Save your bacon with a VPN

VPN basics

David Gabel

When you have a lot of remote users -- and who doesn't these days -- you need some way to connect them to the home office. But at the same time, you need to make sure that they are connected securely. That means, no one can see what the user is doing and, similarly, outsiders can't piggyback onto your remote users' connections into the home office and wreak havoc.

A virtual private network (VPN) is one solution. These software constructs surround your network connections to your remote folks with layers of encoding, controlled by various protocols, that make it tough (nothing is impossible) to break into the channel. This way the legitimate users can connect to your home office and get the data they need, while outsiders are kept... outside.

VPNs increase overhead, so operation will be slowed down quite a bit. For example, I interrupted writing this tip to test the connection speeds here at my remote office with three computers. All the computers are connected through a cable router to a local cable ISP. One is a Sony Vaio PCGF520, with 200M bytes of RAM and a 500-MHz processor. It's connected to our corporate VPN. One is a Dell Dimension with a 750 MHz Pentium III processor and 256M bytes of RAM, not connected to the VPN, and the third is a slow old dog, a Gateway P5-90, upgraded to 200 MHz, with 40M bytes of RAM. The last one can barely get out of its own way, and I use it more as a print server and modem server than anything else.

I went to PC Pitstop and conducted that site's Internet download test, downloading 500K bytes into each computer. The old dog came in with a speed of 866K bit/sec.; not great, but not awful (the connection has a theoretical max speed of 10M bit/sec. The Dell speedster delivered some impressive performance, clocking in at 1619K bit/sec.; only about 16% of the theoretical max, but still double the speed of the old dog. Neither of these is connected to our corporate VPN. But the Vaio, which isn't any slouch, and is connected to our VPN, dawdled along at only 625K bit/sec.; 241K bit/sec. slower than my resource-starved old dog. That test isn't definitive, of course, but it gives an idea of the performance hit your users may take with a VPN.

Moreover, some VPNs are a bit cranky. Frequently we'll see a message from some erstwhile remote user of our VPN that he's unable to stay on it. Personal experience indicates, however, that the good days FAR outnumber the bad, and it's clear that the security advantages hugely outweigh the performance disadvantages of using a corporate VPN for remote connections.

Microsoft has a new link on its home page that takes you to a page headed Professor Windows that discusses deploying VPNs. This page will probably give you more than enough information to get you started in deploying your own VPN. If you want to give setup a try, follow the procedure below, which is on a link from the Professor Windows page. (One note of caution -- this page will probably change content periodically, so if you go to it in a month or so it may not discuss VPNs any more.)

"To configure a VPN server, your computer must have at least two interfaces. To setup a Windows 2000 server for VPNs, use the following procedure:

1. Open Routing and Remote Access console in the Administrative Tools folder.
2. Right-click the server and then click Configure and Enable Routing and Remote Access.
3. The Routing and Remote Access Server Setup wizard starts; click Next.
4. Select Virtual private network [VPN] server, and click Next.
5. Select or add a remote client protocol and click Next.
6. Specify the Internet connection for the server and click Next.
7. Choose a method to assign IP addresses to the clients, either automatically or from a specified range of addresses, and click Next.
8. The next screen gives you an option to either configure this server to use a RADIUS server or skip this step for now.
9. Click Finish to complete the Routing and Remote Access Server Setup wizard."

Using a VPN isn't a simple matter, but you can start to test and make sure you have the bugs out of your installation. Then follow with deployment as the installation proves its worth.

This was last published in May 2001

Dig Deeper on Information security policies, procedures and guidelines

IPsec vs. SSL VPN: Comparing speed, security risks and technology IPsec VPNs and SSL VPNs both encrypt network data, but they do it differently. Learn about the differences and how to determine the right solution for your organization.

Site-to-site VPN vs. remote-access VPNs: What's the difference? Learn the differences between site-to-site VPNs vs. remote-access VPNs and find out about the protocols, benefits and the data security methods used to support each approach.

SSL VPN (Secure Sockets Layer virtual private network) An SSL VPN is a type of virtual private network that uses the Secure Sockets Layer protocol -- or, more often, its successor, the Transport Layer Security (TLS) protocol -- in standard web browsers to provide secure, remote-access VPN capability.

Microsoft improves Windows 8 DirectAccess as a VPN alternative Microsoft has made Windows 8 DirectAccess easier for small businesses to deploy, providing IT more control over Windows remote access than with a VPN.

How to set up an SSTP VPN to secure your enterprise network Learn how to set up an SSTP VPN (Secure Socket Tunneling Protocol Virtual Private Network) connection in order to secure the remote users on your enterprise wide area network (WAN). These instructions explain step-by-step what is required to create and configure an SSTP VPN.

Selling advanced VPN technology FAQ Lisa Phifer answers frequently asked questions about selling advanced VPN technology. Check out the best advice on selling advanced VPN technologies that can secure endpoints and ensure protection for mobile workers.

Save your bacon with a VPN

VPN basics

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

McAfee launches security tool Mvision Cloud for Containers

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

SearchNetworking

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

SearchCIO

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

SearchEnterpriseDesktop

How to shut down and restart a remote computer

Setting up Windows 10 kiosk mode with 4 different methods

Microsoft extends Office 365 benefit to nonprofit volunteers

SearchCloudComputing

The future of the Kubernetes ecosystem isn't all about cloud

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

ComputerWeekly.com

Alarm bells ring, the IoT is listening

New government faces calls to urgently deliver on pre-election pledge to review IR35 reforms

Future fashion: does that dress come in digital?

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.