I’ve been deliberating for a while on whether to write something on the subject of Public IP’s and VPN’s but there still seems to be some confusion between the two amongst resellers and their end-users, so I thought it would be useful to share my knowledge.
Here at Zest4, we provide M2M and IoT connectivity to channel partners. In turn, our partners offer end-to-end solutions to their customers. One of the biggest frustrations that I face with M2M and IoT is the frequent request for a Public IP. There’s a real belief amongst resellers and their customers that a Public IP an essential requirement for managing their connected devices remotely.
Whilst I’m obviously more than happy to provide Public IP’s where they’re required, I do find that in 95% of cases, a Public IP isn’t the best solution for the end users’ needs. Couple this with the fact that, on a worldwide scale, we are at the point of exhaustion with IPV4 Public IP’s, it doesn’t make good business sense to honour these requests.
“How can we be at the point of exhaustion with IPV4 Public IP’s?”, you may ask. Well worldwide there are roughly 4 billion IPV4 IP addresses. But this is now a problem because there are more than 4 billion internet-connected devices around the globe which has led to a shortage of IPV4 addresses and by mid-2018 they will probably be a thing of the past.
Aside from the global shortage, there are also massive security issues for end users if they use a public facing IP. Giving out your public IP address simply makes your business a target for hackers. It’s like posting your email address on the internet for everyone to see. Fraudsters and malicious people will be able to use your IP address to target your computer and other internet-connected devices. Whether they are successful or not depends on the way you’ve set up security levels on your device but by simply using a public facing IP puts you at much greater risk.
One of the more famous (but not serious) hacks that I often refer to is the Jeep hack*. If you’ve not heard the story, it was a test situation in which hackers took over the controls of a Jeep Cherokee whilst the driver was at the wheel. If it had been a real-life situation, the consequences could have been incredibly serious, but it was all made possible by the hackers being able to get hold of the IP address of the vehicle.
I’ve also heard stories of insurance companies not paying out when companies have been breached by hackers, and all because the company’s security solutions used public facing IP’s in their technology which put them at risk.
So, having the right solution for your end-user customer is absolutely critical. Just because they ask for something, it doesn’t mean it’s the right solution for their needs, and as the experts in this industry, we should have the confidence to challenge their request, educate them and supply what we know is right.
So, for those of you who are still a little unsure of the different solutions available, here’s a quick overview…
What’s an IP address?
Every connected device is assigned with an IP (Internet Protocol) address. IP’s are used to facilitate communications between devices that are connected to the internet. It’s a bit like your home address – when you want something sent to you at home, you have to provide your postal address, so the postman can find you. The same principal applies when you’re sending or receiving data over the internet to your remote device. If you don’t have the address, you can’t locate your device, so in this case your device’s IP address is used to route data to the right location. There are several different categories of IP address – Fixed Public IP, Fixed Private IP, and Dynamic IP address.
What is a public IP address?
A fixed public IP address is a publicly accessible address that can be reached from any point on the internet by anyone that knows the IP address of your device. Having a public IP address is convenient if you’re away from your internal network and need to remotely access a device or computer. If the device is assigned with a public IP address, you can easily connect to it from any location using web based software. However, there are also significant security risks associated with public IP addresses. As they are publicly accessible, it means that anybody in the world can access your device, if they know it’s a public IP. This could create a significant security risk for a business as it is open to hackers, fraudsters and other cyber security breaches. Companies should be taking all steps possible to protect their data and secure their internal networks, but we find that partners and customers often ask for a public facing IP address so they can remotely access their systems and they aren’t aware of the alternatives.
What’s a VPN?
VPN stands for Virtual Private Network and is exactly what it sounds like – a network with no physical location that is configured to protect a user’s privacy online. A VPN is a service that allows you to connect to the internet or a connected device, such as a router or CCTV camera, via a server run by a VPN provider. A VPN establishes a secure connection and ensures that the network and any data sent between users is encrypted, making it a reliable safety measure when using public Wi-Fi and other untrusted networks.
The user’s IP address is also obscured by VPN so anyone wishing to track the user’s activity will see the IP address of the VPN-connected network rather than the address of the user’s local network. All data travelling between your computer, phone or tablet and the “VPN server” is securely encrypted. A correctly set up and managed VPN will allow customers to access a fixed private IP address securely without leaving their data or devices open to attack
What are the benefits of a VPN over a public IP?
There are 3 main benefits of a VPN over a public IP…
- A VPN is a secure solution. VPN technology was originally developed to allow remote workers to securely connect to corporate networks to access corporate resources when away from the office. The same technology now allows remote access to M2M devices without opening up these devices or any data to the public internet. Devices with a public IP are open to attack. The primary benefit of a VPN is enhanced security and privacy. VPN tunnels encrypt the traffic sent to and from the user, making it all but impossible for would-be attackers to use any data they intercept. Since VPN tunnels also obscure a user’s IP address, they also make it harder for third parties to track a user’s online activity. Instead of seeing the individual user’s IP address, the third party will only see the IP of the network to which the user is connected via VPN. Lastly, VPN tunnels are useful when you need to access something on a remote network.
- It’s a cost-effective solution. The cost of a VPN via Zest4 is between £25.00 and £60.00 per month rather than £25.00+ per month for each public IP.
- It’s an accessible solution. The remote devices can be reached across the VPN or an additional SSL VPN service can be provided to allow access to them.
Are there different types of VPN?
Two of the most commonly used VPN protocols are SSL VPN and IPSEC VPN. When working with our partners, Zest4 provide either an IPSEC or SSL as part of our solution.
- IPsec VPN is one of two common VPN protocols or set of standards used to establish a VPN connection. It’s set at the IP layer and it is often used to allow secure, remote access to an entire network (rather than just a single device). If you have a customer or partner that requires access to multiple devices or has multiple users that need to access a single device from various locations, IPSEC is probably the best solution to be discussing.
- SSL VPN, or Secure Sockets Layer, is the second common VPN protocol. A big plus for SSL VPN is that they can allow segmented access for users. For example, users can be limited to checking email and accessing shared drives rather than having access to the entire network.
Whilst there may be a number of considerations to choosing which type of VPN is most suitable for your customer, a general guide would be…
- If your customer is looking for a solution on a per-user basis with access to a single device from a single location, then SSL would be the recommended solution.
- If your customer needs to give trusted user groups homogenous access to entire private servers, multiple devices and subnets, then IPSEC VPN is most suitable.
So there you have it – a quick guide to public IP’s versus VPN. I hope it gives you a good understanding and helps you to identify which solution is best for your customers’ needs, but if you would like any further advice, please give us a call on 0161 956 3355.
At Zest4 we are here for our partners, the journey into IoT is a joint one and we are with you all the way.