One of the most important applications for firewall systems is to allow remote workers, mobile workers and tele-workers to have access to network resources outside the trusted environment of the internal network. As the firewall enforces the security policy for gateway it is the key to making this remote access service secure by providing encryption and decryption processes at the firewall high levels of security can be established. This is the concept behind the increasingly widespread use of virtual private networks.

Virtual private networks, often known by the acronym VPN, allow the creation of “data tunnels” between the firewall security enforcement point and the trusted remote user. The VPN can be created by connecting suitable firewall systems to each other or by the use of firewall to remote client systems.

The firewall to firewall approach allows multiple remote users, at a branch office perhaps, to use the encrypted data tunnel to access central resources. The information flows can be two way to create a wide area network using public infrastructure rather than having expensive private wire connections.

The firewall provides the processing power needed to encrypt and decrypt traffic at wire speeds to provide practical response for the remote access user. As processing power has become a relatively cheap commodity VPNs offer a highly cost effective method of satisfying the requirements of a wide spectrum of different types of workers from sales people, branch offices, trusted partners, to staff and managers working from home on important or urgent projects.

In the case of the remote worker, the computer runs client software which is capable of decrypting and encrypting the incoming and outgoing traffic after authenticating the user onto the trusted network environment. This client software should also act as a firewall in its own right to prevent intrusion into the client machine when it is online.

All of the Presence firewall portfolio includes or can be upgraded to provide VPN services. Once again Check Point is the dominant software manufacturer for virtual private networks as it is in the firewall software arena. The Check Point product, VPN-1, is available for all the platforms supported by the FireWall-1 system. Indeed VPN-1 is often the standard bundled product on many Nokia firewall appliances as the virtual private network service is required in the vast majority of systems.

Click above to find out more about Check Point solutions

Once again the Check Point product provides excellent management and scalability for very large networks even with many enforcement points across several continents. Check Point claims that 97 of the Fortune 100 companies use Check Point security systems. Equally there are Check Point solutions using the Check Point Small Office edition for small organisations and appliance products for home and very small offices under the Safe@ brand.

Nokia appliances provide an ideal hardware platform for VPN-1 gateways with excellent reliability and superb performance and throughput. The range caters for small offices with a handful of users and minimal bandwidth connectivity to organisations using the fastest commercially available private wire connections requiring very high-end sophisticated systems.

Click above to find out more about Nokia solutions

Check Point and Nokia products can be combined to create high availability gateways with inherent redundancy to ensure application and resource availability in the event of a failure of a component. High availability configurations are sometimes considered necessary for mission critical processes such as stock control and replenishment and order processing.

The Sonicwall firewall systems provide virtual private networking functions with the same simplicity and value for money proposition. Sonicwall VPN firewalls are ideal in stable networks where the VPN appliance can be configured and left to get on with its job with minimal intervention. The range covers a broad spectrum from the SoHo (small office home office) application to medium sized companies with leased line connectivity.

Click above to find out more about SonicWALL solutions

The encryption algorithms used in these products follow a set of internationally accepted standards, the IPSEC standards. The baseline standard, known as DES, provides an encryption level which is generally considered suitable for most commercial applications while the higher level Triple DES or 3DES and AES standards provide practically uncrackable encryption.

SSL VPNs

There is now a new approach to virtual private networking that uses the secure sockets layer (SSL) encryption service that is built into web browser software such as Internet Explorer. Presence offers the Netilla Security Platform from AEP Networks and Connectra from Check Point Software for organisations where this secure connectivity method is best suited.

Click above to find out more about AEP Netilla solutions

SSL VPNs effectively create a “thin client” environment where the Netillla Security Platform acts as an application server between the remote client and the host machines running the systems. No additional client software is required on the remote machines and the Netilla box handles the firewall processes and authentication as well as acting as a proxy for intranet and other web-style systems. The Netilla system enables access to email and calendars, databases and document files held on Windows, Linux, Unix and mainframe computers. This is achieved by the Netilla system translating the native system protocols to HTTPS which makes the information available without allowing direct connection to the hosts and provides an application layer proxy service.

Click above to find out more about Check Point Connectra

You have a diverse set of remote users - partners, employees, consultants, and more who need remote network access. They need access from a wide range of endpoint devices; including company PCs, home PCs, to Internet kiosks. Yet you can’t always ensure the security of these endpoints. These competing needs present a big security challenge. The solution?

Let them connect securely through a Web browser over SSL VPN using Check Point Connectra. Connectra is a complete Web Security Gateway with integrated Web Intelligence to inspect SSL Web traffic and adaptive endpoint security to defend against insecure endpoints. Connectra provides Web connectivity with unmatched security.

The overall result of this approach is to provide a thin client application server system with built in security and bandwidth management. This takes the performance and potential of thin client computing to a new level by providing a greatly improved level of security and manageability.

Of course all these services use connections to the public infrastructure of the Internet or the telecommunications providers. Getting the best service for your organisation can be fraught with technical considerations and complications so Presence provides a turnkey service that can include new or upgraded connectivity arrangements. We partner with several of the main “telco” companies that provide infrastructure that can be relied upon. We talk their language so we can ensure you get the right connectivity package at the most competitive price for your needs.