VPN security: Where are the vulnerabilities?

SOX compliance has changed the way organizations approach security. It used to be all about asset protection and securing of sensitive data by utilizing authentication, encryption and intrusion detection. This still holds true; however, the advent of SOX has created the need to push security measures far out into the end-user environment and to focus on a holistic security approach. By holistic, I mean that organizations must monitor, lock down and continually evaluate the security policies, security architecture, security management and incident-response capabilities of the entire enterprise environment.

So how does this affect the VPN world?

VPNs have always been considered a secure mechanism for transmitting sensitive data between client and server applications for remote workers. VPN technology is well known and is widely deployed across the world. How have SOX compliance mandates impacted VPN solutions? In a nutshell, the SOX mandates have pushed organizations to deliver end-to-end VPN security. This means that the VPN itself is not enough.

There need to be specific, granular security policies that can be assigned and enforced on an individual or group level. This is directly related to SOX, as SOX requires organizations to articulate the security policies for different organizational entities such as executives, sales or end users of the infrastructure. If you have different security policies (which you should) for different groups or individuals, the differences should be reflected in your security deployment as well.

More on this topic Browse more VPN tips Wireless LANs meet needs for compliance Crash Course: VPNs

In addition to VPN policy granularity, organizations will need the ability to validate or verify that the end-client systems are "clean" before being granted VPN access. This is a major differential in VPN services as the client was considered a host that utilized the system, not necessarily an integral part of the security of the VPN system. This has changed significantly with the advent of SOX and end-to-end VPN security. VPN systems that do not have the ability to verify or validate security configurations on the end client may present challenges to SOX compliance. "Clean" access can be verified by several different vendor technologies (Cisco Clean Access being one); however, VPN vendors are moving their products towards integrating this into the overall VPN service delivery.

Finally, many VPN systems do not provide the ability to easily manage and maintain the security of the clients utilizing the VPN solution. This includes visibility into client-loaded software to ensure the clients are up to date, as well as the ability to "push" out updates to the clients. There are mechanisms such as SMS for doing this; however, SMS is not necessarily considered a security policy enforcement technique. It can be, but the VPN industry is moving towards integrating this into the VPN systems themselves.

So, as can be seen from these examples, the regulatory security eye (SOX) is beaming brightly on the VPN world and is driving significant developments in VPN technology. Remote access is the window to the corporate environment, and security (up front and ongoing) takes on a whole new meaning with SOX. Be very cognizant of these factors when evaluating a VPN solution in terms of security.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Wide Area Networks WAN optimization: A market update Remote Desktop troubleshooting How the NetFlow protocol monitors your WAN Network design: Five ways to lower your costs Remote office backup, archiving and disaster recovery for networking pros Troubleshooting WAN performance issues Cisco CCIP MPLS certification: Introduction Distribution of labels -- Cisco CCIP MPLS certification: Lesson 3 Label imposition -- Cisco CCIP MPLS certification: Lesson 4 Configuring MPLS -- Cisco CCIP MPLS certification: Lesson 5 Remote Access VPNs Creating Remote Access and Site-to-Site VPNs with ISA Firewalls: from 'The Best Damn Firewall Book Period, Second Edition' Can I set up a VPN on my wireless router? VPN security: Hiding in plain sight, using network encryption SonicWall acquisition could hurt Aventail users Does IPv6 support encryption in the IP stack? What equipment do I use to connect two LANs in different cities? What are the steps? Are there any architectures of IPsec VPN apart from lookaside and flow-through? NAC -- Strengthening your SSL VPN WAN optimization and acceleration appliances tackle SSL traffic Remote access keeps physicians connected Remote Access VPNs Research VPN management Pen testing your VPN Don't let remote management problems get you down Working with Windows VPN clients Configuring a Cisco router to work as a VPN RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.