A Virtual Private Network (VPN) is a service which allows users to connect to a company’s network (including emails, shared drives, databases etc.) via an encrypted tunnel to ensure online protection of sensitive data. Most firms use a VPN to significantly enhance their cyber posturing, preventing unauthorised access to their business-critical systems and applications.
For end users, this means that users have to log into a citrix environment or use a RSA token to log into the firm’s network when working from home or on the go.
How is the VPN used for CORE?
CORE is a browser-based application and therefore available from any device that can run a modern browser. To ensure we keep bad actors at bay, access to the application is not open to the “public web”.
What does this mean? only web traffic (access requests) from pre-designated sources, determined by the IP address, is allowed access to the application.
How is this achieved? most VPN have a fixed IP address. This address is added to the “safe list” (whitelisted) in the application and any traffic coming from these “safe” sources is allowed through. All other traffic from un-authorised sources are shown a “time out” error.
What happens if I am not logged in the VPN? If your firm has opted to use the VPN option for access management, please be aware that you need to be logged into your VPN before you attempt to access the application website. Accessing the service without first logging into the VPN will result in a “This site can’t be reached” message.