Why doesn't your VPN work on the road?

Monday, October 29, 2012

Rainer Enders

5a8300df8aa4169096932e433ec884b5

With the ubiquity of mobile devices, staying securely connected to work - in theory - should require nothing more than an internet connection, and seemingly everywhere you travel, whether that be in hotels, airports, or conference trade shows, offer such connections. But the reality is more complicated because, for example, connecting to a host of different networks across the country could result in potential security vulnerabilities. Unfortunately, closing these security loopholes too often results in very slow or completely blocked connections to the corporate server, severely hindering overall productivity. 

Often times the first point of adversity is the Virtual Private Networks (VPN) itself. VPNs, as the facilitators of secure remote access, allow employees to work regardless of location. Despite their primary importance to the modern enterprise, the most common issue with many VPN solutions is that they require the user's attention. The best VPNs are the ones that remain unseen for the most amount of time, and enterprises searching for new or updated VPN solutions would be best served finding those that need little input on behalf of the user, and instead can offer an easily navigable user interface and straightforward implementation process. “Road warriors” already have a lot on their plate; leaving little room for constantly reconfiguring their VPNs. Additionally configuring the VPN connection at the client side can introduce security holes and as such should be avoided under all circumstances.

Two areas where workers consistently find themselves encountering the most remote access problems are on the road and in hotels. For instance, traveling from one city to another via railway presents the perfect example of such complexity. As the road warrior sits down in his cab, if Wi-Fi is not available, his phone will connect to the closest broadband network. As the train creeps away from the station, that original broadband network's strength decreases in favor of a closer one.  Lag time between the networks, especially when working on something important, can be among the most frustrating of mobile experiences.

Hotels offer the same annoyance, albeit in a slightly different fashion. A visitor can be using her smartphone as she walks down to the lobby of her hotel, checking her email. While the visitor walks outside to flag a cab, the signal becomes weak and eventually disconnects. Perhaps the visitor is used to her phone in such cases automatically reestablishing a connection with either her home or office Wi-Fi, but since the phone does not recognize a nearby signal, the visitor's email stops working, without any warning or notification.

Fortunately, modern VPN clients offer dialers that are integrated right into the client itself. They are able to detect the different communication networks in the area, and deliver those that are available to the device where the client is installed, whether that is a smartphone, laptop or tablet. The dialer is actually what organizes the different networks, and assigns each one a specific priority. This automatically empowers the user to connect to the best available network without performing a single action.

Another common issue with hotels is that many operate under the assumption that everyone uses SSL VPNs in order to remotely access their corporate network, even though IPsec is rapidly making a comeback among enterprise users.  Yet, SSL VPNs still remain more popular to the average worker than IPsec connections, prompting many hotels to block access to IPsec ports. There are, however, solutions available on the market today to all but eliminate this issue. For example, a relatively new innovation with some IPsec VPNs facilitates secure data connections from unknown networks that bar IPsec communication. This technology circumvents the block by switching over to a different port, which is typically an SSL port, which then passes the IPsec packets to the SSL port, thus completely redirecting the communication channels back through the secure IPsec VPN and into the corporate network.

The workforce is on the track towards absolute mobility, and hotels and the road represent just two of the many areas in which employees are now expected to work just as though they are in the office. To achieve this reality, two things must happen. The first is to ensure the most seamless experience possible, largely by designing ways in which the VPN stays invisible while also remaining agile. And they must be able to handle dynamic environments where multiple networks are constantly colliding with each other, and comprises to the network's security are omnipresent. In that sense, with the presidential election in full gear, perhaps a proper analogy to an effective VPN solution is that of the secret service, always working, always watching, only visible in dire moments.

Possibly Related Articles:
14259
Firewalls IDS/IDP Network Access Control Network->General SCADA Budgets Enterprise Security Policy Security Awareness Security Training Privacy General
Information Security
SSL VPN WiFi Network Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.