Posted on March 21, 2016 by Matt Mayhew
You have a new branch location that you want to network together with your headquarters using a Virtual Private Network (VPN). The literature that came with your Firewall device says it can be used to set up a VPN, so you get to work, or you assign it to your IT person.
But wait. Before you get too far along, you may want to explore what’s involved, because setting up, configuring, and managing a site-to-site VPN isn’t for the uninitiated. Even an experienced IT pro may discover nuances of security and networking they didn’t know existed, since these disciplines do truly require some pretty advanced and specialized skills. In this post, I’ll explore some of the risks. And as you might have guessed from the title, I’ll discuss the trustworthiness of DIY VPN.
Challenges of Setup, Configuration, and Management
As I’ve already suggested, setting up and running a VPN isn’t for the faint of heart. It’s not a simple task, in part, because both ends of each VPN tunnel need to be manually created and tuned, often through a complex command line interface. This is a time-consuming and error-prone process involving IP addresses of both security appliance interfaces, a pre-shared key or certificate, authentication and encryption protocols, a list of exportable subnets, and more. All of these things need to be manually specified and configured twice for each tunnel that you wish to set up.
Do you have several sites you want to network together? Compound these tasks for every location you want to add.
Costs of Troubleshooting, Maintaining and Managing
Almost anyone who has had to troubleshoot a firewall-based VPN will tell you it’s time-consuming and frustrating. Think about all the lost productivity and downtime while you wait for the fix, or try to get the attention of your IT vendor. Ongoing maintenance requires rigor and constant care as well. Take the basic task of updating firmware, for example. Hacks of major gaming platforms were traced back to firewall weaknesses. It’s kind of ironic that the device most businesses rely on to protect their network assets – their firewall – likely has firmware that is out of date, making it a target for hackers. Very few companies have formal policies to cover the routine patching of firewalls. And adhering to a policy – if one exists – often isn’t easy, because updating the firmware requires you to use command line interface or an often tricky-to-use graphical user interface that is proprietary to the device. The GUI option may not be much easier than the CLI.
Consider How You’ll Use Your VPN
Site-to-site and extranet VPNs are more complex than basic remote access VPN that you would use for remote workers or accessing the network from your laptop while on travel. If you want to run business-critical applications or share your own (or clients’) closely guarded intellectual property internally and privately on your network, you need to be either very careful or altogether wary of DIY VPN. A poorly configured private network could open your network to security vulnerabilities and downtime, and you might not even be aware of the risk until it’s too late.
Assess your Options
- DIY. Depending on level of knowledge and skill, generalist IT staff may or may not have the security and networking skills to set up and troubleshoot your site-to-site VPN (or to do it properly). The question is: can you risk it if they don’t do something quite right? What’s more, if your IT staff are like most, they may find it difficult to add one more thing (albeit an important one) to an already full workload. A recent Infonetics research survey conducted in the UK showed that 25% of organizations have too few IT staff to support a VPN.
- Hire a Consultant. You can buy any hardware you may need for the new site(s) and hire IT consultants to set up your VPN. They may even be available to manage it, make any adjustments or changes, and so on, for a maintenance fee. Although a consultant with the right expertise is likely to get it right, this option can be very expensive and difficult to budget, between capital outlay for hardware and setup, and the operational expense of ongoing management.
- Outsource. You can also fully outsource your private networking to a provider like Fusion Connect. Fusion Connect offers a fully managed IPsec VPN with Firewall. Devices and VPN management are included for an affordable monthly fee. With a managed service like this, you get the benefit of handing over design, installation, configuration, public key infrastructure management, updates, and day-to-day operation to someone else. Networking experts are involved every step of the way, yet you get to retain your oversight, and gain insight into what’s happening in your network via a web-based dashboard offering intuitive, graphical reports. Expert support is included, and available 24/7/365.
Look for a Comprehensive Solution
For added security, Fusion Connect gives you the option to layer on an affordable and comprehensive Managed Security Service running on the same devices that deliver VPN and Firewall. This Unified Threat Management solution provides multi-layered protection to safeguard networks and information assets against viruses, malware and emerging cyber threats with components such as Intrusion Detection and Prevention, Content Filtering, and Antivirus and Anti-phishing.
Go with an Expert
Fusion Connect Managed Network and Security services including Managed IPsec VPN and Managed Security (UTM) were designed by expert security professionals. Security best practices are built into the technology itself as well as the management tools and practices. Fusion Connect Managed Security combined with Managed IPsec VPN delivers integrated, end-to-end network security that is superior to do-it-yourself options, for a predictable monthly fee. Learn more by visiting our Networking and Security product page, or talk with your Fusion Connect representative today.