Virtual Private Network (VPN) products have never been very cheap or easy to set up.
But in the past couple of years, they have become a lot more affordable and, with the introduction of SSL based technology, a lot simpler.
VPN backgrounder
By VPN, we mean the ability to connect to a remote network over the internet,
with the data encrypted to create a secure “tunnel”.
Traditionally, that involves the use of specialised software to handle not just the encryption/ decryption but also the encapsulation of the encrypted data using common tunnelling protocols, the most popular and secure of which is IPSec, short for IP Security.
Using protocols such as IPSec, VPN tunnels can be configured between two networks (site-to-site VPN) or between a network and individual users (site-to-client VPN). Site-to-site tunnels are normally terminated by a hardware device at each end, typically an internet router or firewall.
With a site-to-client tunnel, however, client software has to be installed on the user PC to handle all the encryption and tunnelling. This software also has to be configured with the correct passwords, keys, digital certificates or whatever authentication is being used, making management a lot more problematic.
An SSL VPN tackles this by taking advantage of the Secure Socket Layer encryption available in Web browsers such as Internet Explorer and Mozilla Firefox – the same technology used to make secure credit card payments when shopping online.
Because it’s built-in already, there’s no need for special client software, although on most implementations you will need to install ActiveX or Java plug-ins and other agents to take advantage of all the functionality on offer. Still, that’s no harder than installing any other browser plug-in, and there’s usually very little configuration work required on the client side.
What’s involved
SSL-based VPN solutions are designed to provide site-to-client connectivity,
rather than site-to-site links and, because they’re effectively clientless, are
installed centrally. They can be implemented using either software or hardware.
Early hardware appliances were expensive, but prices have dropped considerably
of late.
A couple I’ve looked at recently are the Sonicwall SSL-VPN 200, for sale online at around £340 inc Vat, and the Billion BiGuard S10, which retails at around £280 inc Vat. Those prices may seem expensive, especially when compared to ordinary VPN enabled routers, but with those you have to factor in the cost of client management and licensing. And although the SonicWall appliance is solely an SSL VPN gateway, the BiGuard S10 also incorporates an Internet router and a traditional firewall.
Both products can handle up to 10 remote users at a time and are configured and managed through a browser interface.
To connect to the remote network, you open a Web browser and type in either the IP address of the target SSL gateway or a DNS name pointing to it. You then identify yourself by logging on while, behind the scenes, authentication is managed using either an internal database maintained on the appliance itself or an external service such as Radius, an NT domain, Active Directory or LDAP.
