VPN continues to be a complex subject due to the multitude of products and protocols. However, taking enterprise security concerns a step further, how many VPN systems integrate with a native authorization and access control system?
After concluding with a short-list of requirements including protocols and applications, I will introduce the enterprise security domains. I will demonstrate the differences between planning for Branch Office VPN (BOVPN) and planning for Remote User VPN (RUVPN).
Overall, VPN solutions may include more components than simply the VPN products. First, in order to guarantee certain performance, customers may negotiate agreements with service providers. The architecture of the resulting VPN will then determine whether the contracted QoS can be realized. Secondly are concerns over enterprise security systems. How should the VPN be deployed with respect to a firewall? Should certain internal systems or LANs be inaccessible from a remote connection? How can the security administrator monitor the traffic? What are the best architectures for use in different environments?
These questions each imply a discussion in the given area. I will treat the area of firewall/VPN integration very carefully and then extrapolate those principles to the use of IDS systems. The second major area of security that will be covered is auditing. The ability to audit and manage VPN usage will be discussed in the context of the various architectures.