Client-to-Gateway<\/h3>\n
A client-to-gateway connection is typically established between client software on a PC and a main office gateway router. Here are a few places that these are found.<\/p>\n
- \n
- Connecting a home user to the main office.<\/strong> With the rise in remote work, this is the most popular client-to-gateway connection in the past year.<\/li>\n
- Connecting a mobile user to the main office.<\/strong> Client VPN users do not have to be working from home. Traveling employees that need a connection to the home office can do so using client VPN software.<\/li>\n
- Connecting to a remote office in outage situations.<\/strong> A common situation in an emergency.<\/li>\n<\/ul>\n
VPN Management Best Practices<\/h2>\n
As with most technical configurations, every managed service provider should follow a set of best practices while managing virtual private networks. These best practices cover both client and gateway management. Here are a few ideas.<\/p>\n
Client Software<\/h3>\n
Managed service providers have a choice of client software when establishing client-to-gateway VPN connections.<\/p>\n
- \n
- Native OS software.<\/strong> Apple, Windows, and Linux all offer native VPN client software. These can be used with some, but not all, gateways.<\/li>\n
- Gateway-provided software.<\/strong> Most gateways will have their client software that can be used to connect via VPN. This is often the simplest to set up.<\/li>\n
- Third-party software.<\/strong> There are a few third-party software providers that offer VPN client software. This is most likely the least beneficial route to go in, as it has not been previously verified by the client OS or gateway manufacturer.<\/li>\n<\/ul>\n
Gateway Device Configuration<\/h3>\n
A gateway router acts exactly as described - it is a gateway into your network. Here are a few key ways to be sure that your gateway is configured with security in mind.<\/p>\n
- \n
- Use a strong pre-shared key.<\/strong> Be sure that your pre-shared key is long, random, and contains special characters. Never use something that an intruder would be able to guess at.<\/li>\n
- Force user authentication.<\/strong> Using a pre-shared key alone for authentication offers anonymity to network offenders and only one level of protection against intruders. Require each user to have a unique username and password for authentication. Furthermore, passwords must meet complexity requirements and should be changed regularly.<\/li>\n<\/ul>\n
VPN Protocol Selection<\/h2>\n
Several different protocols can be chosen for VPN encapsulation. Each has its advantages and it is important to understand what each offers when choosing what\u2019s best to use.<\/p>\n
\u00a0<\/a>![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/79b6ff0d-42a9-4545-b559-d70d2e8731f2.png\")
<\/a><\/span><\/span><\/div>\nPPTP<\/h3>\n
- \n
- Outdated<\/strong>. While this VPN option is still available on many gateway routers, it is outdated and no longer recommended.<\/li>\n
- Unencrypted<\/strong>. While a tunnel is established, the data transferred across it is unencrypted and is easy to be intercepted.<\/li>\n<\/ul>\n
\n\nRemote Access Security Essentials: Checklist and Best Practices [PDF]<\/div>\n<\/div>\n\n![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/53cea886-67bd-4601-a8c5-972ec6f9195b.png\")
<\/a><\/span><\/span><\/p>\n<\/div>\n<\/div>\nIPSec<\/h3>\n
- \n
- Still popular today<\/strong>. Even with its long history dating back to the early 1990s, IPSec is still the most popular and most used protocol today. This popularity leads to reliability and availability on gateway devices.<\/li>\n
- Two modes: tunnel and transport<\/strong>. These modes offer, respectively, encrypted and unencrypted communications. Managed service providers and users have a choice between speed and security.<\/li>\n<\/ul>\n
SSL<\/h3>\n
- \n
- Uses transport layer security<\/strong>. TLS is one of the most modern security protocols available and highly reliable.<\/li>\n
- Used by OpenVPN<\/strong>. OpenVPN is one of the most popular VPN solutions because of its open-source technology and free-to-low price point.<\/li>\n<\/ul>\n
Conclusion<\/h2>\n
For managed service providers to get ahead in the \u201cnew normal\u201d of work environments, they must be able to provide their clients with virtual private networks that will meet their needs and keep their data safe. Having a deep understanding of how virtual private networks work and the best management practices is just the first step.<\/p>\n
MSP360 Products and Resources<\/h3>\n
RMM<\/b><\/a> Platform:<\/b> This flagship product provides powerful<\/span> monitoring and alerting<\/span><\/a> and automated<\/span> patch management<\/span><\/a> and <\/span>HALOPSA integration<\/span><\/a>, to ensure endpoints remain secure and operate smoothly.<\/span><\/p>\n
Find what PowerShell and Command Prompt are, what is the difference,<\/a> and when to use each of these tools. Also, having a policy in place makes sense, when it comes to cyber insurance<\/a>.<\/p>\n
Managed Backup<\/b><\/a>:<\/b> This service offers<\/span> reliable cloud backup<\/span><\/a> and image-based protection. A key feature is the dedicated<\/span> SaaS backup<\/b><\/a> for popular platforms:<\/span><\/p>\n
Microsoft 365<\/span><\/a>, including<\/span> OneDrive backup<\/b><\/a>,<\/b> Outlook Backup<\/span><\/a> features, and Google Workspace.<\/a><\/span><\/p>\n
Start securing your IT environment today with our<\/span> Free Backup Software<\/span><\/a> or explore the full range of features. We are a<\/span> trusted company<\/span><\/a> committed to your success and here we share some tips on how MSP marketing can help you grow in a niche better<\/a>, or setting up a new IT department<\/a>.<\/span><\/p>\n
Finally, find videos aimed to guide you through installation processes for the cloud storage of your choice<\/a>, with advanced features of MSP360 Explorer, an overview the support for AWS Key Management Service in MSP360 Backup<\/a>, or how to configure a CM import role<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
VPNs, or virtual private networks, are trending more than ever with the rise of remote work. But how can a managed service provider take full advantage of what VPNs offer? The needs may be many, but they all boil down to two very common factors – accessibility and security.<\/p>\n","protected":false},"author":53,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[877,884],"tags":[],"class_list":["post-52762","post","type-post","status-publish","format-standard","hentry","category-blog-articles","category-msp-business-articles"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/52762","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/comments?post=52762"}],"version-history":[{"count":7,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/52762\/revisions"}],"predecessor-version":[{"id":61363,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/52762\/revisions\/61363"}],"wp:attachment":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media?parent=52762"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/categories?post=52762"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/tags?post=52762"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Used by OpenVPN<\/strong>. OpenVPN is one of the most popular VPN solutions because of its open-source technology and free-to-low price point.<\/li>\n<\/ul>\n
- Two modes: tunnel and transport<\/strong>. These modes offer, respectively, encrypted and unencrypted communications. Managed service providers and users have a choice between speed and security.<\/li>\n<\/ul>\n
- Unencrypted<\/strong>. While a tunnel is established, the data transferred across it is unencrypted and is easy to be intercepted.<\/li>\n<\/ul>\n
- Force user authentication.<\/strong> Using a pre-shared key alone for authentication offers anonymity to network offenders and only one level of protection against intruders. Require each user to have a unique username and password for authentication. Furthermore, passwords must meet complexity requirements and should be changed regularly.<\/li>\n<\/ul>\n
- Gateway-provided software.<\/strong> Most gateways will have their client software that can be used to connect via VPN. This is often the simplest to set up.<\/li>\n
- Connecting a mobile user to the main office.<\/strong> Client VPN users do not have to be working from home. Traveling employees that need a connection to the home office can do so using client VPN software.<\/li>\n