January 02, 2001, 9:11 AM — One drawback of DSL is that its static, always-on connection lacks security. Firewalls only protect access to an endstation, not transmissions over public networks. As a result, users have been turning to DSL VPNs for added peace of mind.
There are several ways companies and remote teleworkers can set up VPNs with DSL: with the same VPN software and hardware used for dial-up security; with native network-based VPNs offered by network services companies; or by setting up a private, point-to-point network, similar to a frame relay VPN.
Kathy Hackler, an analyst with San Jose consultancy Dataquest, says most companies using VPNs over DSL lines are doing so for teleworkers.
"I think you could go with just a firewall for security," she says, "but if your teleworkers are dealing with something like sensitive database information, you probably want a VPN."
Tony Aiuto, who heads the server team for Cambridge, Mass., start-up Popupnotes. com, is one such teleworker manipulating sensitive data over a DSL line. From his home in New York, Aiuto accesses a Popupnotes.com server in Cambridge so he can work on code for the company's service, which will let people make annotations on Web pages.
Aiuto says he isn't too concerned about the security of his DSL connection because he has a firewall. But he says he doesn't like sending clear text across any network, so he uses Open BSD's Open SSH Secure Shell, free open source software for Unix boxes, to encrypt any data traveling between his home and the Cambridge office. All Aiuto has to do is log onto the Cambridge office through Open BSD, and he has full run of the network.
"I'm happy with it," he says. "The performance is good. I know we're not sending anything in clear text, and it beats having to fly to Cambridge every week."
So far Aiuto hasn't had any reason to move to a hardware-based VPN. No one needs to access his site, and he doesn't need direct access to file servers, he says. However, this could change in the near future when Popupnotes.com launches. Popupnotes.com's servers will be housed at a collocation facility, and the company will set up a hardware-based VPN between its Cambridge office and the facility where the servers are housed. Aiuto would probably also be given a VPN box so he could access the collocation site remotely.
While a software encryption tool is fine for what he's working on now, Aiuto believes a hardware-based VPN will offer better security.
"We feel some of the router-based stuff is probably less prone to being attacked," he says. "Someone could post a secure shell exploit tomorrow and make every system vulnerable."
The most secure DSL VPNs are truly private point-to-point connections, according to Eric Moyer, director of product marketing for Covad Communications. A point-to-point VPN is ideal for companies with remote offices, Moyer says.