Tip

Virtual private networks offer secure, simple remote access

If you are connecting to your small or medium-sized business's internal network from a remote location, you should be using a virtual private network (VPN) -- period.

VPNs encrypt

    Requires Free Membership to View

your sensitive traffic and require strong authentication, providing safe remote access. VPNs are also easy to aquire and use. The technology is mature, it's integrated into your firewall or unified threat management (UTM) platform and it works relatively hassle-free.

During the past few years, there has been a migration from IP Security VPNs to Secure Sockets Layer (SSL) VPNs because SSL VPNs don't require a specific client on the end device. That makes deployment a bit easier, but the user experience (once configured) is roughly the same. More organizations are using VPN technology to connect their remote sites and using inexpensive Internet bandwidth. This allows small and medium-sized businesses (SMBs) to adopt the technology more readily.

But remote access and site-to-site connections are not all that VPN technology has to offer. VPNs can be used for other reasons in an organization:

  • Visitor and/or guest access
    When consultants, auditors and other foreign bodies show up and want to connect to your network, all of the network jacks in conference rooms should be put on a closed network and directed into a VPN concentrator. This allows you to require strong authentication to get onto the network, ensuring that only authorized users can access internal network resources.

    Another benefit of encrypting the connection for guests is if your physical network is compromised, a hacker cannot detect any authentication information by sniffing the network.

  • Wireless networks within your building
    I've seen a trend toward turning off the wired ports in most conference rooms and requiring use of the wireless. This ensures that misconfigured network ports don't allow a free pass onto the internal network.

    The deployment model is similar to guest access in that all traffic on the wireless network is run through the VPN concentrator. Many UTM vendors are starting to provide integrated Wi-Fi access points in their platform. This makes a lot of sense because by definition all traffic would be routed through a VPN, providing encryption and authentication.

Points of caution

So what's the catch? Aside from the cost of installing a few more boxes depending on traffic volumes, there isn't one. And with the price of access points and VPN concentrators continuing to come down, this is becoming less of an issue.

There is one area of caution that bears mention. I don't recommend organizations encrypt traffic on their internal networks. Not even between sensitive applications. Why? Encrypted data cannot be scanned and monitored for private data leakage or virus/worm proliferation.

Given the increasing scrutiny of regulations, even for SMBs, an organization must be able to inspect data as it travels through the network -- before it is ultimately sent out into the harsh world -- to ensure compliance.

But for providing access to your internal networks from outside your facility, conference rooms or over public wireless networks, you can't beat the security and convenience of VPN technology.

Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about The Pragmatic CSO at www.pragmaticcso.com, read his blog at http://blog.securityincite.com, or reach him via email at mike.rothman (at) securityincite (dot) com.


This was first published in April 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.