How much security should you have? A little bit more than you need!
To find out more, turn to Internet 2.0. A team of cybersecurity experts with experience in military and intelligence agencies. Discuss the issues. Ask the tough questions. Get the protection you need. Find out more; contact Internet 2.0 today.