I am trying to find information on setting up a VPN for small offices (up to 20 users). Specifically, is a Microsoft-based VPN as secure as a hardware-based VPN? Also, if I use a hardware box on the server, is the extra security defeated by having software VPN on the laptop that needs access (or can you get hardware VPN for laptops)? Any help on where to find out this information would be great. Thank you.
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
Yes, a hardware VPN is better for reasons other than secure communications. For example, if you use a Microsoft OS with software VPN, then you will need to patch the Microsoft OS everytime a patch is released. In the case of the hardware VPN, most times the upgrade or patch is complete and done once a year. As for encryption, both hardware and software do excellent jobs. You must also consider totally hardening the OS in the Microsoft case, while on the hardware solution you are guaranteed the OS is fully hardened without you even lifting a finger to do so.
As for the laptop question, most VPN clients (that is what you are asking) are software based. These clients will typically take over all services on a device while the VPN session is established, then release them afterwards. This is the case with all VPN clients simply because you want a secure connection on a secure device -- not one that someone connects to your VPN, then decides to use that same connection to, say, surf the Internet. Dual communications where one is non-encrypted and one is encrypted is not a very good security practice, thus most clients will take over and not allow any other connection until the time the session is terminated.
If you have the money; YES there is a laptop hardware solution. This would entail a secure NIC (network interface card) that can only be used for a VPN, but these have huge issues. Since your communication is still a secure TCP/IP packet wrapped with an unsecured TCP/IP packet (to route through the Internet), it is kind of still the same concept as software. The only difference is the hardware will do the encryption and take the CPU load off the computer.
Good luck!
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Virtual private networks
The Information Architect: The reality of virutal private networks
Tech Tip: Save your bacon with a VPN
This was first published in September 2002