Relevant Technologies: VPN Shopping 101

< Back to Article List

VPN Shopping 101
By: Laura Taylor
July 26, 2002

Shopping for an expensive and sophisticated product can be a daunting task. However you don't need to know all the answers, as long as you know all the right questions to ask. Here are some guidelines for shopping for a Virtual Private Network (VPN) so that you can get the best value to fulfill your unique requirements and understand the technology you're shopping for.

Technology Background
A VPN is an encrypted tunnel created on a network over which end users and applications transmit data. Though originally VPNs designed to provide a secure channel over public external networks, today as security concerns increase, they are being used increasingly to also secure private intranets.

There are two main types of VPNs, and when shopping for a VPN you need to understand which kind it is that you need. End-to-end VPNs secure data from one wide area network endpoint to another, and secure remote access VPNs secure data transmitted by mobile users who use either dial-up, DSL, or cable broadband networks. An end-to-end VPN can be used on either an extranet or an intranet. End-to-end VPNs can also be used to connect one enterprise (or site) to multiple enterprises (or sites). All leading end-to-end VPNs offer VPN clients that can be used for secure remote access VPNs.

Suppliers want to be connected to their inventory sources, hospitals wanted to be connected to their primary care providers, and companies want to be connected to their ISPs, ASPs, and Web sites securely. Business partners need to share pieces of their intranet with other partners. There are numerous and varied reasons why companies use VPNs to ensure confidentiality and integrity of the data they are transmitting.

VPNs are typically based on three possible encryption protocols: IPSec, L2TP, and PPTP. IPSec is considered the standard, and all leading VPNs should offer IPSec.

Market Analysis and Predictions
After firewalls, the VPN market is probably the fastest growing information security market segment. Even in a floundering economy, the VPN market is growing at a rate of at least 200% a year. Today the VPN market is around a $15 billion market. This market will see increased expansion due to general information security concerns and also due to the proliferation of wireless technologies. VPNs could arguably be the best way to contain sensitive information to a particular business, or organizational division. Any corporate based wireless network should be completed encapsulated by a VPN. Wireless networks are far more susceptible to hackers than wired networks, and without the protection of a VPN, wireless networks are wide open to manipulation. Firewalls do not adequately protect wireless networks.

Relevant Technologies estimates that predictions by other analysts that suggested the VPN market would reach $30 billion by 2003 to be overly optimistic. If the Internet economy had not collapsed these earlier predictions might have matriculated. Nonetheless, the VPN market is well developed with a healthy growth rate and is clearly here to stay. VPN market leaders include Cisco, Check Point, Nokia, Nortel Networks, and Symantec. The VPN market will undoubtedly continue to expand for the foreseeable future.

Implementation Challenges
VPNs are difficult to implement. Even the leading and easiest to configure VPN products require advanced network planning. It is not unreasonable for an information technology division to take a minimum of 30 days to get a VPN up and running. However, part of the challenge of implementing a VPN has to do not just with the technology, but with how fast an organization can manage their internal processes.

End-to-end VPNs often require two different offices coordinating the implementation. If the systems engineers in both offices do not report in to the same organization, the implementation process will probably be slower. If the network management team is slow to assign IP addresses, and need to reconfigure router ACLs in order to implement a VPN, this will also slow down the process. The key to implementing a VPN quickly is to have a fast moving IT team that knows how to work together, without an undue amount of red tape and corporate process overhead. Overly complex and cumbersome management processes can greatly slow down the ability to implement a VPN quickly. Often it is the case that IT shops are short-staffed, and exist in fire fighting mode, with not enough dedicate resources to move quickly to implement a VPN.

Key VPN Features
VPNs come with many different features, and you clearly need to understand what you want to use the VPN for before you make any procurement decisions. One thing you'll want to figure out is if you want a software based VPN or an appliance VPN. An appliance VPN is a hardware box that you buy that is a turn-key system with everything that you need bundled into the box. A software VPN is a software based VPN package that you install on a server and operating system platform. It is often the case that appliance VPNs are faster and easier to deploy. Another advantage of appliance VPNs is that you are obtaining the entire VPN package from one vendor which means there is only one vendor you need to go to for support purposes. With a software based VPN, you might procure the VPN from the VPN vendor, the server hardware from another vendor, and the operating system from yet a third vendor.

You'll definitely want to ask about the encryption, authentication, administration, and logging features since these are key features that any leading VPN product would come with. You'll also want to find out if you can use the VPN for a firewall. Many vendors sell VPNs and firewalls as an all-in-one package and if you also need a firewall, there are a lot of advantages to be had from bundling the firewall and VPN on the same server -- certainly it will decrease the cost of ownership because administering and deploying one system is usually less costly and less time consuming than administering two systems.

If you are going to deploy numerous VPNs, you'll want to find out if the vendor offers a management console so that they can all be centrally managed from one system. If the vendor does not offer a management console, you should inquire if their VPNs can be managed from another third-party management console. When you use a management console from a remote location, you'll want to use strong authentication. You should ask the vendor if the product uses HTTPS, SSH, Telnet, two-factor authentication, S/Key, RADIUS or something else in order to authenticate to the management console.

