|
|
 |
|
 |
VPN - Extend your network and keep
hackers out | |
| back |
Once
upon a time, a VPN was about as important to your
small- to medium-sized business as UPN, the
television network that featured "Buffy the
Vampire Slayer." But hackers and online villains
have come along to change that.
VPN, which
stands for "virtual private network," is a
hardware/software solution for remote workers,
providing authorized users with a data-encrypted
gateway through a firewall and into a corporate
network.
Once the domain of big business, VPNs
have come down in price and are a hot commodity in
the small-to-midsized business market. If you have
telecommuters, satellite offices or employees who
travel and need to connect to your corporate
network via the Internet, a VPN — implemented
properly — will slay the efforts of most any
vampires trying to get their teeth around your
sensitive data. It also will save you a bundle on
long-distance phone calls.
"VPNs are
data-encrypted tunnels over the Internet," says
Kneko Burney, chief market strategist for business
infrastructure and services at In-Stat/MDR. "They
offer robustness and security, and are a cheaper
alternative to a dedicated phone
line."
(Solutions for a small number of users
start at under 0.)
So, the question is: Do
you need a VPN for your business? The answer is a
definite maybe. Here are a few things to
consider: |
 |
1. |
How sensitive
is your company's data? For most
businesses, the answer is probably "very." Most
companies have customer information and records,
financial records and company secrets in their
internal networks that merit the best protection
you can afford. On the other hand, if your
sensitive data is stored offline, and you don't
have anything online that you think a hacker
might be interested in, perhaps you don't need a
VPN. |
|
2. |
Do you have
telecommuters, traveling employees or other
remote workers? The benefits of a VPN
are twofold: Not only do they offer secure
network access to those traveling or working
off-site, but they extend the corporate network
to those workers to make them feel a part of the
company — part of your team. |
|
3. |
Do you have
more than a few employees? A VPN may be
an expensive solution for a company with fewer
than five employees, unless they all travel or
work remotely. Burney suggests companies with 10
or more employees (including telecommuters,
remote workers or travelers) are most likely to
reap the economies of scale that a VPN can
offer. Obviously, the service costs more per
month than DSL. |
|
4. |
Do you have
SSL-encrypted Internet pages already?
Some companies using Microsoft Exchange servers
for e-mail already may have the encryption
protection necessary for remote workers — at
least for accessing their e-mail (via Outlook
Web Access), says Matthew Berk, a tech research
analyst. For businesses with low sensitivity
requirements, he says, "there are Web-based
alternatives to a VPN for authentication and
encryption," though they may be less
secure. | |
| If
you've determined you do have a need, here are six
tips from analysts: |
|
1. |
Know the
difference between CPE and network-based
VPNs.
CPE stands for a Customer
Premise Equipment-based solution, which
represents the majority of VPNs on the market. A
CPE-based solution offers end-to-end encryption.
A network-based solution does not encrypt data
until it reaches the Internet; in other words,
there may be small gaps before and after the
data reaches the Internet where it is
unencrypted.
Most analysts believe the
security risk of a network-based VPN is minimal.
But businesses in certain federally regulated
industries such as telecommunications, energy,
banking and finance and health care are required
by law to have secure networks — which virtually
mandate end-to-end data encryption, as well as
firewalls and other security devices.
The
advantages of a network-based solution? They are
often cheaper and easier to manage, says analyst
J.P. Gownder of the Yankee Group. |
|
2. |
Install
yourself or use a managed
service?
If you have an IT staff or
a consultant, you may want to buy and implement
a VPN from a top-notch provider such as Cisco or
SonicWall yourself. You have more control over
the setup and usage. But . . . VPNs often are
implemented incorrectly, and that can open up
big security holes, Berk says. In addition,
administration and management of VPNs in-house
is complicated and "can be a hassle," says Jason
Smolek, an analyst for
IDC.
Telecommunications companies such as
Qwest, Verizon and BellSouth, as well as several
Internet service providers, offer managed
security solutions that could save you the
hassle. Many bundle their VPNs with a
firewall. |
|
3. |
Have a
firewall too.
Some users have a VPN
instead of a firewall, but that isn't smart. The
purposes of a VPN are to create an encrypted
tunnel or gateway through your network's
firewall and to keep out hackers. The VPN
encrypts the pieces of data, but the firewall is
still needed to provide a prison fence around
your network. It makes little sense to have a
VPN and not a firewall. |
|
4. |
Look for
"IPSec" compliancy and operating system
compatibility.
IPSec stands for
Internet Protocol Security, and is
VPN-supporting technology included in Windows
2000 and Windows XP. Used with compatible VPNs
(and the majority are, according to analysts)
IPSec guarantees the authenticity, integrity and
confidentiality of network traffic.
Interoperability with a VPN may be an issue,
however, with Macintosh systems or those using
Windows 98 or a prior Windows operating system
on their desktop, Berk says. Make sure you buy a
VPN compatible with your operating
system. |
|
5. |
If you have a
wireless LAN, make sure your VPN operates
securely with it.
Having a VPN
certainly enhances the capabilities of your
wireless local-area network (LAN). But the
"layering" of a VPN on a wireless network can
result in security holes if not done properly.
Dennis Eaton, chairman of the nonprofit Wireless
Ethernet Compatibility Alliance (WECA),
recommends that businesses place their wireless
LAN outside of their network firewall, and
provide the VPN to tunnel through the firewall,
to ensure the utmost security. Otherwise, he
says, wireless network traffic can accumulate
and move around inside the firewall, virtually
nullifying the VPN and risking security. "You
want to make sure the firewall is on the inside
and the wireless network on the periphery,"
Eaton says. |
|
6. |
Know that a
VPN may cause a performance hit for the remote
user.
This happens when suddenly
some 10% to 15% of the bandwidth you have
available remotely goes to security. "VPNs are
great for setting up a secure connection, but
they take up a healthy chunk of the performance
speed," says Joe Laszlo, broadband analyst for
Jupiter Research. "It's not so bad that it is
unusable, but in many cases, it is
noticeable."
Despite this, Laszlo and other
analysts say that if you need a secure
connection for your remote and traveling
workers, VPNs are worth the money. "Some smaller
businesses are just getting to know them, and
there is a perception among some that (VPNs)
aren't that secure," Burney says. "The reality
is that they are phenomenally
secure." | |
| |
| back | |
| | | |
