SOHO VPNs bring secure connections to all
BECAUSE VPNS WERE once prohibitively expensive and relied on dedicated lines, they used to be limited to the largest of corporations. But the advent of low-cost hardware, coupled with less-expensive broadband connections, has made many CTOs rethink how best to handle secure remote connections; VPNs now look especially good for connecting the remote employee's SOHO (small office/home office).
Today's VPNs are IP-based private networks that are configured within a public network. VPN devices that target the SOHO market differ from their enterprise-class cousins only in their orientation.
These lower-cost alternatives use private network tunneling and data encryption in the same way that high-end VPNs do and lack only some of the features and traffic capabilities provided by their top-of-the-line brethren. Because SOHO VPNs speak the common tongue of IP, your IT staff will not need a significant amount of new equipment and training.
One caveat to deploying a VPN: As does any technology leveraging Internet connectivity, VPNs introduce many security pitfalls you'll need to address immediately. On a more positive note, if you plan to replace your remote employees' dial-up connections with a VPN, you're presented with the perfect opportunity to upgrade your network from dial-up to DSL VPN.
Whether you're implementing a VPN to save money by eliminating costly connections or to add a level of security to existing connections, router vendors offer a variety of choices to suit almost any budget. A few of the more notable offerings include Intel's $899 Express 8205 VPN broadband router, WatchGuard Technologies' $599 SOHOtc router, and Perle Systems' $1,495 IOLINK (see review below).
The majority of SOHO VPNs are hardware solutions that boil down to routers loaded with software that enables tunneling over IP. Some vendors offer VPN-ready devices that don't ship with the software, whereas others offer out-of-the-box VPN-enabled solutions. Exercise care when selecting a vendor and be sure you're purchasing the approach you prefer.
Most SOHO vendors offer a suite of security services beyond basic VPN encryption, including access control lists, user-based authentication, key/certificate management and distribution, active content filtering, and intelligent logging and reporting capabilities. Some solutions allow IT managers to prioritize network-traffic transmissions, ensuring maximum utilization of bandwidth as well as the blocking of undesirable URLs and the filtering of junk email. In addition to exemplary security features such as DES and IPSec, any solution you consider should include fail-over and redundancy capabilities.
Although implementation is no small undertaking, most small businesses or homebound employees should be able to deploy a SOHO VPN solution. In fact, installation often requires nothing more than plugging in the device between the site's WAN router and the cable/DSL modem or ISDN terminal adapter, a bit of reading, and some configuration. The product can be configured by your IT staff and sent to your end-users when business connectivity has been established, should you wish to simplify your end-user's involvement in the SOHO VPN installation.
Although minimal, the downtime for your end-users is also a great opportunity to perform a quick audit and update of other security measures. As with any always-on connectioon, security attacks can and do happen, making a firewall a must. Fortunately, SOHO VPN vendors often package an integrated firewall with the router's VPN support. Businesses can implement content filtering, if deemed necessary, barring employees access to Web sites that are not essential for conducting business.
Keep in mind that an enterprise's most valuable asset is its data and applications, which a VPN can help protect, regardless of where the information resides.