When you’re out of the office, do you ever need to access programs and files on your work computer? Do you wish you could work from home, or a coffee shop, or simply wherever you are? When your business installs an Atlas Firewall with the Road-Warrior VPN module, you can.
What does it do?
A Virtual Private Network, or VPN, provides a secure way for you to gain access to your company’s computer network from anywhere on the internet. Once you’ve connected to the VPN, you have access to all the same resources you’d have if you were sitting at your desk in your office: you can browse the file server, check your email, connect to company databases, or even remotely control your work computer.
But I already have remote access.
If you can browse to the file shares on your company’s server from home, or connect directly to your work computer via Remote Desktop, so can everyone else! All too often, we see firewalls (especially the ones in consumer-grade devices like cable/DSL routers) configured with Port Forwarding, which allows anyone on the internet to connect to your company network. This is like leaving your front door unlocked and hoping that no one thinks to walk right in! Even if the service you’re exposing requires a password to connect, attackers could still eavesdrop on the traffic to discover the password, or simply try different passwords continuously until they hit on the right one.
The Atlas VPN protects you in two ways. First, it ensures that anyone who doesn’t have a valid “key” can’t even connect to the service in the first place. Second, it protects the entire connection between you and your office network with strong encryption, so that anyone listening in will not be able to understand the data that’s being transmitted.
Is it really secure?
When you make a VPN connection to the Atlas firewall, every bit of data that flows between your computer and your office network is protected with Secure Sockets Layer (SSL), the same technology that is used to protect online banking and credit card transactions. Even if a hostile third party were able to intercept or eavesdrop on the communication, he or she would be completely unable to understand or modify it.
Here’s how we usually explain the concept. Imagine that your data is water flowing in a vast river (the internet). Eventually, it’ll get to its destination (your office), but along the way anyone sitting on the river bank can peek at it, or even dip their hand into the river and prevent it from ever reaching the destination. Having an Atlas VPN is more like having a hardened steel pipe between you and your office: you can still send the same amount of water to the destination, but people in between can’t intercept or even see what you’re sending.
For geeks, here are some technical details on our standard VPN configuration. Many of these details can be custom-tailored to your requirements.
- 1024-bit SSL/TLS is used to mutually authenticate the client and server and provide for the exchange of randomly-generated symmetric keys.
- Confidentiality for established connections is provided by encrypting packets using 128-bit BlowFish with CBC.
- Message integrity is provided with 160-bit HMAC-SHA1 cryptographic signatures.
If all that was just gibberish to you, don’t worry. You don’t need to understand how it works to be protected!
How is it better?
There are lots of products on the market that promise to provide you with secure remote access. Here are the reasons we think ours is the right choice.
It’s affordable.
Makers of competing VPN products like Cisco, SonicWALL, and WatchGuard treat their firewalls like a gateway drug: they reel you in with sweet deals up front, knowing that it’ll pay off for them in the long run when you’re on the hook for expensive per-user or recurring license fees. We believe in sensible, fair pricing, so the only thing you pay for when you buy an Atlas firewall is the hardware and the initial setup. Once an Atlas firewall is installed, you can use it for as long as you want, to support as many users as the hardware can handle, for no additional fee.
It’s simple to use.
Whether you’re on a Windows PC or a Mac, the software that you use to connect to the VPN is dead simple. Once you complete the easy one-time setup (check out the instructions for Windows and Mac), connecting is a matter of just a couple of clicks.
It’s easy to manage.
Network administrators love our VPN. We fully support our firewalls, so setting up a new VPN user is as simple as sending us an email with the new user’s name and letting us do the rest—including, if you wish, assisting the user with setup of the client software and connecting for the first time. And with optional Active Directory integration, cutting off a user’s access is as simple as modifying a group on your server.
It’s firewall-friendly.
Competing VPN technologies such as IPSec and PPTP can be trouble when it comes to traversing home firewalls, corporate networks, and especially those pesky hotel connections. That’s why we’ve settled on SSL for our VPN: it adds security on top of already-established protocols instead of inventing completely new kinds of connections. Which is just a fancy way of saying, it works where other products don’t.
It’s open-source.
We don’t think you should ever trust a single vendor’s assurances when it comes to securing your company’s critical data. So we have built the Atlas VPN on proven open-source technologies like OpenSSL and OpenVPN. These software packages undergo extensive and continuous community review, and any vulnerabilities that are discovered are fixed immediately. Additionally, using open-source technologies as the basis of the Atlas VPN helps to keep your cost as low as possible.
It’s adaptable.
The proprietary nature of competitors’ VPN products means that you’re locked in to using them exactly as the manufacturer intends. By contrast, our VPN is open and modular and benefits from a large community of contributors that have developed plug-ins to provide a wide variety of optional capabilities.
Here are some examples of the many options available with our VPN:
- Persistent site-to-site connections to link branch offices and fixed remote sites to your main office
- Two-factor authentication to require users log in to your Windows domain or LDAP-enabled directory server before being allowed to connect to the VPN
- Inbound connection redundancy, allowing VPN clients to connect automatically to a backup internet service if your primary service is offline
Those are just a few of the many possibilities. If you need a specific capability for your VPN that’s not listed here, contact us to see if a module is available that meets your needs.