Again, this was the case for many applications because the protocols to access them did not play well with NAT. If you wanted to access a Microsoft Exchange server pre Exchange 2003 (which supported RPC over HTTPS), you had to VPN in or use a Terminal Server. To help meet this need, stateful firewalls started coming out with enough power to handle NAT, protocol "fixups", and VPN tunnels. End users needed a way to connect into these resources remotely or from other locations. IT pros needed ways to tunnel private addresses from one location to another over the internet in order to help avoid costly private circuits. FTP is one such protocol still in existence due to the fact that it carries important IP and port connectivity details in the payload of the packet. If given a private IP address, certain protocols did not play well with NAT. Design decisions had to be made, such as, whether publicly accessible servers would still be given a direct public IP address or a private IP address. Using RFC 1918-compliant addresses started causing new issues. Servers that provided publicly accessible services were already online because of this - allowing it may have just been a matter of adding an ACL to the Internet router.Īs public IP space started to exhaust, we started seeing some RFCs to deal with the issue, such as RFC 1597, RFC 1631 and RFC 1918. Usually these had enough CPU for a handful of rules before performance became an issue. Packet filtering, if any, was done on the internet or edge router. In the early 1990s, it was common for workstations and servers to be directly assigned a public IP. More than 25 years ago, this was not the case. It is easy to think, "this is just how it is". We understand that our corporate networks usually have private internal IP addresses and do not question it much. We take for granted the need for VPNs today. To understand why VPNs are obsolete, it is helpful to understand why we needed them in the first place. They do not want to be bothered with VPN software. Today, people want to be able to use tablets, smart phones, home computers, wherever they are. Previously, employees would just access them at their office via work computer. How and where people consume these services has changed over time as well. Viable alternatives exist such as bastion hosts and web gateways that mitigate the need for site-to-site tunnels for administrative purposes. With the rollout of IPv6, drivers that required NAT and VPN will be going away once IPv4 is fully deprecated. In recent years, TLS has evolved more dynamically and stayed more secure than its VPN counterpart. Plus, they are already encrypted with strong and robust cryptographic protocols like TLS. Virtual private networks (VPNs) are becoming more obsolete, largely due to web applications being internet accessible and as powerful as their thick client predecessors that required VPNs.
0 kommentar(er)
