Archon Secure Blog

The Definition of Hardware VPN in 100 Words or Less [FAQs]

Written by Vesh Bhatt | Jan 10, 2022 3:15:00 PM

A virtual private network (VPN) is a cybersecurity tool meant to allow access to a centralized, internal, private network from outside the edge of that network, typically over public networks or the open internet.

What is a hardware VPN?

A hardware VPN is a standalone physical device that allows private access to a private network, from outside the edge of that network, which includes its own dedicated processor, encryption, and firewall capabilities, and can provide obfuscation from the public networks used to connect.

A virtual private network is meant specifically to help us protect the devices at the edges of our networks.

 

🔎 Related Articles: Hardware VPN Buyers Guide

 

Frequently asked questions about Hardware VPNs

Some of the most common questions we receive about selecting and using a VPN are:

 

  1. Hardware VPN vs. software VPN, which is the better option?
  2. How safe is a VPN connection?
  3. Does a VPN hide your IP?
  4. How does a VPN work with Wi-Fi?
  5. Which is a better solution for businesses?
  6. Should I use a VPN at home?

 

Hardware VPN vs. software VPN, which is the better option?

One of the most common questions we field is “Is a hardware-based VPN a better choice for my needs than a software-based VPN?"

The answer is always: “It depends on your needs!”

 

There are many factors that go into the decision to choose a hardware or software VPN and they each have their pros and cons.

 

A software-based VPN is achieved by downloading software on each end-user device that needs to connect to the secure network, as well as installing software on the central network to which those devices will need to connect. Software-based VPNs will encrypt data that is transmitted between the end-user device and the main network.

 

Hardware-based VPNs are typically physical devices that connect to an end-user device and, when coupled with software installed at the server-side within the main network, encrypt communication between the two.

 

In addition, hardware-based VPNs can typically offer firewall functionality to users as well.

 

You can learn more about the reasons why you might want to choose a hardware VPN in our article “Why Do We Need a Hardware Only VPN at the Edge?” or view a quick visual comparison of hardware and software VPNs here.

 

Does a VPN server hide your IP address?

Hardware-based VPN solutions typically can hide your IP address by offering firewalling and isolation capabilities.

 

For example, end-user devices connected through our GoSilent Cube hardware VPN never actually touch the networks they connect to. The GoSilent device acts as a firewall between the device it is connected to and the outside world. No other devices on the same network as that end-user device can even see that the device itself exists. Instead, their view ends at the GoSilent Cube.

 

 

Certain hardware solutions can go a step further and provide complete IP obfuscation, including making it look like you are connecting from a different physical location than you really are connecting from.

 

For instance, using a combination of our GoSilent Cube hardware VPN along with our Global Servers to connect, you can appear to connect from literally anywhere in the world. This dual IP obfuscation is achieved through the use of different ingress and egress IP addresses.

 

How safe is a VPN connection?

The safety of a VPN connection is highly dependent on the end-user, and the settings you or your organization have configured.

 

Hardware VPNs can reduce the risk of misconfigurations and user error.

Because there is nothing to configure on a GoSilent, there is nothing to misconfigure. It is as simple as plugging the GoSilent Cube into the end-user device (or connecting the two over the GoSilent Cube's LAN). That’s it. Making it an easy-to-use and deploy VPN solution.

 

With software, there are usually plenty of settings that can be set incorrectly and far more training a user will need in order to make sure they are using everything correctly. If a user misconfigures the software or does not know how to use it, the risk of unauthorized access to your data increases considerably.

 

Hardware VPNs can reduce centralized IT management efforts.

IT departments love how little is required of them to keep a hardware-based solution up and running effectively. There are no constant patches and updates to keep track of. For the most part, once initial installation and setup of the server-side software are complete (usually in as little as 10 minutes) there isn’t much they have to worry about.

 

However, not all hardware VPNs are created equal here. Many hardware VPN server management systems are notoriously difficult to use, requiring almost complete control through a command-line interface rather than a user-friendly graphical user interface (GUI).

 

You’ll want to look for a solution that makes it simple. Learn more about evaluating hardware VPNs to select the best fit in our article “What is the Best Hardware VPN?”

 

How does a VPN work with Wi-Fi?

Most hardware VPN routers will allow you to connect over Wi-Fi and act as the router for devices in physical proximity.

 

Specific to the design and configuration of GoSilent, it is possible to use it as a Wi-Fi hotspot and protect multiple end-user devices (like a mobile phone, laptop and tablet) all at the same time. In the case of software VPNs, each device would need to have a separate VPN client installed. This means less set-up and maintenance overall, and less concern about updating and patching.

