NETWORK SECURITY TACTICS
Don't overlook the 'appliance connection' when choosing VPN links
Ed Tittel
03.08.2005
Rating: --- (out of 5)
|
When thinking about setting up home or branch offices for your organization, don't overlook the potent combination of features and functions that Internet access and security appliances can bring to the table. Many of these units combine a network switch, DHCP and NAT services, firewalls, port screening and more within a single, small and often very affordable enclosure. It's not unreasonable to think of these devices as network controls centers and Internet access gateways combined.
Though only a subset of the offerings available in this product niche include VPN capabilities, enough of them offer VPN services that those whose home or branch office networking needs include VPN requirements should give such products a closer look. And even those appliances that don't include built-in VPN support will typically offer pass-through or special handling for common VPN protocols such as IPSec, L2TP, PPTP and so forth, to make them easy to deploy and use in concert with other VPN solutions.
That said, there are some particularly noteworthy appliances that do include VPN capabilities along with other equally compelling features and functions. Since the appliance market is booming, if enough buyers start asking for VPN features from such devices, you'll probably also see that demand answered by an additional bevy of product offerings. Today, the following such devices stand out among a crowd of hundreds of devices that offer some combination of network hub or switch capabilities, basic network services, plus Internet access and security features:
- MultiTech's SOHO Routefinder VPN (to which the vendor also attaches the label SOHO Internet Security Appliance) includes a single DSL or cable modem WAN Ethernet port, support for IPSec and PPTP VPN tunnels for both LAN-to-LAN and Client-to-LAN access across the Internet, along with support or 3DES and AES encryption schemes and VPN tunneling using fully qualified domain names (FQDNs). The unit also includes a four-port 10/100 Ethernet switch, firewall, NAT and DHCP services, as well as IP address mapping/port forwarding services. It will even accommodate a backup dial-up connection so that a conventional POTS or ISDN modem will take over should the primary broadband link fail for any reason. The device supports up to 100 simultaneous IPSec VPN connections. This unit is available for a whopping $146.56.
- Linksys offers the BEFVP41 EtherFast Cable/DSL VPN Router, based around the company's standard 4 Port Router model BEFSR41. To a feature set that's nearly identical to the non-VPN capabilities of the MultiTech RouteFinder, Linksys adds support for DES and 3DEC encryption, MD5 and SHA authentication, as well as secure Internet Key Exchange (IKE). Numerous reviews of the product make mention of how easy it is to set up VPNs by installing one at headquarters and additional units at home or branch offices. If this device is used, clients need no additional IPSec VPN client software to make secure VPN connections to other networks. The device supports up to 70 simultaneous IPSec VPN connections. This unit is available at Buy.com for a mere $65.34.
- ZyXEL offers the ZyWall 70, which it also labels an Internet Security Appliance. It's a bit more advanced than the other devices mentioned so far and includes a more powerful firewall that includes stateful inspection, DoS and DDoS protection, and content filtering capabilities, along with dual WAN links with load balancing or auto fail-over policy-based routing capability. In addition to 3DES encryption, the unit can handle AES for VPN connections as well, and also supports manual key exchange and X.509 PKI, as well as IKE. It's also the only device in this list that's been certified for both IPSec and firewall capabilities at ICSA Labs. It supports up to 100 simultaneous IPSec connections. Its price is also considerably more hefty: $1,349.
Though there are numerous other appliances in the SOHO space, these provide a pretty good cross-section of pricing and capabilities. For larger operations, useful offerings are likely to fall under more typical Internet gateway or firewall product offerings, but even here appliances are beginning to find some traction—such as the Sun/Check Point iForce VPN Firewall, designed for considerably higher throughput and many more simultaneous IPSec connections that the lower-scale devices already mentioned.
But whatever your particular needs might be when setting up VPN links—particularly for home office, small office or branch office situations—appliances are definitely a worthwhile addition to your product research checklist.
About the author
Ed Tittel is a regular contributor to numerous TechTarget Web sites, and the author of more than 100 books on a wide range of computing subjects from markup languages to information security. He's also a contributing editor for Certification Magazine, and edits Que Publising's Exam Cram 2 and Training Guide series of IT cert prep books. E-mail Ed at etittel@yahoo.com.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
