The Case for VPNs

Originally Published in the August Issue of the Wilmington Business Journal (http://www.wilmingtonbiz.net/)

The “information super highway” was once the common way to describe the internet. Sen. Ted Stevens of Alaska became fodder for late night comedians when he said the internet “is not a big truck. It’s a series of tubes.” But however you envision this global network of connected networks, it is important to know that data is handled by a number of computers and can be read unless it is encrypted.

The founders of the internet did not see any reason to protect the data flowing around the networks because all of the information was for education and government uses. Today the internet is a very different place and digital data is often very private. Internet connections also now have the bandwidth to allow us to access company files, applications and servers when outside of the office or to link offices together to share resources. A Virtual Private Network (VPN) is designed to allow data to be shared securely over the internet by encrypting the information as it travels. There are a wide range of options for VPNs and this article only scratches the surface, but should serve to illuminate some of the reasons why you would want to utilize some method of VPN in your organization.
All VPNs share a common goal, to protect data as it flow across the internet by wrapping it in a encrypted shield. Normal traffic across the internet is like mailing a post card to your Aunt Bee in Ohio. Every person who handles the post card as it travels there can read it. A VPN is like putting the post card in a tamper-proof envelope as it leaves your house and removing it right before it gets to her mail box. She never knew it was protected on it journey, but it was safe from prying eyes. A VPN takes care of encrypting the data as it leaves your network into the wide internet, decoding it and ensuring it has not been altered on the other side.

VPNs fit into two broad categories, Remote Access and Site to Site. A Site to Site VPN connects two, or more, fixed locations together over the internet and a remote access VPN allow users to access the network in a secure manner while on a remote internet connection, such as a coffee shop. We’ll cover Site to Site VPNs in this article and Remote Access next month.

A Site to Site VPN allows resources like file servers or printers to be shared between distant physical locations. Once set up all of the traffic between sites is transparently routed over the VPN to the other network and computers and devices in both offices do not need to know they are connected via a VPN. Staff can access printers and file servers in both locations as if they were in the same office. Where I work, we pass phone calls using VoIP (voice over IP) over our office VPN to allow free long distance communication between offices. In this example, the VPN performs two tasks. First, the Nortel phones in both offices were only designed to work over an office Local Area Network (LAN). Second, VoIP traffic is not encrypted, so it would be possible to listen to our internal office conversations if we did not protect the traffic. Also by sending traffic over a commercial internet connection instead of leased lines or T-1, you can also link offices at a much lower total cost.

Most VPNs are hardware based, and range from entry level to very expensive. Cisco and Nortel produce high-end VPNs that are built for large scale enterprises with a high number of users. There are a wide range of options for small and medium-sized businesses and since I have not installed any of these models, I asked Mathew Wahl, of Wilmington’s Category Five Networks. For a small business headquarters / remote office, he recommends Watchguard’s Firebox Edge E series. This device allows site-to-site and remote access installations. The hardware is upgradeable allowing it to support larger installations and security features such as web content control, spam blocker and gateway antivirus. Wahl mentioned that one of the main problems he encounters is connection speed, since often customers do not have a reliable and fast enough internet connection to run a proper VPN. Most base packages from local internet service providers provide a slow upload speed, which limits the downloads on the other side of the connection.

If you do not want to bother with supporting your own hardware or software solution, most business class network providers like Time Warner Business Class offer Site to Site VPNs. You can also outsource the process to third-party providers. Positive Networks for example offers a Site to Site software VPN the can be installed on a standard Windows machine and includes 24 hour support, but will run $100 per connection each month.

If you do not have multiple offices or just want to access your internal office network, files or resources when outside the office, you need a remote access VPN. More information about that next month…