 

An important factor to review when comparing and selecting the right hardware-based VPN for your needs is the number of devices that can be protected by a single VPN connection or VPN client device.

For instance, a single GoSilent Cube can protect up to 25 end-user devices, depending upon physical proximity and how the devices are connected.

 

The other thing to keep in mind when considering Wi-Fi connections is public Wi-Fi networks you may use to connect. Many of these networks (think Starbucks) utilize captive portals to allow users to connect. You’ll want to make sure your chosen solution protects you even when connecting through a captive portal (hint: most of them don’t).

 

Which is a better solution for businesses?

Again, this depends highly on your own needs and situation as an organization.

 

In general, the guidance we provide businesses on when a hardware-based commercial VPN solution is a better fit for them is if they find themselves meeting any of the following requirements:

  • Non-Corporate Wi-Fi connections: In cases where remote end-users need to connect over public Wi-Fi or may encounter captive portals, a hardware-based solution is far superior to a software VPN due to its ability to completely obfuscate the IP address of the end-user device, as well as its ability to isolate the captive portal within the GoSilent sandbox environment.

  • Networks with untrusted devices: In cases where end-user devices need to connect over networks that will likely have many other untrusted devices on them (think home Wi-Fi networks), the same benefits apply.

  • Allowing for partners to connect: When you have third party vendors that need access to your network, a hardware-based solution provides you the peace of mind that their connections will be secure regardless of how they are connecting (including public Wi-Fi), how their device or operating system is configured, and how conscientious they are about updating and patching.

  • Large professional services or contracting firms: For professional services firms, consultants may need to have VPN capabilities for multiple different clients. Software-based solutions require you to have separate VPN clients set up for each of these. By contrast, hardware simplifies the ability to connect from a single end-user device to multiple, unique central networks.

There are also a few business cases where you would actually need to combine both hardware and software-based VPNs. These include:

  • CSfC approved applications: CSfC requires the use of both hardware and software-based VPN for multiple layers of security. This is commonly found in government remote work applications.

  • IP obfuscation: If you want to hide the physical location of both the end-user device and the network they are connecting to, then a combination hardware and software solution will allow for that.

Additionally, you might also find that a combination of VDI and hardware VPN is the best fit for protecting your organization. If your organization is looking to implement a company-wide secure solution for remote work that is not overly expensive, difficult to manage or maintain, and simple for end-users, a combination of VDI and a hardware VPN may be the right fit.

 

Combining Virtual Desktop Infrastructure (VDI) with a secure hardware VPN would allow your remote employees to have secure remote access to your corporate network from their own devices. Learn more about how it works in our in-depth article.

 

Should I use a VPN at home?

In general, most of the conversations we tend to have are with organizations securing remote workers, however, there are quite a few benefits to using a VPN in your home for personal reasons as well.

 

Use of a VPN is one of the best methods you can use to protect any of the personal information you send across the open internet. Keep in mind that if you are using cloud-based applications, you’ll be protecting data in transit as you communicate with the cloud application, but once it is stored in the cloud you’ll be relying on the cloud provider’s security protections.

 

🔎 Related Articles: Hardware VPN Buyers Guide

 

For home use, you should look for a VPN that can be connected directly to your Wi-Fi router, allowing all devices that connect through that router to be protected simultaneously. In this instance, a hardware-based VPN router would be the right choice.

 

Some of the most important benefits of using a VPN at home, or for personal use, include:

  • Firewalling and isolation: The personal user devices connected through most hardware VPNs never actually touch the networks they connect to. The device acts as a firewall between your personal device and the outside world. No other devices on the same network can even see that your device exists, making it far more secure.

  • Smaller attack surface: Because your device is completely obfuscated from the network, the applications and operating systems that are running on that device no longer offer an attack surface. Typically, operating systems -- like Windows for instance -- will have a large number of potential entry points because the software is doing so much. This means more opportunities for attack.

  • Public Wi-Fi connections: In cases where you need to connect over public Wi-Fi, or may encounter captive portals, a hardware-based VPN solution that is portable is able to completely obfuscate the IP address of your user device, and certain solutions can also isolate you from the security concerns of any captive portals.

  • Networks with untrusted devices: In cases where you need to connect over networks that will likely have many other untrusted devices on them the same benefits apply.

Final Thoughts

Often viewed as “older” technology, hardware-based VPNs don’t get a lot of love.

 

In a world of buzzwords like "machine learning" and "artificial intelligence", utilitarian technologies that get the job done (often more effective and simpler than their more flashy counterparts) tend to get overlooked.

 

However, in many cases, hardware-based VPNs can provide better security, are easier to use, and require less maintenance than their software-based counterparts. And, we hope that we’ve answered some of the key questions that are on your mind when considering a hardware VPN.