VPNs Hang Tough
Bill Jensen, a product marketing manager for Check Point Software Technologies Ltd., recalled the time nearly a decade ago when financial and automotive customers described VPNs as a temporary measure. Their thinking was that VPNs would become unnecessary amid cheap WAN lines and landlines.“Since basically [from] the time VPNs have appeared, people have been saying, "Do we really need them?"" Jensen observed.The answer, apparently, is yes.The original VPN technology, IPsec, has acquired a large installed base over the years. TheInfoPro Inc. reported that 81 percent of the organizations it surveyed have LAN-to-LAN VPN technology in use, according to Bill Trussell, managing director of networking research at the market-research firm. IPsec is the main method for this type of connectivity, in which a branch office LAN may be linked to a headquarters network, for example.SSL (Secure Sockets Layer) VPNs, a five-year old technology, may lack IPsec’s market penetration, but it is seeing rapid growth. TheInfoPro ranked SSL VPNs, which are used predominately for remote access, as the second-ranked technology on its Heat Index. Only 10 GbE (Gigabit Ethernet) core switching ranked higher.The Heat Index aims to provide a glimpse into future spending in a given area. TheInfoPro tracks about 40 networking technologies and the investment plans of midsize and Fortune 1000 organizations.Six months ago, TheInfoPro pegged SSL usage at around 57 percent of surveyed organizations. That compares with a 44-percent implementation rate two years ago. Preliminary results of the company’s most recent survey suggest that the technology-in-use number for SSL VPN may rise to 59 percent, with 22 percent of the respondents planning to adopt the technology.“We’ve seen a lot of interest … and quite a growth curve, which seems to be continuing,” Trussell said.“There is definitely increased use and implementation of VPN all over,” said Sumit Pal, executive vice president of WithumSmith+Brown Global Assurance, a security and compliance consulting firm.A Durable Technology
“It has been resilient,” Jensen said of VPN.He attributed the technology’s continuing uptake to manageability improvements.“An IPsec VPN can be very simply configured” said Jensen, whose company offers VPN solutions as part of its product lineup. “You say which points you want in your IPsec VPN, and dynamic routing takes care of all the rest.”That feature is common to any Check Point Software Tecchnologies VPN-1 gateway, Jensen said.“It can be done on any platform using our SecurePlatform OS or on the Nokia,” he noted.Jensen said that one of the early problems of VPNs, in general, was that a site would be configured one way and other sites would not inherit the configuration automatically. But increased manageability at the interface level makes for consistent sets of attributes at all of the different gateways, he explained. That’s true of both IPsec and SSL VPNs, Jensen added.In addition, Jensen said that VPN products have become simpler and much more secure.Check Point Software Tecchnologies" VPN-1 gateways and Connectra SSL VPN, for example, integrate with the company’s Integrity-endpoint-enforcement feature. The technology checks for malware and makes sure that anti-virus software and other security measures are present on the endpoints that attempt to access the network.Tim Simmons, director of product marketing for Citrix Systems Inc."s Access Gateway, said that the SSL VPN product scans the configuration of devices coming in from the outside and passes that health information down to the application-delivery infrastructure. Citrix Systems" approach controls both access and actions, such as whether a user will be able to print to a local printer from a given application, Simmons said.The use of two-factor authentication also contributes to VPN security, Pal noted. Users typically access the VPN with a username and a password, but the potential for password theft becomes a source of exposure. But larger enterprises increasingly use a device, such as RSA Security Inc.’s SecureID, that randomly generates a second password, Pal noted.Pal said that two-factor authentication applies to both IPsec and SSL VPNs.“However, it is not recommended to use PPTP [Point-to-Point Tunneling Protocol] or IPsec 56-bit for VPN connections because they have been proven to be less secure than other technologies,” Pal said.Pal recommended using 128-bit IPsec (Triple DES) or 256-bit AES encryption, if possible.