
James Thew - Fotolia
Are there security benefits to using a site-to-site VPN?
Not every enterprise needs the functionality of a standard VPN client. Expert Judith Myerson explains why a site-to-site VPN may be a better choice for some companies.
My company is looking at VPN options. Are there any benefits to using a site-to-site VPN over a traditional VPN client?
Yes, there are benefits to using a site-to-site VPN over a traditional VPN client. Here are four of them.
First, a site-to-site VPN secures connections when you use it with IPsec. All traffic is encrypted as it begins the journey through the tunnel from one site to another. The site-to-site VPN tunnel shuts out hackers, viruses and malicious content from the sea of internet monsters. All traffic must have a digital signature (digital certificate) authentication as its "ticket" to ride in the tunnel. To get the authentication, a public key infrastructure (PKI) must be deployed. Internet Key Exchange, which is usually associated with the IPsec protocol, is not as strong as the PKI.
Second, a site-to-site VPN is scalable. It is easy to add a new site or another office branch to the network. When you decide to relocate a remote office or site, it is nearly painless to set up the VPN at the new location. You won't need to have each of your 1,000 computers run VPN client software as if they were on a remote access VPN.
If you need to have greater scalability than a standard IPsec tunnel can offer, you can use dynamic multipoint VPN (DMVPN) technologies, such as Cisco's DMVPNs or Brocade's vRouter series. A DMVPN can create a secure network between two branch offices without having to route the traffic through the enterprise's network.
Third, a site-to-site VPN can be configured to lower latency in the network. You can combine IPsec with a bucket of protocols, such as multiprotocol label switching (MPLS). Standard IPsec doesn't provide support for multiprotocol and IP multicast traffic. Also, it's important to note that MPLS doesn't handle encryption.
Finally, a site-to-site VPN can be run as a managed service by a managed security service provider. This may be a less costly option for smaller companies that don't have the budget to invest in security products and the staff to manage them. Choose this option if you don't want to be bothered with the hassle of setting up a site-to-site VPN on your own.
Dig Deeper on VPN security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.
Meet all of our Information Security experts
Join the conversation
2 comments