The Essential Guide to VPNs

Updated: August 20, 2012

VPNs (virtual private networks) aim to provide secure communications within distributed enterprises, among business partners, and between mobile workers and corporate IT resources.

VPNs make use of the public Internet, and for that reason, advocates view the technology as more cost-effective than dial-up networking — with its attendant phone-line costs — and dedicated WANs. To secure the VPN, an organization generally installs some form of gateway, a network device that manages a VPN's connections. A gateway may consist of VPN software installed on a server or a specialized VPN appliance.

VPN functionality may also be embedded in firewalls or offered in a security appliance such as a UTM (Unified Threat Management) device. Such devices may include firewall, IDS (Intrusion Detection System) an IPS (Intrusion Prevention System) capabilities in addition to VPN.

Organizations may manage their VPN gateways in house or opt to assign that duty to a third-party entity known as a managed-security-services provider. Numerous managed-security-services providers will maintain VPNs, as well as other types of customer-premise equipment including firewalls, IDSes and IPSes.

How VPNs Work

VPNs are designed to establish secure communications channels through public networks such as the Internet. How they do this differs according to the type of security protocol that is employed.

IPsec VPNs create a protected tunnel between two points. Such point-to-point VPNs could, for example, link a corporate headquarters with a branch office. IPsec VPNs may also play a role in remote access as a means for letting telecommuters access corporate networks.

IPsec provides authentication and other security services. The security protocol is often used in conjunction with Triple DES encryption when it comes to VPN products .

With IPsec VPNs, organizations must install client software on devices that need network access. The VPN client permits the tunnel to be created between a remote computer and a corporate network.

Although IPsec has a longer history, VPNs based on the SSL (Secure Sockets Layer) protocol have seen increasing adoption in recent years. SSL encryption is widely used to secure data transmitted via the Internet, so it reduces the need for client software. SSL VPNs permit users to access resources with any Web browser that supports SSL.

This lack of a VPN client eases administration, as software doesn't have to be loaded and periodically updated on every device that needs access to the network. That said, some SSL VPN deployments may call for the use of client software to handle applications that don't use port 80 .

SSL VPNs are mainly used for remote access, whereas IPsec VPNs often play a role in LAN-to-LAN links .

VPN Benefits

A key point of distinction for VPNs is their use of the existing Internet infrastructure and the associated cost advantages. VPNs serve as a means of secure communication for distributed organizations, and they have grown to accommodate mobile users and a host of access devices.

VPNs may also enable continuity-of-operations plans, as the technology lets workers access enterprise applications from home or other locations if their usual workplaces are closed due to an emergency.

VPN Costs

Small-business-oriented, entry-level VPN appliances generally cost in the $500 to $1,000 range. Enterprise-class appliances typically start around $10,000 and may cost in excess of $30,000.

Buyers opting for VPN technology via a UTM device can expect to pay $700 to $800 for a low-end, small-business-oriented solution and $10,000 and up for an enterprise UTM solution.

Other Points to Consider

VPN technology is reasonably mature, with the major recent developments focused on increased manageability. One technology development, however, involves MOBIKE (IKEv2 Mobility and Multihoming Protocol). MOBIKE, which builds upon the IKEv2 key-management protocol, intends to let users maintain secure VPN connections as they move from network to network. In 2007, vendors began incorporating MOBIKE technology into their VPN products .