What Is a VPN?

VPN: A Closer Look

VPN. If you hadn’t heard these three letters together before March 2020, you’ve surely heard them now. With businesses and their employees the world over exposed to work from home scenarios – many for the first time – any conversation about secure remote access involves the term. So what is a VPN? The very basic definition is – it’s a virtual private network. But that phrase is just begging for further explanation. So gather ‘round – virtually of course – as we unpack VPNs and why they’re so important for telework.

Virtual

The virtual part of VPN means just that – it requires no physical connection. Instead, a virtual tunneling protocol establishes the connection. Gophers would be jealous of the number of these tunnels out there, but of course, they don’t damage any golf courses or yards. The tunneling is achieved by a process known as encapsulation. Basically, while your remote user’s data still does have to travel through the public internet to get to the other side (i.e. your network), the virtual tunnel covers it. That means, it’s private.

Private

So the tunnel itself offers privacy to a degree, but to achieve the full security benefits of a VPN, it must be encrypted. The public internet can see that a tunnel exists, but encryption – either via SSL (secure sockets layer) or IPSec (internet protocol security) prevents anyone from seeing what’s inside. The user and the network the user connects to are the only ones who can decrypt it, with passwords (multifactor authentication recommended) and certificates.

Getting back to the types, while both SSL and IPSec provide the encryption needed to keep that virtual tunnel private, there are a couple key differences. SSL VPN allows secure remote access through a web browser – without requiring specialized client software – making it simple to deploy. Unlike SSL, IPSec VPN functions at the network layer, and it does typically require a separate hardware or software solution. We compared SonicWall’s VPN service offerings (one SSL and one IPSec) in a recent post, and in a handy chart that could offer some assistance as to which is best for your scenario.

Oh and one more note on privacy, when a user connects via VPN, it also obscures the device’s IP address. That means someone trying to track its location will only get the IP address of the network the user is connected to – a feature many non-business users find handy.

Network

So in our quest to answer the question “what is a VPN?” we’ve explored the virtual and private aspects, now let’s examine the network component. Network in this case means a user’s remote device is connected to your organization’s network. Depending on the connection type, they may have access to all of it, or just specified apps, services, and files. Either way, the VPN connection allows users access to what they need to get work done – all while protected by your existing network security. A VPN in essence extends your network’s reach to wherever your employees need to access it. And in the age of the teleworker, this secure remote access is a must.

Is your VPN connection a little slow?

Check out our video for some tips on how to speed up your VPN connection:

For more talk about all things network security, take a listen to our Ping Podcast, available wherever you listen. And for all your cybersecurity research needs in one place, visit our Knowledge Hub.


Sophos SD-RED 20 & 60: Synchronized SD-WAN

Just in the nick of time for our strange days of full-capacity remote work, Sophos releases a new heir to the secure remote access throne with a replacement for their mainstay Sophos RED appliances. The new Sophos SD-RED 20 and Sophos SD-RED 60 bring together secure, encrypted SD-WAN capabilities and the Sophos Synchronized Security flagships XG Firewall and Intercept X. These unique and simple remote work solutions extend network connectivity to remote branches, distributed offices, outposts, home offices, and any other remote workers, no matter where they’re located. Whether you need stable remote access at a mountaintop observatory or in your new sealab, Sophos SD-RED appliances have you covered with stable, secure access and real-time visibility.

Other new features include SFP ports, Power-over-Ethernet capabilities for the SD-RED 60, huge improvements in throughput, and more interfaces than previous Sophos RED devices. The Sophos SD-RED appliances work seamlessly with Sophos wireless access points and the SD-RED 60 could even support two Sophos access points with Power-over-Ethernet alone!

Blog Banner General Buy Now Red-High-Quality

SD-WAN gets a heartbeat

When an SD-RED appliance is centrally managed through the XG Firewall platform (free trial?), admins can extend Synchronized SD-WAN to multiple branch locations. Synchronized SD-WAN means that not only are you replacing expensive and unstable MPLS connections with super intelligent SD-WAN capabilities, you’re also protecting traffic that traverses those SD-WAN connections with the same Synchronized Security & Sophos Security Heartbeat features that employees would enjoy on the home network.

So easy a home user can do it

Due to COVID-19, many small businesses now have employees working from home that may have no prior experience with remote work before the big change. SD-RED appliances ease the pressure of extending your secure network to remote workers with a truly plug-and-play, zero-touch deployment. No technical skill is required for remote workers or branch locations to install an SD-RED 20 or SD-RED 60. Just type the device ID into your Sophos firewall appliance and ship your SD-RED appliance to its destination. Once the device is received and plugged in, the SD-RED will connect to the Internet, call back home to your primary firewall, and automatically establish a secure VPN tunnel with auto-provisioning.

Sophos RED vs Sophos SD-RED

So how do these new remote access devices stack up against their predecessors? Check out our handy comparison table or keep scrolling to see new throughput improvements, expanded interfaces, and more to compare the original RED to the new, improved SD-RED.

Sophos SD-RED 20

Sophos SD-RED 20

  • Maximum Throughput: 250 Mbps
  • LAN Interfaces: 4 x 10/100/1000 Base-TX (1 GbE Copper)
  • WAN Interfaces: 1 x 10/100/1000 Base-TX (shared with SFP)
  • Power-over Ethernet Ports: None
  • USB Ports: 2 x USB 3.0 (front and rear)

 

Sophos SD-RED 60

Sophos SD-RED 60

  • Maximum Throughput: 850 Mbps
  • LAN Interfaces: 4 x 10/100/1000 Base-TX (1 GbE Copper)
  • WAN Interfaces: 2 x 10/100/1000 Base-TX (shared with SFP)
  • Power-over Ethernet Ports: 2 PoE Ports (total power 30W)
  • USB Ports: 2 x USB 3.0 (front and rear)

 

Sophos RED 15

Sophos RED 15

  • Maximum Throughput: 90 Mbps
  • LAN Interfaces: 4 x 10/100/1000 Base-TX
  • WAN Interfaces: 1 x 10/100/1000 Base-TX
  • Power-over Ethernet Ports: None
  • USB Ports: 1 x USB 2.0

 

Sophos RED 50

Sophos RED 50

  • Maximum Throughput: 360 Mbps
  • LAN Interfaces:4 x 10/100/1000 Base-TX
  • WAN Interfaces: 2 x 10/100/1000 Base-TX
  • Power-over Ethernet Ports: None
  • USB Ports: 2 x USB 2.0

Blog Banner General Buy Now Red-High-Quality

Buy Sophos SD-RED

Ready to get your hands on Synchronized SD-WAN? These new SD-RED appliances are ready to ship now! With the Sophos RED 15 potentially looking at backorders in the wake of the remote work rush, the SD-RED 20 and 60 have landed just when they are needed most. Synchronize your SD-WAN and secure your remote workforce today!


 


Don’t forget to renew your security services

Remember your security services

With COVID-19 causing workplaces to shift from on premises to remote, network admins have had their hands full keeping employees connected and secure. We know there are plenty of factors to consider to make that happen. But one consideration that can’t get lost in the shuffle: security services subscriptions. These subscriptions have a shelf life, and if allowed to expire, that may render a lot of the effort to protect workplace data – and offer reliable remote access – moot.

Allow me to explain further. Firewalls – the cornerstone of any secure network – are not fully optimized security machines without a suite of security services to enhance their hardware. Those services can include (but are certainly not limited to):

  • Advanced Threat Protection
  • Antivirus
  • Antispam
  • Application Control
  • Content filtering
  • Data loss prevention
  • Enhanced management capabilities
  • Sandboxing
  • SD-WAN services
  • Web application firewalling
  • Web surfing protection
  • 24×7 Technical Support and Updates

This is just a partial list relating to firewalls, with services depending on the manufacturer. But when a security services subscription expires, it could leave your network vulnerable to all of the threats these services address – and leave you out in the cold when it comes to certain networking features you rely on.

What does this have to do with remote employees?

Service subscriptions extend beyond the firewall, with offerings like endpoint protection. This protection is a vital component to a secure remote workforce both to keep data from prying eyes and to offer enhanced visibility into remote devices for network admins. And of course the secure access offered by VPN clients or secure mobile access appliances benefits greatly from active support subscriptions as well. Network security pros can help troubleshoot any of the myriad issues that can arise when most of your employees are connecting remotely.

Additional subscriptions cover a variety of appliances from wireless access points to email gateways to network switches, as well as virtual appliances and other standalone services. Regardless, it’s vital to keep them up to date and renew before they expire to avoid interruptions that can stop your network in its tracks.

How do I know when expiration is nearing?

If you’re a Firewalls.com customer, we’ll send you email notifications starting 90 days from your service expiration date. So even with everything else going on, it’s another reason to keep up with your inbox. If you don’t receive these emails from either us or directly from your service provider, simply visit your manufacturer portal, reach out to your IT consultant, or start a chat on Firewalls.com and we’ll be happy to help too.

How do I renew?

Regardless of where you initially purchased service, this is an easy answer. Go to our Renewals & Licensing locator, choose your product and subscription type, and choose your preferred subscription length. Firewalls.com offers renewals and licensing for SonicWall, Fortinet, Sophos, WatchGuard, Ruckus, Cisco Meraki, and Barracuda.

A few things to keep in mind:

  • You’ll pay a lower yearly cost and guard against any increases in subscription rates with a longer-term renewal
  • Some services like Barracuda licenses come in month-to-month terms, while some come in 1, 2, 3, 4, or 5 year lengths
  • If you upgrade to a new firewall, you can migrate your existing service subscriptions with you

If you have a question while you’re on the renewals page, wait for the chat popup, and one of our experts will be happy to assist you. Either way, it’s a quick and easy process, and your term will be extended before you know it. However you choose to renew, just remember, expired services hurt your network’s performance and security, so keep your subscriptions active!


 


5 Things to Consider to Secure Your Telework Employees

Telework Cybersecurity

With the rapidly evolving circumstances surrounding the COVID-19 pandemic, workplaces around the world have been faced with a difficult challenge – quickly deploying a remote workforce. While some have been prepared for telework all along, others are scrambling to ensure employees can access their networks quickly, without compromising security. The unfortunate truth of our current situation is that while many are banding together to protect those most vulnerable to the coronavirus, there are those who see this more scattered user-base as a golden opportunity for cyber attack.

It’s important to remember that just because you’re not in the office, it doesn’t mean hackers are taking a holiday. In fact, remote work is their bread and butter. And they stand at the ready to exploit the vulnerabilities teleworking can bring.

With that in mind, what can you do to plug those holes? How do you keep both your network and your work-from-homers secure? Here are 5 things to consider…

1 – It Starts With a Policy

Both you and your staff benefit from knowing what to expect from remote work. Putting a telework policy in writing and ensuring everyone in your organization is aware of it is an important step for consistency and therefore security. Hopefully you already had one, but if not, it still pays to put one together and make it clear to all employees.

What should it include? Acceptable use, personal vs company devices, personal vs company accounts, how to connect, whether public wi-fi is allowed, etc. A couple of statistics should reinforce the need for a strong telework policy: nearly half of employees say they transfer files between work and personal computers; almost 15% say they can’t connect to their work network from home, and more than three quarters say they don’t take privacy measures when teleworking in a public setting.

2 – Protect Your Endpoints

Each device an employee uses to access your data is an added security risk. Remote laptops, tablets, smartphones, etc. are not constantly protected by your firewall. But you need to ensure they have a level of protection against malware, email scams, and other data breaches, so attackers can’t use them as a tunnel back into your network. That’s why a strong endpoint security solution is vital for all your telework users. The best options also provide added visibility into their status for admins. Protecting each device individually makes protecting your network as a whole much easier.

3 – Build a Tunnel

To work from home effectively, your employees need to have use of all the apps and files they normally have at the office. How do you facilitate that quickly and securely? You need to offer virtual private network – better known as VPN – access.

A VPN sets up a secure tunnel between your telework employees and your network, protecting their and your data from any spying or prying eyes. This encrypted tunnel (using either IPSec or SSL) can even help when employees use public networks. In case you missed it, we outlined SonicWall’s VPN options in a recent post.

4 – Make Sure Passwords Have a Passing Grade

An all too common problem with an all too easy solution in the cybersecurity world is weak passwords. Ensure your telework employees (and everything on your network) uses strong passwords of length, with numeric and special characters, and phrases if supported. This keeps brute force attacks at bay, which typically just fire thousands of common words at a login screen until one works.

And take it a step further with multi-factor authentication. For employees to access your network remotely, require an additional step, such as an authentication code texted or emailed to provide added security. Some types of multi-factor authentication even include options like geotracking.

