Virtual private networks, or VPNs, have been around for about adecade. They provide a secure data exchange between two locationsusing an encrypted connection.
VPN technology has changed little over the years. A newer version ofVPN software, known as SSL-VPN, taps into the common IP circuitry ofWeb browsers to make secure connections with less reliance onthird-party software.
VPNs have long been an internet tool used to keep enterprise networksfree from unwanted visitors. However, VPN’s complex configuration andmaintenance needs can sometimes put excessive strain on very small businesses with small (perhaps even single-person) IT departments.
“One of the biggest challenges with rolling out VPNs for SMB is, how doyou deploy it and train your staff to use it?” Jason Leung, seniorproduct line manager for SMB security at NetGear, told TechNewsWorld.
The basic concept of a VPN connection is akin to making a private callon a telephone instead of a party line call. Most Internet connectionsare relatively unprotected and wide open to hacking. With VPN technology, nounintended users can listen in.
The idea behind it is using general Internet access together with a dedicatedtunnel, according to James MacDonald, technical architect for ConnectIn Private (CIP). VPN interconnects the Internet and and encrypts theconnection.
“VPN makes a secure layer for data transfer between two points. Thereare two kinds. Site to site is between two offices. Remote access VPNis for laptops and other mobile devices,” MacDonald toldTechNewsWorld.
For the most part, VPNs lock down Internet connections for limiteduses, such as securing email or downloading and uploading files. But theencrypted connection does not extend to general Web surfing.
“VPNs are a way to build a secure channel between your usually mobilelocation and the corporate office,” Leung said.
Best practices involving safe computing still must be followed fornon-encrypted Internet connections. VPN is not a cure-all foreverything.
Not much can be done with securing the Web except for what happenswithin a VPN service. It is a layer, but physical barriers are neededto prevent unauthorized access to the actual computer hardware, notedMacDonald.
“We protect through a VPN the most common areas where hacking occurs,” he said.
Traditional VPN software involved tough setup routines. IT staff couldconfigure remote computers and other mobile gear to maximize security, but such finicky finessing made VPN usage less attractive to companiesthat lacked resident IT gurus.
Potential SMB users are often strapped for resources with a very small, if any, IT staff. Even pay-as-you-go consultants can be toopricey.
Numerous setup issues can plague VPN use. For instance, noted Leung,PCs at a location are not standard. A hodge-podge of PC equipment canbe tricky to configure.
SSL-VPN evolved to address this deployment issue. All browsers have acommon connection base to computing, so the VPN plug-in can bypassclient software and use the browser, Leung explained.
Much of VPN use today is geared to the enterprise with complex networkconfigurations. This does not translate well down to the SMB level.The industry needs to boil it down for that easy use, Leung said.
Part of the reason for this slow adoption is the tendency to treat SMBcustomers as stepchildren. For example, enterprise pricing structureis based on how many seats a company will connect to the VPN.
“SMBs needs a different pricing model. They need a method where theycan buy the box and get all the user licensing with no command lineinterface in the configuration. SMB does not have that manyrequirements. So the setup routine needs to be wizard-driven,” saidLeung.
A new generation of VPN products could make VPNs more suitable toindividual users and SMB customers. The technology remains the same,but the packaging and feature sets put more emphasis on the benefitsof using VPN.
One new simplified solution comes from OpenVPN.It is an SSL-based open source VPN software. It runs on Windows, Linuxand Mac OS X operating systems.
OpenVPN comes in two varieties. The free download of the communityedition has no paid support. The Enterprise edition is a free downloadwith two free licenses and paid support.
“Security comes from encryption as one part of the solution. Thesecond aspect is the multi-factor user identification that can berequired through token or text message, cellphone or certificate.These methods are very hard for hackers to attack,” Francis Dinha,cofounder and CEO of OpenVPN Technologies, told TechNewsWorld.
The company is growing customers ranging from very small home officeswith one or two individuals to larger firms and full-scale enterprisecompanies, according to Dinha.
“We are seeing an uptick in companies moving from hardware solutions tosoftware for greater flexibility. Universities have rated it as verysecure,” Dinha said.
Protection is only for the end point of the channel. The VPNconnection does not extend to general Web surfing.
Yet another variation on the VPN theme is a service offered by ConnectIn Private (CIP). The company provides connection behind a privateserver. Somewhat like connecting to a proxy server, subscribers cangain not only an encrypted channel between two points for secure emailand data exchange, but that encrypted channel can also be extended to generalWeb surfing.
“It’s not a big surprise that hackers are ahead of vendors. Bestpractice still counts in securing all your Web transactions,”MacDonald said.
Having an account with CIP is like having your own off-shore e-mailaccount. This can provide an added layer of anonymity as well as moreWeb security. The company’s servers are kept in different countries.The servers are in Panama City, Panama. The corporate offices are inCanada.
The CIP service is owned and funded by a company based in Panama. However, as privacy laws change in various countries, so can the tenor oflaw enforcement’s efforts to gain access to email and Web surfingpractices.
“It becomes a little bit harder to get court orders enforced todivulge encrypted content of our subscribers,” said MacDonald.
CIP routes the Internet connection to Canada and then through Panama.Both individual and enterprise users are connected through thecompany’s VPN, so all Web surfing is encrypted.
“That is one of the benefits of our service. That is one of the bigdifferentiators of our service over other offerings. Our VPN takes ineverything– IM, email, all Web traffic,” he explained.
More to Offer
“The industry needs to do a lot of evangelizing about the benefits ofVPN. Things like client endpoint enforcement, patching control, etc.Small businesses always lag behind by several years the adoption oftechnology,” said Leung.
Potential VPN users have numerous service providers from which tochoose. Here are three more:
- LogMeIn’s Hamachi2 is a hosted VPN service. It extends LAN-like network connectivity tomobile users. The free version is for non-commercial use with up to 16clients. The commercial version requires an annual subscription andincludes 256 clients.
- Cisco VPN Client requires XP,Vista (x86/32-bit only) or and Windows 7, Mac OS X, Linux or SolarisUnix and supports IPSec connections to Cisco VPN concentrators.
- Tinc VPN is free software that enablesvirtual private networking via low-level daemon or network deviceconfiguration. Designed originally for Linux / Unix networks, Tincalso works on Windows computers.