A key topic in discussing VPN technologies is the differences between software and hardware solutions. The following definitions help reveal those differences:
The functionality of software and hardware VPN solutions is essentially the same, but providing a secure remote connection on demand highlights some important differences.
In the early days of VPNs, VPN software commonly ran on a Windows or UNIX server. Today, server-based implementations are mostly in small environments because of the poor scalability and reliability of the OS. Most software VPNs act as a component of a firewall or router, not as an add-on to a server.
When evaluating whether or not to deploy a software VPN, consider the two types of software VPNs:
Hardware VPNs are dedicated appliance-based solutions, generally based on a router-type platform. Hardware VPNs are the most common type of VPN deployed in corporations today. Although hardware VPNs can be complex to deploy, these devices are typically more scalable than software counterparts, and they can be easily deployed in a redundant manner. Hardware VPNs can increase the complexity of an environment, because you are deploying additional equipment. The good news is that you can usually manage this additional hardware with the same types of network management tools you use to manage the routers and switches in an environment.
Hardware VPNs can create some security issues, largely related to potential vulnerabilities in the VPN software code on the appliance. A number of security alerts related to VPN vulnerabilities have appeared in recent years. Fortunately, you can manage this issue fairly easily by keeping current on your vendor’s security alerts and by upgrading VPN code in a timely fashion. If your organization does not have the skills or ability to test the solution thoroughly, it might be preferable to run the N–1 version of code, where N is the current version of code, unless a known issue with that previous version of the code has been published.
Ultimately, the requirements of your business will drive your selection of a software or hardware VPN. The good news is that many options are available for every size network.
You must make a risk-based decision on whether to accept the possibility of undiscovered bugs in a new version of hardware or to live with the known bugs in a previous version. If an upgrade is issued primarily for fixing security flaws, you may be better off with the new version, surprises and all.
18.227.134.232