Something else you will want to find out about is if the encryption is done in the hardware or software. Typically encryption that is done in hardware (ASICS) works faster which means that there is less of a chance of performance delays. Also be sure to ask which hash algorithms are supported for encryption? Most leading vendors use MD5 and SHA-1.

Leading VPNs can be used to secure wireless connections. If you already have a wireless network, or are thinking about deploying one in the future, you should ask if the VPN can be deployed on wireless networks.

Interviewing Vendors for Product Selection
For an security infrastructure products that you consider, you need to interview the vendors. To prepare for this interview, I recommend putting together a list of features that you think you need, along with the reasons why you think you need this feature. You'll want to ask the vendor if the feature exists, and how it works. Reputable vendors will offer to come to your site, and will in most cases send a sales rep. with a more technical systems engineer to answer any technical questions. If you ask the vendor any questions that they cannot answer, they should be willing to research the question and get back to you at a later date. If a vendor cannot respond to all your questions within one week, I would interpret this is as a red flag. Fast response time on the part of the vendor is often indicative of future support and service abilities.

Questions You Should Ask VPN Vendors
Here are some questions that I recommend that you put on your list to ask vendors:

Is your VPN IPSec compliant?
Can your VPN be used for both end-to-end and secure remote access encryption?
What are the client platforms that your secure remove access client runs on?
What management console exists to manage the VPNs with?
Is the management console accessible through a browser? Which browsers?
Does the management console offer performance statistics for the tunnels?
Can your VPN be used to secure wireless networks?
How many simultaneous remote users can the VPN accommodate?
Does the VPN offer any high-availability or load-balancing features?
Is the encryption done in the hardware or the software?
How does the administrator authenticate with the management console?
What filters are available for log and policy analysis?
Can the VPN generate SNMP traps for management purposes?
Are the log files in Syslog format? (Highly recommended)
What algorithms do your VPNs use to perform the encryption?
Can the administrator select which hash algorithm to use for encryption?

Girls Youth Detroit Lions 5th & Ocean by New Era Black Cutest Fan Tri-Blend Pullover Hoodie,Women's Washington Redskins John Riggins Nike Burgundy Retired Game Jersey,Cincinnati Bengals iPhone 6 Classic Football Pebble Grain Case.Men's Seattle Seahawks Russell Wilson Nike Gray Alternate Limited Jersey,$15 Nike Jerseys China - Cheap Nike NFL Jerseys Wholesale.Men's Atlanta Falcons Devonta Freeman Nike Player Pride Name & Number T-Shirt - Black,Tampa Bay Buccaneers Red Art-Glass Switch Plate Cover-.Men's Green Bay Packers Nike Green Fast Wordmark T-Shirt,Nike New England Patriots Women's Everyday Legend V-Neck Performance T-Shirt - Navy Blue,Women's Oakland Raiders Majestic Pink Draft Me VII T-Shirt Cheap Philadelphia Eagles Mark Sanchez Jersey.Men's Los Angeles Rams Mitchell & Ness Gray Retro Sweatshirt,Men's San Francisco 49ers New Era Black Reverse Team On Field 39THIRTY Flex Hat,Women's Buffalo Bills Nike Gray Rally Open Hem Rewind Sweatpants Wholesale Nfl Philadelphia Eagles Jerseys.Men's Denver Broncos Nike Navy Legend Just Do It Performance T-Shirt,Men's Baltimore Ravens New Era Black Tech Grade 39THIRTY Flex Hat,Baltimore Ravens White Team Logo Woven Sock The Future Of The Philadelphia Eagles.Green Bay Packers Team Color Vinyl Duck Keychain,The NFL is back and NFL Jerseys and Fan Gear is at sportsfanaticsmall! We are your NFL Shop with same day free shipping any over! We have NFL Apparel, NFL Jerseys, NFL T-shirts and NFL Hats Cheap Philadelphia Eagles Jerseys Online. Official NFL Shop also carries Elite Limited Game NFL Throwback Jersey. Visit our online store to shop for all your fan gear sports merchandise.,Men's Detroit Lions Mitchell & Ness Blue Fair Catch Pullover Hoodie.Men's Indianapolis Colts Nike Charcoal Essential Logo T-Shirt,Mens Chicago Bears Nike Orange Speed Vent Performance Shorts

If you plan on purchasing, deploying, and supporting your own VPN you'll certainly want to do your homework. However, if you don't have the expertise or resources in house to support a VPN, a better option is to outsource to a service provider and purchase a VPN service package. If you decide to outsource your VPN, be sure to ask to see the service providers VPN Service Level Description. The service level description should be very detailed and include information on what products they use, how the products are configured, and what you can expect in assistance as far as support goes. Good product and service research and planning can make all the difference in the world.