Okay! The above paragraph was a just random rant but it is true. We don’t get what we really search for in Google. This is why I have taken matters into my hand. I am no alpha geek and I don’t know what. DLL files are doing in my System32 folder but I got brains and today I will try to use a part of the same to make life easy for all of us.
It’s time for business.
IPsec style of VPN has ruled around for long till there was nothing like SSL. I will not know what you think and what are your requirements so I will try my best to touch base with the pros and cons of all types of VPNs. The ball will be in your court after the two-part series is wrapped up. Think before you decide.
SSL (Secure Socket Layer)
I discussed SSL in my last article itself and I wasn’t sure that I will end up throwing more light on the same all over again. If you ask me to summarize this quickly then SSL is responsible to create a secure session between your browser and the destination. In reality, SSL is like a proxy in most of the cases.
The important point worth a note is SSL is smart at encrypting end-to-end traffic which means it can bypass firewalls, load balancing devices, Intrusion Prevention Systems and other different types of network management systems. This means that SSL might just become a headache for you in some cases henceforth it is suggested that you do your research before implementing SSL style of VPN.
Golden Tip: SSL will add overhead on your servers henceforth I will suggest you to offload it to some proxy and then route the network traffic via your secure corporate network.
The advantage of SSL style VPN is that they won’t be any third party software required as default installation for SSL to work even at users end. This makes it easy to use SSL anywhere. The disadvantage is that if you somehow need access to something that isn’t present on the web then you might want an intervention by another layer as SSL provides security for web-based apps only.
The world of VPN has been full of bad (with some good) services which have left the end user confused and unsatisfied. At the end of the day, it is a high amount of self-research that helps an individual attain nirvana with VPN services. With this series of articles, I am trying my best to ease off the pain involved in attaining nirvana by giving some quick tips and explaining all forms of VPN that you will someday stumble upon.
We have already discussed a lot about IPsec Protocol for VPN services so I won’t kill much time here. Basically, IPSec sets up a tunnel from the remote site thus securing any format of data transfer. This makes it easy for you to connect to any form of application (web apps or anything else) through this tunnel and stay secured.
IPSec is one of the tried and tested VPN protocols that has satisfied users for past many years. IPSec will always look at a client installed on your machine for him to work successfully. The client software is usually free unless you end up using a custom software provided by your vendor. This will cost you some bucks.
Golden Tip: IPSec will protect you from multiple hack attacks like man-in-the-middle attack, Replay, and Denial-of-Service (DoS) attack. Could be worth a shot due to its high end security features.
NOTE: If you have non-IP data then you might have to think about configuring GRE tunnels separately and run IPSec on them so as to support multicast traffic.
Well, this should be mentioned at the end but I wanted to leave this quick note. Hybrid VPN services are examples of multiple VPN types bundled into one so as to provide features of all in one package. You will have to do your research with the respective hybrid VPN service that you come across.
One such example is combining the features of IPSec and SSL so as to provide double security for its users.
Please be aware that in case of hybrid VPN services the service providers might provide client-based custom software to accomplish the task but this might burn a hole in your market. Again, do your research!
This is it!
This is it (and it isn’t a Michael Jackson that I am referring too!). I had to wrap this up before it becomes overly boring. Henceforth, here is the last and final part of VPN Nirvana!
Golden Tip: Please understand that at the end of the day it will be you who will know which VPN is best for you. Features, availability and functionality of a VPN service depends on your geographical location. A VPN service that does well in China might not do good for your if you move to Indonesia. Henceforth, it is suggested that you (please) go through this series and start your own research. Results will be fruitful if you stay intact throughout!
Next, I will focus on Remote Offices and Remote Users as these happen to be an important reason why VPN services are highly in demand especially in the corporate world. Time for some really worthwhile suggestions!
If you are part of that genre of users who travel a lot and need access to the Internet from Hotels and Coffee Shops then MPLS is surely not the service you should be looking for. Ignore without giving second thoughts! IPSec is good for such users only if you have control over those systems that you will use as you might have to download VPN clients with regular updates popping up!
IPSec seems to be the only possible option for the IT support staff or any other person who plans to access multiple applications over a VPN. IPSec is good when it comes to scaling and it is easy to manage.
Another suggested option is SSL which comes into play when users are accessing the corporate network from non-corporate systems like public places or homes etc. This is possible in case of SSL VPN as there is no client software required to run SSL VPN services. It is easy to use and quite cheap when compared to its counterparts. If you have an internet connection then you will easily have access to your data though it might not support all the applications that are part of your organization’s list!
Now, the discussion moves from remote users to remote offices where the question is multiple users working simultaneously from one place itself! In such cases, SSL is not the best option.
In such cases, it is suggested that you have one secure link between your current location and your central office. If you are targeting an environment where all the remote sites will access your central site then IPSec will be the best-suggested option for you. Also, your users won’t have to worry about any client software as that will be taken care of on the network level.
But, if you plan to interconnect every possible branch with other branches then it might end up being really a pain in your bum. This will elevate when you have to setup GRE in case of non-IP traffic or multicast traffic. One should remember that this deployment will be done over the Internet henceforth no possible QoS guarantees might be available to satisfy client’s requirements.
We have done a lot of discussion about all possible (in use) formats of VPN services. As I have said already, it is you who will make the last decision. Hit it!