May 08, 2001, 2:17 PM — BECAUSE VPNS WERE once prohibitively expensive and relied on dedicated lines, they used to be limited to the largest of corporations. But the advent of low-cost hardware, coupled with less-expensive broadband connections, has made many CTOs rethink how best to handle secure remote connections; VPNs now look especially good for connecting the remote employee's SOHO (small office/home office).
Today's VPNs are IP-based private networks that are configured within a public network. VPN devices that target the SOHO market differ from their enterprise-class cousins only in their orientation.
These lower-cost alternatives use private network tunneling and data encryption in the same way that high-end VPNs do and lack only some of the features and traffic capabilities provided by their top-of-the-line brethren. Because SOHO VPNs speak the common tongue of IP, your IT staff will not need a significant amount of new equipment and training.
One caveat to deploying a VPN: As does any technology leveraging Internet connectivity, VPNs introduce many security pitfalls you'll need to address immediately. On a more positive note, if you plan to replace your remote employees' dial-up connections with a VPN, you're presented with the perfect opportunity to upgrade your network from dial-up to DSL VPN.
Whether you're implementing a VPN to save money by eliminating costly connections or to add a level of security to existing connections, router vendors offer a variety of choices to suit almost any budget. A few of the more notable offerings include Intel's $899 Express 8205 VPN broadband router, WatchGuard Technologies' $599 SOHOtc router, and Perle Systems' $1,495 IOLINK (see review below).
The majority of SOHO VPNs are hardware solutions that boil down to routers loaded with software that enables tunneling over IP. Some vendors offer VPN-ready devices that don't ship with the software, whereas others offer out-of-the-box VPN-enabled solutions. Exercise care when selecting a vendor and be sure you're purchasing the approach you prefer.
Most SOHO vendors offer a suite of security services beyond basic VPN encryption, including access control lists, user-based authentication, key/certificate management and distribution, active content filtering, and intelligent logging and reporting capabilities. Some solutions allow IT managers to prioritize network-traffic transmissions, ensuring maximum utilization of bandwidth as well as the blocking of undesirable URLs and the filtering of junk email. In addition to exemplary security features such as DES and IPSec, any solution you consider should include fail-over and redundancy capabilities.