Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Secure Remote Access

2007 Readers' Choice Awards Secure remote access products

GOLD | Cisco VPN 3000 Series Concentrator
Cisco Systems

Price: $2,995-$45,000

Cisco's VPN 3000 Series Concentrator continues to lead the secure remote access market, not only in the number of products shipped but also in customer satisfaction. "Cisco has become like IBM used to be in the computer industry--its products are viewed as the best choice because users know the company's future is rock solid," says Zeus Kerravala, vice president for enterprise computing and networking at the Yankee Group.

Cisco scored well with readers in four areas--authentication support; end user transparency and ease of use; investment ROI; and extensibility.

Authentication support has become an important issue in securing transactions, and warding off identity spoofing. "Cisco has been one of the companies leading movement to NAC (Network Access Control), which promises to make it easier for enterprises to authenticate remote users," says Pete Lindstrom, a senior analyst, Burton Group. NAC authenticates and checks on the health of systems as they attempt to connect to a corporate network.

One challenge for security administrators is deploying products that keep a company's data safe without hindering users' ability to function. The Cisco VPN 3000 Series Concentrator works with a variety of applications through its SSL VPN client.

In addition, the company has done a good job in making its system easy to deploy. Its integrated, Web-based management system provides an interface for configuring and monitoring remote users. For remote access and site-to-site VPNs, ease of deployment is critical because technical personnel are often not available to configure the secure connections at remote sites. Cisco's Easy VPN solution pushes security policies to remote VPN devices, helping ensure that up-to-date policies are in place before a connection is established.

Readers gave Cisco high marks for ROI. Since it is the leading networking company, Cisco can spread its operating costs over a large customer base and lower product pricing. The Concentrator platform does not add licensing costs for special features, such as a multidevice clustering that allows the remote access solution to scale as a business grows. Since both SSL and IPsec VPNs are available on one platform, customers can deploy parallel remote access infrastructures.

As the leading networking supplier, Cisco has garnered a stellar reputation for delivering products that meet customer needs. That success has migrated from its network equipment to its remote access security products.

SILVER | Citrix Access Gateway

Price: $3,500-$50,000

Citrix Access Gateway simplifies and secures remote access to applications. The Access Gateway delivers the same desktop access experience users have within the network, removing the need for additional training. In addition, it automatically reconnects users to their applications and documents when they change locations or devices. Citrix also has an extensible product line--the Access Gateway provides secure access to Windows and UNIX applications, Web applications, Citrix Presentation Server-hosted applications, network file shares and telephony services using VoIP softphones. No application customization is required to use these features.

BRONZE | Check Point VPN-1
Check Point Software Technologies

Price: $3,000

Readers noted Check Point VPN-1's extensibility. VPN-1 works on Windows, Windows Mobile and Macintosh platforms. In addition, the client software supports dynamic and fixed IP addressing for dial-up, cable modem or DSL connections. This flexibility enables telecommuters and mobile workers to access their company networks via an Internet Service Provider, wireless hotspot or hotel Internet access connection. Authentication support was a second strong point.

VPN-1 also supports SmartDefense Services, which provides real-time updates and security configuration advisories.

In the trenches

IPsec-SSL debate still going strong

SSL VPNs continue to gain on the venerable IPsec connections.

Kevin Rice, global network architect at AT Kearney, a management consulting firm, understands the challenges of providing secure remote access. The bulk of the company's 3,500 employees spend their day working at customer sites and helping them address various technology challenges. "Almost all of our employees have laptops and access our corporate data daily from a variety of locations," he says.

To make sure the information is safe, Rice relies on two vendors' VPN products--Cisco's VPN 3000 Series Concentrator for IPsec connections and Check Point's VPN-1 for SSL VPN over the Web. "IPsec is still our most common connection, but a growing number of users work with SSL," Rice says.

Simpler administration is an appeal with these VPNs. "We have a small staff and are not able to spend a lot of time configuring and maintaining our security software," Rice says. Because they operate at the application level, SSL VPNs do not require as much customization and configuration on user machines and servers as IPsec solutions.

Flexibility is another SSL VPN strong point. Siemens Energy and Automation, which has 10,000 employees, delivers electrical, engineering and automation solutions to industrial, manufacturing and construction companies.

Three of every five employees need to access company data remotely. To support them, Siemens installed F5's FirePass Secure Remote Access SSL VPN because it lets the organization expose specific files or documents to users without granting them access to other corporate data.

"The granularity found with SSL VPNs appealed to us," says CISO Kathy Taylor.

Another initiative to simplify security tasks is getting mixed reviews. Network equipment vendors think that integrating VPNs into routers and switches would ease administration.

"Cisco has been talking about VPN router modules, and that feature appeals to me because it would lower the number of autonomous items that I would have to maintain," says AT Kearney's Rice.

Spartaco Cicerchia, manager of network infrastructure at Janelia Farm Research Campus, disagrees.

"Consolidating one set of security functions into a device designed with another purpose creates more problems than it solves," he says.

Janelia is a subsidiary of the Howard Hughes Medical Institute, and the campus enables 250 of the world's top medical researchers. Cicerchia needed to find a way to provide the researchers, who often work remotely, with secure access to the data center. He selected Juniper Networks' Secure Access VPN.

While users face numerous challenges in managing their VPNs, they believe progress is being made.

"The installation and maintenance of VPNs is simpler now than it was a few years ago," says Rice. "The products feature more automation, and the interfaces are more intuitive now than they were then."

Article 12 of 21

Dig Deeper on Secure remote access

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All