Network Basics: The ABCs of VPNs

By Kevin Reichard | Posted October 01, 2004
Virtual private networks, or VPNs, tend to get a bad rap as being difficult to set up, erratic in performance and a questionable deterrent against possible security breaches.

All of which, incidentally, are true.

But that doesn't mean that your business should avoid implementing VPN technology for your remote users or to connect remote locations. Think of a VPN as an insurance policy: Sure, most of your online communications will take place with no one electronically eavesdropping. Just as you may rarely, if ever, call in your car insurance policy, you may never actually need the security afforded by a VPN. It's that one instance — that one car crash, that one electronic eavesdropper — where you desperately need the insurance afforded by a VPN to avoid a huge loss in confidential and valuable data.

Big Trouble Looms for Small Businesses
Most larger businesses have already adopted VPN technology on some level, though given the explosion in wireless networking, there are many others that should be looking at some kind of VPN implementation. But in the SMB world, the story is different: Fewer than 500,000 SMBs have adopted VPN technology, according to market-research firm AMI Partners. Considering the millions of SMBs out there, the lack of implementation on this level is truly staggering.

First, a short explanation of VPN technology if your company doesn't yet use it. A virtual private network sets up a secure connection between a remote computer (or a remote network) and an existing network using the public Internet as a transport level. But the connection is more than just an Internet connection: Users also have access to applications on the network just like any other user connected via wire.

Users are usually exposed to a VPN when they try to dial in for their e-mail only to discover that the VPN is either down or misconfigured, but VPNs can also be used to connect remote networks communication via Frame Relay, ATM, X.25 or wide-area network (WAN). Using a VPN isn't the most secure way to connect networks — a private leased line keeps data from the outside Internet — but it can be a cost-effective method.

A VPN manages a "tunneled connection" between two machines. The metaphor isn't great, but we'll go with it anyway: Through encryption and authentication tools, the connection is not subject to any eyeballing from others on the Internet. Most Internet connections go through a variety of other machines (and thus can be compromised by someone observing the network traffic), but the VPN's tunneled connection closes the connection to outsiders, making it more secure than the average communication.

When connected, the remote computer looks just like another wired node to the wired network, with all the same permissions and applications. Contrast this to Web applications like Webmail, where the SSL security in a browser is being used to forge a secure connection. Using the Internet, widens the access methods available to users: The alternative is maintaining an 800 number for slower dial-in connections or forcing users to dial long distance into a company server.

The down side to all this is the added network overhead. Because all communications are encrypted and all packets have additional information identifying it as VPN data, it takes a lot more bandwidth to transfer data than normally. (This is why grabbing your Outlook e-mail via a dialup connection using a VPN can take a frustratingly long time.)

What You Need
Implementing a VPN involves two pieces of hardware and software: a VPN router at the network end and VPN software on the remote computer. (Additional hardware may be needed if you're connecting multiple networks via VPN.)

Several VPN software technologies and packages are available on the market, though the most secure are offered from third-party vendors. (This leads one to a worrisome issue in the VPN world: Implementations of the same "technology" are not always compatible. For instance, support of IPSec among different vendors can be spotty.) We're not going to get into the specifics of VPN protocols, like L2TP, SOCKS and IPSec. Implementation of these protocols tend to be more vendor-specific than the vendors like to admit.

There is one way to tackle the VPN issue without actually worrying about the configuration and installation: using a firm that offers managed VPN services. There are usually hidden costs associated with VPNs, and working with an outside vendor can help your firm better identify total costs.

There are several advantages to this approach: no or little investment in VPN hardware is required and your overworked IT guy doesn't need to tackle the care and feeding of the VPN. However, there are few ISPs that offer standalone VPN services, and most offer managed VPN services as part of a wider array of network services.

A VPN isn't the most glamorous of network technology, but in this day and age of telecommuting workers and road warriors needing full network access, it is an essential tool for any firm wishing to protect valuable and essential data.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date