The Internet Superhero

VPN vs SSH Tunnels: Two Sides of the Same Coin?

Published 09/02/2018 in Internet Security - 0 Comments
VPN vs SSH tunnels Illustration

VPN vs SSH tunnels: An Overview of both Encryption Tunnels

Encryption is a fundamental network security concept that is often used to protect data from ex-filtration. This is especially when the data is being transferred across different networks like the internet. Virtual private networks (VPN) and secure shell (SSH) tunneling are some of the techniques that are used to encrypt data in transit through tunnels. Comparing VPN vs SSH tunnels draws some similarities since they are both techniques of encryption tunneling. These techniques are often referred to as tunnels since they encapsulate the original data packets in other packets.

However, even though VPN and SSH tunneling are techniques used in encryption of networks, they have as many differences as there are similarities. Therefore, in this article we shall feature VPN vs SSH tunnels.

VPN vs SSH tunnels: What is VPN Tunneling?

Comparing VPN vs SSH tunnels

Illustration of a VPN tunnel

VPN tunneling is perhaps the more commonly used technique if you pit against SSH tunneling. It performs tunneling between two remote hosts through creating a virtual network between the two hosts. Though the physical infrastructure between these two hosts may be public, the virtual network that is created provides an end to end encryption. This encrypted virtual network ensures the data is kept secure. There are two types of VPNs that are normally implemented.

Compulsory VPN

The first type is called a site to site VPN or a compulsory VPN. This type of VPN is usually implemented in the network devices such as routers or security appliances. Here, all the data that is leaving the network is encrypted. The same applies to the other remote end of the VPN. This technique is often used by large corporations when connecting to a partner network. For instance, when an organization contracts another company to assist in designing their products and the two collaborating companies gain access to each other networks. Most users within the network are often never aware of the existing VPN connection between their networks.

Remote VPN

The second type of VPN is called a remote VPN. This is usually a personal VPN connection that is connecting one host to a network or another host. This type of VPN tunneling is often used by organizations to connect telecommuting employees to the corporate network securely. Here, the host computer must have a VPN client that initiates the VPN tunneling. The VPN server on the corporate network then authenticates and encrypts the VPN client’s credentials. This must be done before initiating the VPN tunneling. In this type of connection only the single host’s data is encrypted through the connection they have initiated.

VPN vs SSH tunnels: What is Secure shell tunneling

Illustrative description of SSH tunnel

Secure shell tunneling is the use of SSH as an encryption technique for protecting data that is in transit. SSH, as a protocol, is often used as a secure version of Telnet. In other words, it is used in remote management of network devices. SSH encrypts the data within the SSH connection and is useful in encapsulating other protocols that are not encrypted like FTP and SNMP. SSH tunneling is achieved through two main techniques: local port forwarding and remote port forwarding.

What is Port Forwarding?

Port forwarding is a networking term that is used to describe a direct connection between two connections that is created between two ports. A good example of port forwarding is when a company has a specific service being hosted within their private network and wants the service to be available for users outside their network. Often, the company provides a URL that translates into the particular port that is listening for connections. Port forwarding enables remote connections into private networks.

Local Port Forwarding

SSH tunneling uses port forwarding to achieve encryption for the data that is supposed to reach the particular port. For local port forwarding, the user specifies their local port and translates it into the remote port that they intend to connect to using SSH. Local port forwarding is useful in connecting to a home network over the internet to transfer the data securely.

Remote port forwarding

Remote port forwarding is often used by users to avoid network policies in corporate networks. For instance, if your company doesn’t allow connections to certain sites, remote port forwarding can be used to circumvent this. The user specifies the URL of the service he/she wants to connect to and the port number that is listening on the other side. For web traffic, this is often port 80 that is the HTTP port number. This technique can also be used to connect securely to remote servers in a particular network. However, the user needs to know the port number that is listening for that connection on the remote end. All the data that is forwarded through the SSH tunnel is encrypted and protected against eavesdropping.

Demerits of VPN and SSH Tunneling

VPN and SSH tunneling can pose a danger to network security

In comparing VPN vs SSH tunnels, they share one main horror, that is, network security. Most hackers use both VPN and SSH tunnels in network attacks. To avoid detection, threat actors can use VPN and SSH tunneling to ex-filtrate data from compromised hosts and networks. Most firewalls do not have the capability to inspect encrypted packets. Therefore, if a network has been compromised, the firewall will not notice the data loss that is taking place.

Intrusion Prevention Systems

One of the methods that’s used to counteract data loss through VPN vs SSH tunnels is deep packet inspection. Deep packet inspection decrypts the data that has been encrypted by SSH or VPN tunneling. It confirms that the destination addresses and contents of the packets are within the company’s acceptable threshold. This is often achieved using an intrusion prevention system (IPS).

The intrusion prevention system also often has a data loss prevention (DLP) system. DLP prevents the ex-filtration of sensitive data from the network. This is by limiting the amount of data that can be moved from the network, the type of data that can be moved and the geographic location of the recipients of the data.

Parting Shot

VPN and SSH tunnels can be a hacker's valuable tools

Data encryption was implemented as a way of protecting data in transit through public network infrastructures like the internet. We have seen that VPN and SSH tunneling use different methods to achieve data encryption.

When comparing VPN vs SSH tunnels we see that they are not only important in protecting data from eavesdropping, but can also be used to move data from a network that has been compromised. This poses a challenge for network administrators. Ensuring that tunneling of data is not used to move sensitive data from a network requires the implementation of an IPS. IPS can decrypt the data and inspect the sensitive data.

The geo location services of IPS also enable a network administrator to inspect the locations of the remote hosts that users are communicating with internally. Therefore, if an unverified host is discovered within the corporate network means that an attack maybe underway and the communication should be further inspected.

No comments yet

Leave a Reply: