Virtual private networks, or VPNs, have been around for about a decade. They provide secure data exchange between two locations using an encrypted connection.
VPN technology has changed little over the years. A newer version of VPN software, known as SSL-VPN, taps into the common IP circuitry of Web browsers to make secure connections with less reliance on third-party software.
VPNs have long been an internet tool used to keep enterprise networks free from unwanted visitors. However, VPN’s complex configuration and maintenance needs can sometimes put excessive strain on very small businesses with small (perhaps even single-person) IT departments.
“One of the biggest challenges with rolling out VPNs for SMB is, how do you deploy it and train your staff to use it?” Jason Leung, senior product line manager for SMB security at NetGear, told TechNewsWorld.
The basic concept of a VPN connection is akin to making a private call on a telephone instead of a party line call. Most Internet connections are relatively unprotected and wide open to hacking. With VPN technology, no unintended users can listen in.
The idea behind it is to use general Internet access together with a dedicated tunnel, according to James MacDonald, technical architect for Connect In Private. VPN interconnects the Internet and encrypts the connection.
“VPN makes a secure layer for data transfer between two points. There are two kinds. Site to site is between two offices. Remote access VPNis for laptops and other mobile devices,” MacDonald told TechNewsWorld.
For the most part, VPNs lock down Internet connections for limited uses, such as securing email or downloading and uploading files. But the encrypted connection does not extend to general Web surfing.
“VPNs are a way to build a secure channel between your usual mobile location and the corporate office,” Leung said.
Best practices involving safe computing still must be followed for non-encrypted Internet connections. VPN is not a cure-all for everything.
Not much can be done to secure the Web except for what happens within a VPN service. It is a layer, but physical barriers are needed to prevent unauthorized access to the actual computer hardware, noted MacDonald.
“We protect through a VPN the most common areas where hacking occurs,” he said.
Traditional VPN software involved tough setup routines. IT staff could configure remote computers and other mobile gear to maximize security, but such finicky finessing made VPN usage less attractive to companies that lacked resident IT gurus.
Potential SMB users are often strapped for resources with a very small, if any, IT staff. Even pay-as-you-go consultants can be too pricey.
Numerous setup issues can plague VPN use. For instance, noted Leung, PCs at a location are not standard. A hodge-podge of PC equipment can be tricky to configure.
SSL-VPN evolved to address this deployment issue. All browsers have a common connection base to computing, so the VPN plug-in can bypass client software and use the browser, Leung explained.
Much of VPN use today is geared to enterprises with complex network configurations. This does not translate well down to the SMB level. The industry needs to boil it down for that easy use, Leung said.
Part of the reason for this slow adoption is the tendency to treat SMB customers as stepchildren. For example, the enterprise pricing structure is based on how many seats a company will connect to the VPN.
“SMBs need a different pricing model. They need a method where they can buy the box and get all the user licensing with no command-line interface in the configuration. SMB does not have that many requirements. So the setup routine needs to be wizard-driven,” said Leung.
New VPN Options
A new generation of VPN products could make VPNs more suitable for individual users and SMB customers. The technology remains the same, but the packaging and feature sets put more emphasis on the benefits of using a VPN.
One new simplified solution comes from OpenVPN.It is an SSL-based open-source VPN software. It runs on Windows, Linux, and Mac OS X operating systems.
OpenVPN comes in two varieties. The free download of the community edition has no paid support. The Enterprise edition is a free download with two free licenses and paid support.
“Security comes from encryption as one part of the solution. The second aspect is the multi-factor user identification that can be required through a token or text message, cellphone, or certificate. These methods are very hard for hackers to attack,” Francis Dinha, cofounder and CEO of OpenVPN Technologies, told TechNewsWorld.
The company is growing customers ranging from very small home offices with one or two individuals to larger firms and full-scale enterprise companies, according to Dinha.
“We are seeing an uptick in companies moving from hardware solutions to software for greater flexibility. Universities have rated it as very secure,” Dinha said.
Protection is only for the endpoint of the channel. The VPN connection does not extend to general Web surfing.
Yet another variation on the VPN theme is a service offered by ConnectIn Private (CIP). The company provides a connection behind a private server. Somewhat like connecting to a proxy server, subscribers can gain not only an encrypted channel between two points for secure email and data exchange, but that encrypted channel can also be extended to general Web surfing.
“It’s not a big surprise that hackers are ahead of vendors. Best practice still counts in securing all your Web transactions,” MacDonald said.
Having an account with CIP is like having your own off-shore e-mail account. This can provide an added layer of anonymity as well as more Web security. The company’s servers are kept in different countries. The servers are in Panama City, Panama. The corporate offices are in Canada.
The CIP service is owned and funded by a company based in Panama. However, as privacy laws change in various countries, so can the tenor of law enforcement’s efforts to gain access to email and Web surfing practices.
“It becomes a little bit harder to get court orders enforced to divulge encrypted content of our subscribers,” said MacDonald.
CIP routes the Internet connection to Canada and then through Panama. Both individual and enterprise users are connected through the company’s VPN, so all Web surfing is encrypted.
“That is one of the benefits of our service. That is one of the big differentiators of our service over other offerings. Our VPN takes in everything– IM, email, all Web traffic,” he explained.
More to Offer
“The industry needs to do a lot of evangelizing about the benefits of VPN. Things like client endpoint enforcement, patching control, etc. Small businesses always lag behind by several years in the adoption of technology,” said Leung.
Potential VPN users have numerous service providers from which to choose. Here are three more:
- LogMeIn’s Hamachi2 is a hosted VPN service. It extends LAN-like network connectivity to mobile users. The free version is for non-commercial use with up to 16 clients. The commercial version requires an annual subscription and includes 256 clients.
- Cisco VPN Client requires XP, Vista (x86/32-bit only) or Windows 7, Mac OS X, Linux, or Solaris Unix and supports IPSec connections to Cisco VPN concentrators.
- Tinc VPN is free software that enables virtual private networking via low-level daemon or network device configuration. Designed originally for Linux / Unix networks, Tincalso works on Windows computers.