bluebay2014 - Fotolia

Manage Learn to apply best practices and optimize your operations.

How do PKI problems complicate VPN management?

Securing and managing VPNs can be a challenge, and public key infrastructure can help, but PKI problems are often lurking.

Simple passwords used to log in to a corporate network via a VPN offer minimal security. An added layer of security is two-factor authentication, which combines two methods to substantiate the identification of a user.

Two‐factor authentication makes use of at least two types of authenticating data from three different attributes -- something you know, like a password, PIN or certificate; something you have, such as a token, phone or smart card; or something you are, like a fingerprint, face recognition or iris scan.

Through these methods, users have the convenience of anywhere‐anytime access without exposing the network.

Within these methods, certificates are very useful within a VPN. A certificate is a public or private key that can include various data points, such as issuer, expiration date and address -- all information that is known and integrated within a VPN. Primarily used for encryption for secure web browsing, certificates rely on a public key infrastructure (PKI) to create, manage, distribute and revoke certificates.

PKI uses a pair of keys: a public key, plus a private key for authenticating the user. Because certificates are based on asymmetric -- rather than symmetric -- cryptography, they provide a higher level of security, compared with passwords. But, nevertheless, VPN managers must contend with PKI problems.

Identifying PKI problems

While PKI offers an added layer of security, integrating certificates with a VPN can be complex to deploy, manage and scale. PKI consists of policies and procedures needed to create, distribute or revoke digital certificates while managing public key encryption. 

Without a comprehensive management layer, distributing, verifying, revoking and renewing certificates within a VPN can be time-consuming and chaotic.

That complexity can lead to PKI problems, given most PKI deployments are comprised of several systems, compounding the need for centralized management.

Without a comprehensive management layer, distributing, verifying, revoking and renewing certificates within a VPN can be time-consuming and chaotic.

Standardized interfaces allow you to import data from directory services tools, as well as from identity and access management systems. This allows you to synchronize the VPN with an identity management system to ensure compliance, roll out software updates and patches, and configure licenses and certificates.

Though not all authentication methods are flawless, they are necessary. Overall, every business should use PKI in conjunction with their VPN to keep confidential information safe and secure.

Next Steps

Security: Are you behind the curve?

Comparing VPN security risks

Understanding SSL and IPsec

This was last published in November 2016

Dig Deeper on Network Access Control