There’s no question that remote workstations require protection from the increasing security threats present today. When a remote user connects to the corporate network via a VPN, a hacker gaining access to the remote computer could also potentially enter the corporate network as an authorized user. If a remote computer is compromised, it could also inadvertently carry malicious code—such as viruses, worms, Trojans, and spyware—into the company networks.
These threats are prompting many CIOs to consider VPNs that combine personal firewalls with additional security features.
More solutions coming to market
In response to growing hacker threats, personal firewall vendors are partnering with security companies that specialize in dealing with malicious code. For example, Zone Labs, which sells the commonly used personal firewall ZoneAlarm, resells in a bundled package several additional security products, like PestPatrol software, which scans for worms, Trojans, and other nonviral malicious code. Many tech leaders are also considering using new solutions from traditional antivirus vendors like McAfee and Norton, who sell both a personal firewall and virus-scanning software.
The advantage of integrated VPN products is that CIOs can set and manage complete remote-user security policies from a central console. The new functionalities also ensure that a remote user’s antivirus software is updated on a regular basis and configured properly. In addition, the remote personal firewall can automatically be tweaked to meet new corporate security requirements before a user connects to the network.
One unique solution in play
One of the more interesting new security combinations is a personal firewall/VPN client approach.
“This makes the most sense to me,” said Andrew H. Perkins, a network administrator at a regional insurance agency. “We dictate the security settings within the VPN client to grant or deny access. It seems natural to enhance the security of the client by managing the security settings of a personal firewall at the same time.”
CIOs seeking help in this area will find that most major VPN vendors do offer a way to incorporate a personal firewall on the remote PC.
Check Point offers VPN-1 SecureClient, which is a combination of the company’s VPN client and a personal firewall. The personal firewall uses the same Check Point Stateful Inspection technology as the company’s mainstream Firewall-1 product. In addition, Check Point offers what it calls Secure Configuration Verification, which checks a client’s security settings before the client can make a connection to the corporate network.
Cisco’s relatively new Cisco VPN Client version 3.5 software includes an integrated personal firewall from Zone Labs. Cisco’s VPN concentrators support what the company calls Centralized Protection Policy (CPP). If a manager turns this feature on, security policies for the VPN and firewall client that are set by the manager are automatically pushed down to the remote PC before a connection is allowed.
If a third-party personal firewall is integrated (as opposed to Cisco’s integrated personal firewall), the Cisco VPN client software polls the firewall every 30 seconds to ensure that the firewall is still operating. This is a feature Cisco calls “Are You There,” and if the personal firewall happens to be turned off, the VPN client automatically drops the connection.
While Nortel’s Contivity VPN client does not include a personal firewall, the vendor has a number of security company partners whose firewall products are tightly integrated with the Contivity VPN client software, such as Internet Security Systems and Sygate Technologies.
It is difficult to choose an integrated VPN product based solely on pricing, because vendors sell licenses based on volume, and each customer is typically quoted a cost that takes other issues into account—such as if the company is purchasing other hardware in conjunction with the VPN equipment.
That said, the cost of a VPN client can range from $0 (the cost of the VPN client within Windows) to $150 in some cases. As with most products, the higher-cost clients traditionally have additional features—with a VPN, for example, one added feature would be centralized management tools.
Most VPN client software costs $35 to $65 per license. If tech leaders add a personal firewall to the mix, the price can range from $0 (there are a few freeware versions aimed at personal use) to $75, with many between $35 and $50 per license.
The integrated approach of using a VPN client and personal firewall will usually cost $70 to $110 per client.
No matter what the cost, the bottom line for CIOs is that the time to shore up security is now. The remote PC is a potential weak link in corporate security, and CIOs must extend protection to remote devices.