You have a new branch location that you want to network together with your headquarters using a Virtual Private Network (VPN). The literature that came with your Firewall device says it can be used to set up a VPN, so you get to work, or you assign it to your IT person.
But wait. Before you get too far along, you may want to explore what’s involved, because setting up, configuring, and managing a site-to-site VPN isn’t for the uninitiated. Even an experienced IT pro may discover nuances of security and networking they didn’t know existed, since these disciplines do truly require some pretty advanced and specialized skills. In this post, I’ll explore some of the risks. And as you might have guessed from the title, I’ll discuss the trustworthiness of DIY VPN.
As I’ve already suggested, setting up and running a VPN isn’t for the faint of heart. It’s not a simple task, in part, because both ends of each VPN tunnel need to be manually created and tuned, often through a complex command line interface. This is a time-consuming and error-prone process involving IP addresses of both security appliance interfaces, a pre-shared key or certificate, authentication and encryption protocols, a list of exportable subnets, and more. All of these things need to be manually specified and configured twice for each tunnel that you wish to set up.
Do you have several sites you want to network together? Compound these tasks for every location you want to add.
Almost anyone who has had to troubleshoot a firewall-based VPN will tell you it’s time-consuming and frustrating. Think about all the lost productivity and downtime while you wait for the fix, or try to get the attention of your IT vendor. Ongoing maintenance requires rigor and constant care as well. Take the basic task of updating firmware, for example. Hacks of major gaming platforms were traced back to firewall weaknesses. It’s kind of ironic that the device most businesses rely on to protect their network assets – their firewall – likely has firmware that is out of date, making it a target for hackers. Very few companies have formal policies to cover the routine patching of firewalls. And adhering to a policy – if one exists – often isn’t easy, because updating the firmware requires you to use command line interface or an often tricky-to-use graphical user interface that is proprietary to the device. The GUI option may not be much easier than the CLI.
Site-to-site and extranet VPNs are more complex than basic remote access VPN that you would use for remote workers or accessing the network from your laptop while on travel. If you want to run business-critical applications or share your own (or clients’) closely guarded intellectual property internally and privately on your network, you need to be either very careful or altogether wary of DIY VPN. A poorly configured private network could open your network to security vulnerabilities and downtime, and you might not even be aware of the risk until it’s too late.
For added security, MegaPath gives you the option to layer on an affordable and comprehensive Managed Security Service running on the same devices that deliver VPN and Firewall. This Unified Threat Management solution provides multi-layered protection to safeguard networks and information assets against viruses, malware and emerging cyber threats with components such as Intrusion Detection and Prevention, Content Filtering, and Antivirus and Anti-phishing.
MegaPath Managed Network and Security services including Managed IPsec VPN and Managed Security (UTM) were designed by expert security professionals. Security best practices are built into the technology itself as well as the management tools and practices. MegaPath Managed Security combined with Managed IPsec VPN delivers integrated, end-to-end network security that is superior to do-it-yourself options, for a predictable monthly fee. Learn more by visiting our Networking and Security product page, or talk with your MegaPath representative today.