Five BYOD Pitfalls and How to Avoid Them

Staying abreast of mobile trends and developments is one of the most important parts of being a remote access VPN solution provider. As our devoted followers know, we’ve regularly followed and offered commentary on the most talked about trends in the security world, especially BYOD. In a recent CIO article, Tom Kaneshige highlights five major BYOD pitfalls and describes how to avoid them. While we were mostly in agreement, we did have some additional thoughts of our own. 1.   An ‘Open Door’ Attitude Towards Apps Being too lenient with the types of apps CIOs allow employees to have (and even expense!) on their devices is a recipe for disaster. While the article highlights recreational apps, such as Angry Birds, it’s important to remember that Web browsers are applications, too. The Web is one of the most susceptible entry points for malware, and if enterprise security is not up-to-speed, sensitive corporate information is almost immediately at risk of being accessed and/or damaged. There are a couple of different ways to tackle this problem. The first method is to only allow employees to access the corporate network via an IPsec VPN. This will ensure that the network is protected even if the browser is compromised. SSL VPNs are the second option; they can be configured on an app-specific basis by administrators, and access can be revoked immediately. 2.   Playing the Role of Big Brother Another way that CIOs try to tackle the aforementioned application problem is through a technique called Geofencing. Essentially, a virtual perimeter is created that allows employees to have certain applications on their phone, but prohibits their use...

IPv6: Looking Back on Year One

It was only one year ago that the world welcomed the launch of IPv6, the long-anticipated solution to the problem of the world running out of IP addresses. In its first year, IPv6 has started to take root. Take a look at Google’s IPv6 adoption chart, for example, and you will notice that the growth has been exponential over the past year. However, the communications protocol still has a long way to go before becoming widespread. Over the next several years, the need for IPv6 will become more evident though. North America will run out of IPv4 addresses this month, according to the Internet Society’s infographic we previously referenced; meanwhile, Europe and Asia have run out already. On top of this, the increasing number of web-enabled smart devices, including smartphones, tablets, household appliances and vehicles, will put a further strain on IPv4’s networks. Despite the glaring need for IPv6, IT infrastructure is still a limiting factor in its adoption. Rainer Enders had this to say in an IT Business Edge article: “The truth is, the transition to IPv6 will be a slow rollout that will happen over the next 10 years. There’s still too much work that needs to be done from providers in terms of upgrading their wiring, pipes and firmware.” Sadly, this is still the case, as many organizations have used workarounds like Network Address Translation (NAT) as band-aids rather than confronting the inevitable transition to a long-term solution. Luckily, organizations are slowly starting to embrace the new era of the Internet. Operators such as AT&T, Verizon and Deutsche Telekom have championed the new protocol, with each...

NCP engineering Explores Trends in IPsec and SSL VPNs on insideHPC Slidecast

Initially created as a response to the difficulty of implementing earlier versions of IPsec VPNs, SSL VPNs have become increasingly common over the past few years. Because they were built to be easier to implement, they were thought of as easier to manage than IPsec, which led to their growing popularity. However, IPsec offers many features that SSL doesn’t have, as detailed in the presentation given by Rainer Enders, NCP’s CTO of Americas, in a slidecast for insideHPC. Rainer explored recent trends in remote access technologies and delved into the progression of IPsec and SSL VPNs. In many ways, SSL has been evolving to become more like IPsec because businesses have demanded many of the features that are traditionally in IPsec VPNs, such as access to the entire corporate network rather than just applications. As a result, the formerly “client-less” option has required a bigger footprint to add those features. At the same time, IPsec has become much easier to use. NCP’s IPsec VPN client suite features a firewall and Internet connection that are integrated into a single interface. Users only need to click on a button once to securely connect or disconnect. Everything else is automated, and users never need to worry. So, it’s no longer true that IPsec is more difficult to connect to than SSL. Although SSL and IPsec are becoming more alike in many ways, each has unique features that are useful for different business needs. NCP develops VPN functionality based on both protocols, and we are constantly working to make them easier for IT administrators to manage and for users to enjoy mobility’s benefits....

eWeek Explains How NCP’s VPN Client Supports Android BYOD Security

Enterprises know they’ll have happier employees if they embrace BYOD rather than prohibit it. Welcoming BYOD can be better for business output, too—the trick is to find the tools that keep employees productive when they’re using their own smartphones, tablets or laptops to access the corporate network remotely. In his recent reviews of NCP’s managed IPsec VPN clients compatible with Android (version 4.0 and higher), eWeek journalist Jeff Cogswell set out to determine just how well NCP’s VPN supports BYOD. The result? Not just a pass, but one with flying colors. Cogswell was particularly sold on a few of NCP’s product features that make it suited for welcoming Android-based mobile devices into the enterprise. For one, the installation was a quick and painless process. Right away, Cogswell connected to NCP’s test server and his own VPN server, which is OpenBSD. He also tested it with a Cisco server, and it worked in all cases—the fact that NCP’s Secure Enterprise Android Client is compatible with all common VPN gateways is a huge plus, since IT departments are increasingly compelled to support various platforms. The eWeek reviewer was also relieved that his smartphone didn’t have to be rooted; in fact, he said it’s a significant differentiator between NCP’s offering and other Android apps: “I have spent a lot of time using Android devices in recent years, and what struck me as particularly interesting is that your phone doesn’t need to be rooted. Rather, Android supports the networking tasks that this VPN client requires. That’s a huge plus.” Cogswell highlighted many other benefits, including how the client allows you to choose the...

May Feature of the Month: SSL VPN Technology, Part One

For our May Feature of the Month, we decided to devote a series to NCP’s SSL VPN technology, which safely and reliably connects remote employees to Web applications, client/server applications as well as internal network connections. Why a series? Because NCP has significantly increased its SSL VPN functionality over the years. The first SSL feature we’d like to call attention to is NCP’s browser-based SSL VPN (Web proxy). This method puts the fundamental idea behind SSL VPNs into practice – it eliminates the need to install additional software at the end device. SSL VPN was originally introduced to address various shortcomings of its IPsec counterpart, such as usability, interoperability and scalability. In particular, the IPsec client-based approach was regarded as a difficult-to-manage process from both the administrator and user perspectives. When SSL was initially introduced, it was thought of as a client-less technology in order to differentiate from the IPsec client-centric approach. However, SSL is actually involved on the client side, typically in the form of a Web browser. Since SSL comes pre-installed on all OSs, whereas with IPsec, a separate software install is often required, many companies opt for the SSL approach. NCP created its “first generation” SSL VPN offering to be a simple yet effective technology: it isolates the internal web server from direct access from the Internet, and after successful authentication at the SSL VPN gateway, the user is granted access to the gateway. Following the success of the Web proxy functionality, customers started demanding more. But, how can simple, browser-based SSL VPNs directly connect users to certain applications on specific ports, or provide transparent remote...