The key word in "virtual private networks" is private. The last thing a business wants, is to have sensitive corporate information end up in the hands of some pubescent hacker, or worse, the competition. Fortunately, VPNs are widely considered extremely secure, despite using public networks.

In order to authenticate the VPN's users, a firewall will be necessary. While in the past, firewalls have been a major source of headaches for network administrators, the new generation of firewalls are far simpler to create and maintain. Nowadays, there is a wide variety of hassle-free, prepackaged appliances to keep unwanted packets out of the network. Many "black box" security systems also include some sort of encryption system, although some VPNs do not.

Firewall products for VPNs, such as NetScreen, Watchguard, or NetFortress are often relatively simple, plug-and-play solutions for network security. The system can be connected to as many LANs as needed, keys are exchanged between the two units, and the VPN is complete. However, these solutions can come at a substantial cost, and the right choice will depend on the unique networking and security needs of the company or companies using the network. Generally, if you already own the appropriate equipment and Internet connection, an out-of-the-box solution is not necessary.

All VPNs require configuration of an access device, either software- or hardware-based, to set up a secure channel. A random user cannot simply log in to a VPN, as some information is needed to allow a remote user access to the network, or to even begin a VPN handshake. When used in conjunction with strong authentication, VPNs can prevent intruders from successfully authenticating to the network, even if they were able to somehow capture a VPN session.

Most VPNs use IPSec technologies, the evolving framework of protocols that has become the standard for most vendors. IPSec is useful because it is compatible with most different VPN hardware and software, and is the most popular for networks with remote access clients. IPSec requires very little knowledge for clients, because the authentication is not user-based, which means a token (such as Secure ID or Crypto Card) is not used. Instead, the security comes from the workstation's IP address or its certificate, establishing the user's identity and ensuring the integrity of the network. An IPSec tunnel basically acts as the network layer protecting all the data packets that pass through, regardless of the application.

Depending on the solution used, it is possible to control the type of traffic sent over a VPN solution. Many devices allow the administrator to define group-based filter which controls UP address and protocol/port services allowed through the tunnel. IPSec-based VPNs also allow the administrator to define a list of specific networks and applications to which traffic can be passed.

One downside to IPSec-compliant products, is that they provide access control over the network and transport layers only, and not a great deal of measures to selectively regulate access to individual resources within these hosts. If customers given access to particular company information on a server, for instance, highly selective controls are needed to make sure they access only the information they've been authorized to see.

This type of selective, or unidirectional access, within a VPN is available in some non-IPSec solutions, such as Aventail's SOCKS 5 server. In a unidirectional connection, a two-way trusted relationship is not assumed as it is with tunneled VPNs. With this model, if there is some kind of breach in security, only the destination network is affected. SOCKS 5 is also able to handle virtually any authentication and encryption standards.

Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Forwarding (L2F) are also available, and although only a handful of firewall vendors support these security protocols, they are part of the reason why there is no current universally accepted standard. Although VPN vendors must decide which standard they use, it is the administrators who will eventually decide the outcome of this emerging technology. Because of factors like this, it is all the more important to make a wise, informed decision before purchasing a VPN.

VPN News Headlines