Why You Might Want to Deploy a VPN

The motivation behind building VPNs is spread along different sectors of human nature, be it cost reduction or privacy of the communication. The common part lies in virtualization of communications by using modern means of secure data transfer.

The basic advantage for VPN communication lies in a cost reduction for interconnecting remote sites. The current alternative to VPN solutions is purchase of a leased line or introduction of a Remote Access Server (RAS). Dedicated lines are usually installed for mission-critical applications that require a lot of guaranteed throughput between the nodes, when data transfer over the public data networks (PDNs) is seen as unreliable and their service availability can not be guaranteed. Installation of a point-to-point wireless link can provide another cheap alternative, but considering the attacks we discussed in the first half of the book, would it be sufficiently secure?

Modern communication systems exhibit a high fixed-cost component such as installation and maintenance, with the variable cost component (e.g., bandwidth) accounting for a much smaller proportion of the total cost of ownership. A properly designed and implemented VPN might become a more attractive solution involving one "fat pipe" accommodating all the communication needs of an organization with VPNs running through it. A sufficiently wide radio frequency data carrier can constitute such a fat pipe.

On the other hand, the second major motivator for VPN deployment is the increased need for privacy of data communications. All externally transmitted internal communications must be separated from the external observer through the use of strong cryptography and authenticity.

The traditional secure solution that enables external clients to access internal resources is the deployment of RAS. However, affiliated costs of maintaining the equipment and the associated costs of telephone calls can aggravate the attractiveness of such a tactic.

With respect to wireless networks, at least until the final 802.11i draft is out, the main motivator for wireless VPN deployment lies in the price–performance ratio of adding an extra layer of protection to otherwise vulnerable wireless communications. The traditional 802.11a/b/g authentication and encryption mechanisms on their own cannot offer sufficient protection against experienced attackers. Whereas 802.11x with a RADIUS server is way out of reach for the standard SOHO wireless network, most of the marketed network security devices can run a decent VPN, achieving a similar level of protection.