How safe is a VPN?

I see a lot on the Internet about VPNs but very little explanation about what they are. A lot of hype about using them to gain privacy while connected through a public access point. Yet, I've not seen somebody talk directly about how secure they are or are not. Mostly what you see are the ads created by a company that wants you to use their product to access your company or your own desktop network to transfer files between your notebook and your desktop computer. I'm looking for more than that. I want to be able to connect to my bank, credit card, or other assorted companies to electronically transfer money to pay accounts while on the road. Will a VPN do this? Can I trust that everybody in the neighborhood will not have immediate access to all of my confidential data? I would appreciate your thoughts on this.

-- R Bell.

VPNs can be very secure if setup and used correctly. Most VPNs worth their salt use at least 3DES (pronounced triple DES) or AES as encryption of the traffic between your laptop and wherever the endpoint VPN device that you are connecting to. There are several options to access your company's network or add security to a wireless connection while travelling.

I will first discuss the travelling wireless option. Since quite a few public access points are not using any type of security, a VPN is a good idea. All of the sites you mentioned should already be using SSL on their Web connections - if they aren't, take your business elsewhere. Even if they are using SSL, it doesn;t hurt to have an additional layer of protection. For travelling situations, you can use services such as and Especially if the wireless connection is without any type of encryption, this gives you a degree of protection. All the traffic to/from your laptop is encrypted to a device out on the Internet well away from the wireless connection you are using.

Between SSL based Web sites and an encrypted connection to the Internet, you are taking several precautions to protecting your network usage. I would also encourage you to use a personal firewall such as ZoneAlarm to keep someone from getting into your laptop while your are using the Internet.

As to accessing your company's network, you have several options here. You can use either a conventional software based VPN client to access the corporate network. Another option is to use a SSL based connection which means you will use a Web browser to initiate the secure connection. Other than having to install Java on the machine for some of the functionality, no additional software should be needed based on my experience with using this type of "clientless" vpn connection. You will connect to a device on your network that can be configured to require a certain degree of authentication before allowing the connection to be completed to your companies network. Something worth considering here is something known as split-tunneling. This means that only the traffic destined for the corporate network will be encrypted and delivered to your office, all other traffic will go out through your local connection.

Accessing desktop files on your office computer from either home or while travelling makes me a little nervous. One of the well known options you hear advertised has been known to be compromised at least once to my knowledge. Using this from home is one thing. To access a corporate workstation with this type of solution should be done only with the ok from both your boss, your corporate IT department and network security group if your company is large enough to have one. If you are looking at this type of access for you personally, get as much information as you can from the different companies that you are looking at and see what they are doing to keep your home system from being compromised.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)