Safe computing in the mobile age, part 2: What costs dominate?
By Cameron Laird
To minimize costs of installation is attractive, of course. For most organizations, though, personnel costs across the scope of operations dominate what the IT (information technology) department does: it makes sense to make remote connections as convenient as possible for valuable line workers, and minimize the costs of retraining them. That's where an IPSec (Internet Protocol Security) VPN shines: IPSec VPN establishes a connection that gives the remote user every appearance that she's connected within the home LAN (local area network), including access to fileshares, printers, and all office-automation applications. By IPSec encapsulation, all this is possible even when transported by purely HTTP/HTTPS facilities of the sort remote workers increasingly encounter.
While SSL vulnerabilities of various sorts and likelihood have been in the news in 2011, the greatest risks with SSL solutions, points out Tom Henderson, Managing Director of Extreme Labs, have to do with key management. Among other precautions, "keys ought to be rotated because as they become aged, someone hacking at them eventually can get the keys ..." and penetrate the network. IPSec has longer and considerably more resistant keys.
For all these reasons, the appeal of SSL/TLS VPNs as "installation-free" is only superficial; deeper examination shows that IPSec VPNs enjoy crucial advantages in:
- support of the full range of applications and accesses remote workers require; and
- robust key management, resistance to "man in the middle" attacks, and secure networking even from the most public and untrusted access points.