Public Safety

Virtual private networks provide enterprises with a cost effective, secure channel for transporting corporate data and information across public networks

  • E-Mail
By  Zoe Moleshead Published  March 27, 2003

Communication|~||~||~|With an increasing number of mobile workers and telecommuters, the secure and cost effective communication channel that virtual private networking offers is garnering increasing momentum on a worldwide level. Figures from Infonetics Research revealed that worldwide VPN/firewall hardware and software revenues topped US$735 million in Q4 2002 alone, with the year end total hitting US$2.7 billion.

In its simplest definition, a virtual private network (VPN) is a secure tunnel for carrying encrypted data and connecting point A with point B, whether those points be servers, PCs, notebooks, or people.

“VPNs may exist between an individual machine and a private network or a remote local area network (LAN) and a private network. Security features differ from product to product, but most security experts agree that VPNs include encryption, strong authentication of remote users or hosts, and mechanisms for hiding or masking information about the private network topology from potential attackers on the public network,” explains Stephen Peters, network consultant, professional services, Sun Microsystems, Middle East & Africa.

Regionally, VPNs are also proving popular. Many local markets are relatively small in size and enterprises are loathe to invest great amounts of money in establishing network infrastructures and connections for branch offices. As such, VPNs enable global organisations to connect their regional offices to the corporate network in a simple and cost effective manner. Furthermore, business people can utilise VPN connections to access corporate information while travelling.

“The Middle East is a very active market for VPNs. Every market is a small market for the Middle East and companies don’t necessarily want to open an office in every country. This means that their staff are travelling a lot, but they still need to have access to databases, the internet, intranets and company information, ” says Stanislas de Boisset, network consultant, 3Com Middle East.

Consequently, internet-based VPNs have gained large scale acceptance in the region.
The most obvious reason is the wide availability of the internet, as almost every office or employee can now access the internet wherever they are located. For enterprises, this represents a cheaper and easier communication platform than a fixed network.

“Internet-based VPNs are quite widely used throughout the Middle East. Many smaller organisations can’t afford a private network, and their business doesn’t warrant the cost of international leased line. [With VPNs] they have the option of using the internet to transfer their data with confidentiality and security,” explains Anwar Kotob, systems engineering manager, Cisco Systems, UAE.

Both 3Com’s de Boisset and Steven Brown, regional manager, NetScreen Middle East, echo Kotob’s comments about the security and cost effectiveness of VPNs. Brown says that enterprises can connect a computer or an individual to the corporate network via a VPN tunnel for as little as US$200.

“People dial into a local ISP and then VPN tunnel over the internet straight into the company’s infrastructure. It lowers the cost of communication dramatically and it increases your security dramatically,” he explains.

However, while Middle East enterprises may have picked up on the cost savings that can be garnered from using VPNs, they are failing to recognise the security benefits of communicating in this manner.

Brown emphasises the role VPNs can play in the security of an enterprise, adding weight to firewall solutions with a secure VPN tunnel better protecting corporate information.

“It isn’t the fear of somebody getting into their system that should scare enterprises, it is the fear of somebody stealing their company database or bringing down their web site. Organisations need a firewall protecting them from casual intruders and they need the VPN tunnel protecting them from the people trying to grab their data and then getting into their system,” he warns.

||**||Security issues|~||~||~|Despite the enhanced security features that VPNs can offer, they can also create security holes or weaknesses. While information and packets are generally encrypted and therefore safe while travelling through the VPN tunnel, unattended PCs and weak encryption keys make vulnerabilities possible at the edge.

“There are ways for a VPN tunnel to be hacked. If users leave their [encryption] key on the system and leave the system live, in other words, they don’t protect their password key, then somebody can log into that computer using their key and get into another computer,” says Brown.

“[As such,] we’ll see advanced security at the VPN edge, not in the tunnel itself because that is secure. People can listen to what is going on, but it is pointless because they don’t have the encryption key to decrypt it,” confirms de Boisset.

While most vendors advise users to deploy firewalls at the edge of the tunnel, configuration issues are also critical to security of the VPN solution. According to Tarik Malik, senior security architect, Sun Microsystems, installing a VPN in the IT infrastructure can disturb existing services and create security holes.

“A secure VPN can never be implemented by simply installing products. Products are a means to an end. In order to achieve the desired results from a security tool, such as VPNs, one has to carefully design the IT security architecture. Without a planned security architecture, additionally deployed tools may open new holes, which often may not be detectable by enterprise intrusion detection devices,” he cautions.

“VPNs within an organisation should terminate at a firewall, VPN concentration device or Secure Portal Server with rule based VPN termination,” adds Malik.

Configuration and security concerns may also help to explain the increase in managed VPN services. Primarily delivered by service providers and ISPs in the form of MPLS (multiprotocol label switching) VPNs, the worldwide market is gaining momentum and Infonetics Research expects it to top US$1.3 billion by 2007.

Regionally, telcos are also gearing up to deliver MPLS VPNs. Cisco’s Kotob reveals that the likes of Saudi Telecom, Qatar Telecom and Batelco are all running MPLS VPNs over their networks.

“Operators and carriers are running MPLS VPNs, which allow them to sell VPN services to their customers. The advantage here is that it is running on a semi-private IP network. The operator or carrier will build their own semi-private IP network, which may or may not cross the internet, and they will run VPN services on top of that,” he explains.

MPLS VPNs enable operators to separate traffic from different organisations, providing them with their own VPN or virtual LAN. The benefit of managed VPNs is also open to both operators and enterprises. While service providers can generate new revenues streams for themselves, enterprises benefit from lower costs and greater connectivity scalability, as well reduced security and management concerns.

“Enterprises get cost effective, flexible connectivity. As the MPLS access technology is pretty independent, bigger branches can be Ethernet connected to the operator on 10 or 100 M/bits/s and smaller branches on 1-2 M/bits/s,” says Kotob.

Users also benefit from outsourced VPNs, aside from gaining piece of mind about security integrity, the actual connection process to an MPLS VPN is very straightforward. Internet-based VPNs require users to access a desktop connection and enter passwords, with MPLS VPNs it is simply a matter of connecting to the network.

“With IPSec (internet-based) VPNs, users will have an icon on their desktop that fires up their VPN client. Once it is fired up it will ask for a username and password, and from then onwards everything is automatic. With an MPLS VPN they don’t see any of that, they just connect to the network,” explains Kotob.

Additionally, MPLS VPNs offer improved scalability, delivery and services compared to internet-based VPNs. “Significant advantages are available with MPLS VPNs over IP VPNs, such as integrated Class of Service capabilities, ease of scalability and their intrinsic ability to be used as a delivery platform for value-added services like multicast, telephony support, Quality of Service, content and web hosting,” comments Peters.

While regional telcos are just in the initial stages of delivering VPN services, vendors are already targeting new markets for their solutions. And according to NetScreen’s Brown, the most obvious of these is the wireless segment.

“We’ll see VPN tunnels across wireless networks in the near future because one of the problems with wireless is security. For example, [hackers] could war drive up and down Sheikh Zayed Road if we had wireless there and they would pick up everything in the air because it is naked to the world. But if you have a VPN [hackers] can pick up the garbage, but they don’t know what it means unless they have the exact algorithm that was used in the VPN encryption,” he comments.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code