Tip

Virtual private network trends

Privacy and security are critical aspects of any enterprise network as we move into 2006. Today's security solutions consist of firewalls, virtual private network gateways, intrusion detection sensors (IDS) and proactive queries of operation systems in order to ensure that the client's virus and worm protections are up to date. Any and all of these technologies can be part of overall security architecture. Encryption of data as it traverses WLAN networks and the public Internet is driving a tremendous amount of development in the VPN gateway market.

Traditional encryption-based VPNs utilized

    Requires Free Membership to View

IPsec as the technology of choice for building tunnels across the Internet and within the enterprise. However, Secure Sockets Layer (SSL) gateways are becoming more commonplace as the numbers of vendors, platforms and features/functionality expand.

With the advent of Web-based applications, the explosion of SSL to support Web-based security is not as surprising as it would seem. SSL has been around for quite some time, but is just now gaining traction in the marketplace (in the last two years).

The expansion of SSL has lead to VPN products offering multiple features and functionality to the enterprise. VPN gateways can now be categorized into four different categories based on the feature set supported by each. The four categories are as follows:

  1. SSL VPN gateway: SSL VPN, access control, access policy and client-audit capabilities
  2. Hybrid VPN gateway: SSL and IPSEC and access policy
  3. Multi-function VPN gateway: SSL, IPSEC and application and network-level security
  4. Multi-function hybrid VPN gateway: Combination of 2 & 3

Each of these classes of VPN gateways offers different levels of capabilities and control. Based on your enterprise-specific needs, one of these should provide the level of security you require.

More on this topic

VPN market makes room for IPsec and SSL

Crash Course: SSL VPNs

The top 5 VPN tips of 2005

Browse more VPN tips

The key point is the development of the multi-function VPN gateway that provides the application level visibility. This combines both VPN capabilities and firewall-type capabilities within the same platform. This is extremely attractive in terms of consolidation of capabilities within a single box. However, this consolidation is not just a "nice-to-have" feature. It is extremely important to realize that an SSL VPN solution can render perimeter security via firewalls ineffective if the traffic is encrypted and cannot be screened by a firewall. This means that the trust boundary of the network has been pushed all the way to the VPN gateway. The advent of worms, viruses and malicious hackers requires firewalling your network. The introduction of granular-based access controls and application-layer visibility within the gateway makes SSL VPN gateways a reality for today's extremely critical security requirements.

The explosion of Web-based applications has created a requirement for SSL as a VPN technology to support secure data transfers across public or unprotected networks. The vendor community has responded by developing application-aware VPN gateways capable of supporting access control, security policies and network security within the VPN gateway itself. This supports secure access into the enterprise via a "gateway" technology that serves as a single threshold between protected assets and unwanted users or viruses.


Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has over ten years of experience providing strategic, business and technical consulting services. Robbie resides in Atlanta, and is a graduate of Clemson University. His background includes positions as a Principal Architect at International Network Services, Lucent, Frontway and Callisma.

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.