Networking

Learn before you buy: Ten resources for VPN research

Are you contemplating buying a virtual private network for your company? Here are 10 resources to help you learn all you need to know about VPNs.

It's easy to see why VPN technology is a sound investment. Just the long distance alone can save you thousands of dollars each month.

For instance, if your employees are accessing an 800-number to dial in remotely, you're paying around $4.20 an hour per employee, according to Gartner analyst John Pescatore. Replacing that with a VPN system could cut your costs in half, he said.

Case studies of Keane Inc. and CompuCom Systems revealed savings of $30,000 per week in 800 fees and $30,000 in long-distance access charges, respectively, according to a recent VPNcon presentation by Lori Sylvia, a project manager for Indus River, which produces RiverWorks Enterprise VPN.

That fact alone explains why market research and consulting firm Infonetics predicts VPN spending will increase 80 percent per year through 2003.

If your company is considering investing in VPN technology this year, you'll want to learn all you can about the pros, cons, and caveats of using this technology. We've found 10 resources to help you learn more about purchasing and implementing VPNs.
A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A VPN can be contrasted with a system of owned or leased lines that can only be used by one company. The idea of the VPN is to give the company the same capabilities at a much lower cost by using the shared public infrastructure rather than a private one. Phone companies have provided secure shared resources for voice messages. A VPN makes it possible to have the same secure sharing of public resources for data. Companies today are looking at using a private virtual network for both extranet and wide-area intranet. Courtesy of whatis.com
Resource one: VPN debriefing
If you're looking for a quick lesson on VPN technology, visit Web ProForums for Nortel's VPN Tutorial.

This tutorial offers a glossary, as well as a quick look at:
  • VPN security and performance
  • The four types of VPN protocols
  • The four components of VPN technology
  • VPN security gateways

There's even a 10-question self-assessment test to determine how much you know about VPNs.
TechRepublic offers a 150+ page guide to VPNs called the Administrator's Guide to VPN and Remote Access.
Resource two: A consortium of information
A great starting place for VPN information is the Virtual Private Network Consortium, (VPNC), a trade association for VPN manufacturers. While the VPNC is devoted to promoting its members' products and interoperability between vendors, it is also a good resource for how-to information and research.

In particular, you'll want to visit the Supported Features page. A chart shows you which VPNC members—and many major players are members, including CISCO, F-Secure, 3COM, and Microsoft—support which of the following features:
  • Gateway
  • IPsec client for Windows
  • IPsec client for Macintosh
  • L2TP with IPsec
  • PPTP with RC4
  • IKE aggressive mode
  • IKE X.509 certificates
  • IPPCP compression
  • TripleDES encryption
  • VPN toolkit
  • Certificate authority
  • VPNC conformance logo

Also, be sure to visit the VPN white papers section, which includes a list of links to white papers offered by VPNC clients. Although the papers are vendor-produced, they are still informative. For example, a paper by Ashley Laurent, an integrated network security vendor that specializes in remote access, explains the most common implementation problems for VPNs. The white papers are divided into the following categories:
  • VPN Overviews
  • VPN Technologies and Cryptography
  • Business Case for VPNs
  • VPNs and Remote Access

You'll also find a glossary of VPN terms, information on VPN standards, VPN Requests for Comments (RFCs), and Internet Drafts (IDs).

Resource three: Cram at a conference
If you're looking for something more intensive, consider the VPNcon, a conference that focuses solely on VPN technology. VPNcon is held semiannually in the United States and annually in Europe and Canada. This year's conference dates are:

If you don't have time to attend a conference, at least visit VPNcon's Web site. The site includes PowerPoint presentations from the 2000 spring conference. Topics covered include:
  • Challenges in implementing and using VPNs
  • Real world VPN deployment issues
  • Secure VPNs for conducting e-business
  • Small business VPN case studies
  • Building a VPN that is right for your organization
  • VPN ASP
  • Securing the remote workstation
  • You'll have to fill out a brief registration form to access the presentations.
The best place to start for VPN information? Call us shameless, but our bet would have to be the TechRepublic VPN briefing center.
Resource four: Getting your FAQs straight
If you haven't been able to find the answers to your question, you should try this VPN FAQ by Tina Bird, a security architect for Counterpane who operates a VPN site and moderates a VPN mailing list.

The FAQs list answers 18 questions, including:
  • How do I decide whether a VPN is a good remote access solution for my organization?
  • How do I control which sorts of network traffic are transmitted over my VPN?
  • How does the use of encryption affect the performance of a network connection?

Bird has also made available her "Building VPNs: The 10-point plan," a guide to implementing VPN technology.

The site also includes a list of sites where you can find information on VPN-related legal issues, VPN freeware, and a problem-solving guide for several VPN products.

Resource five: Security concerns?
For straight talk about VPN security, the best bet is Information Security Magazine, a monthly magazine by and for security specialists and owned by TruSecure.

A great article to start with is "VPNs: Handle with Care," by Edmund X. DeJesus. This article is a tough analysis of the problems caused by VPNs. In it, Christopher Carlson, product manager for VPN/security for BroadBand Office, reminds us, "While VPNs are great, they are not the panacea that everyone thinks."

Do a search on “VPN,” and you'll find more than 20 articles about or mentioning VPNs, including reader product reviews, columns—even an article by Microsoft Corporation's security officer, Howard A. Schmidt, detailing how he used VPNs to make the company more secure.

Five more resources we found helpful
Here are some of the sites we TechRepublic writers found useful:
  1. InternetWeek Online's VPN resource page.
  2. LookSmart's list of links to VPN white papers.
  3. "The Internet Solution for Remote Access," by the Patricia Seybold Group, a Massachusetts-based consulting firm, is available for free on iPass.com, but you must fill out an information form.
  4. InternetWeek Online's list of VPN vendors, organized by product type.
  5. TechRepublic's research index, which offers numerous papers on VPN, including:
Are you wondering about legal issues surrounding VPN usage? We want to hear from you. E-mail us your questions.
0 comments

Editor's Picks