Problem solve Get help with specific problems with your technologies, process and projects.

Virtual private network trends

Robbie Harrell looks at some trends that will be shaping the VPN in 2006, including the explosion of SSL to support Web-based security.

Privacy and security are critical aspects of any enterprise network as we move into 2006. Today's security solutions consist of firewalls, virtual private network gateways, intrusion detection sensors (IDS) and proactive queries of operation systems in order to ensure that the client's virus and worm protections are up to date. Any and all of these technologies can be part of overall security architecture. Encryption of data as it traverses WLAN networks and the public Internet is driving a tremendous amount of development in the VPN gateway market.

Traditional encryption-based VPNs utilized IPsec as the technology of choice for building tunnels across the Internet and within the enterprise. However, Secure Sockets Layer (SSL) gateways are becoming more commonplace as the numbers of vendors, platforms and features/functionality expand.

With the advent of Web-based applications, the explosion of SSL to support Web-based security is not as surprising as it would seem. SSL has been around for quite some time, but is just now gaining traction in the marketplace (in the last two years).

The expansion of SSL has lead to VPN products offering multiple features and functionality to the enterprise. VPN gateways can now be categorized into four different categories based on the feature set supported by each. The four categories are as follows:

  1. SSL VPN gateway: SSL VPN, access control, access policy and client-audit capabilities
  2. Hybrid VPN gateway: SSL and IPSEC and access policy
  3. Multi-function VPN gateway: SSL, IPSEC and application and network-level security
  4. Multi-function hybrid VPN gateway: Combination of 2 & 3

Each of these classes of VPN gateways offers different levels of capabilities and control. Based on your enterprise-specific needs, one of these should provide the level of security you require.

More on this topic

VPN market makes room for IPsec and SSL

Crash Course: SSL VPNs

The top 5 VPN tips of 2005

Browse more VPN tips

The key point is the development of the multi-function VPN gateway that provides the application level visibility. This combines both VPN capabilities and firewall-type capabilities within the same platform. This is extremely attractive in terms of consolidation of capabilities within a single box. However, this consolidation is not just a "nice-to-have" feature. It is extremely important to realize that an SSL VPN solution can render perimeter security via firewalls ineffective if the traffic is encrypted and cannot be screened by a firewall. This means that the trust boundary of the network has been pushed all the way to the VPN gateway. The advent of worms, viruses and malicious hackers requires firewalling your network. The introduction of granular-based access controls and application-layer visibility within the gateway makes SSL VPN gateways a reality for today's extremely critical security requirements.

The explosion of Web-based applications has created a requirement for SSL as a VPN technology to support secure data transfers across public or unprotected networks. The vendor community has responded by developing application-aware VPN gateways capable of supporting access control, security policies and network security within the VPN gateway itself. This supports secure access into the enterprise via a "gateway" technology that serves as a single threshold between protected assets and unwanted users or viruses.

Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has over ten years of experience providing strategic, business and technical consulting services. Robbie resides in Atlanta, and is a graduate of Clemson University. His background includes positions as a Principal Architect at International Network Services, Lucent, Frontway and Callisma.
This was last published in January 2006

Dig Deeper on Network virtualization technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.