5 – Training Is Vital

You’ve likely already heard that the most common reason for a breach is human error. Whether it’s in the form of a misconfiguration or because an employee clicked a malicious link, the human element puts your network at risk. And just as cybersecurity training is vital in the office, it’s extremely important for telework.

So safety using the aforementioned public wi-fi should come up, as well as reminders about what to look for in social engineering scams. Online attackers’ new favorite? Coronavirus-related malware in the form of emails, and even phony maps to steal personal data from anyone who visits to try and keep up with the virus’ spread.

You’ll also want to be sure your work-from-homers are sticking to VPN-only when it comes to work files. Too often, the easy way may be to send sensitive data as an unencrypted email attachment, but that risks exposing it to bad actors. Teach them to keep it encrypted, even if it takes a little bit longer. And even though social distancing may keep you from conducting this training in person, there are plenty of videoconferencing options to help.

 


How to Choose a Cisco Meraki Firewall for your Small Business

Shopping for Cisco Meraki MX Firewalls

Cisco Meraki MX Security & SD-WAN Appliances (or as we affectionately call them: firewalls) provide Unified Threat Management for small businesses, branch offices, datacenters, and distributed enterprise environments. 100% cloud managed and filled to the brim with comprehensive security features, Cisco Meraki firewalls reduce complexity and save money by eliminating the need for multiple appliances.

Why Meraki Firewalls?

As small businesses explore digital transformation and all the advanced security and networking that it offers, automated services become more important. Cisco Meraki MX firewalls make intelligent site-to-site VPN easy with Auto VPN. Auto VPN automatically generates VPN routes using IKE/IPSec that can connect with all IPSec VPN devices and services. Automated MPLS to VPN failover in case of a connection failure is resolved in a matter of seconds, minimizing downtime over remote access.

Blog Banner General Buy Now Red-High-Quality

SD-WAN is another key aspect of digital transformation and Cisco Meraki includes SD-WAN capabilities with each firewall. Software-defined WAN lowers operational costs and improves performance of remotely-accessed resources. Policy-based routing, support for application-layer profiles, active/active VPN, and dynamic path selection ensure the apps and services your employees use most are always available.

Cisco Meraki MX firewalls include all the advanced security services you expect out of a next generation firewall: intrusion prevention powered by Cisco-developed SNORT, content filtering, anti-malware, geo-based firewalling, remote access connectivity, and advanced malware protection. Layer 7 fingerprinting allows small businesses to identify PUAs and unproductive content so that company bandwidth isn’t wasted on time-wasters like BitTorrent.

Choosing a Cisco Meraki MX Firewall

It can be a challenge to spot the difference between two similar firewalls, but the devil is always in the details. Here are a few key differentiators between Cisco Meraki firewalls to help you decide which device is right for your network.

Power of Ethernet

The Cisco Meraki MX68 includes Power-over-Ethernet capabilities. The rear of these MX firewall models feature a pair of 802.3at (PoE+) ports. With them, you get built-in power supply capabilities for tricky installations where outlets may be unavailable. These two 802.3at ports provide a total of 60W power. In other words, you can leave the AC adapters at home.

Integrated 802.11ac Wave 2 Wireless

The MX67W and MX68W provide wireless firewalling capabilities, integrating Cisco Meraki’s industry-recognized wireless technology in an SMB-friendly compact form factor. Enjoy unified central management of all network security and wireless devices.

Blog Banner General Buy Now Red-High-Quality

Meraki vMX100 Virtual Firewall

Virtual firewalls provide the benefit of simple configurations and appliance-less deployment. The Meraki vMX100 is added via Amazon Web Services or Azure and configured directly in the Meraki dashboard, just as you would manage any other MX firewall appliance. Licensing only–no on-premise equipment required!

Cisco Meraki MX64 vs MX65

At first glance, these two models look pretty similar. Both clock in at 200 Mbps of Advanced Security Throughput (when the full range of intelligent security services are operating). They also offer 100 Mbps of VPN Throughput. The MX64 can be converted to support WAN and includes 3 dedicated GbE RJ45 interfaces. Why aren’t we talking more about the MX65? Because it reached end of sale in 2019 and is no longer available. If you’re looking for something comparable – the MX68 is your best bet.

Cisco Meraki MX67 and MX68

Meraki MX67 and MX68 firewalls are designed with built-in cellular modems that simplify deployments requiring a cellular uplink backup. This kind of cellular uplink infrastructure is ideal for remote locations that rely on continuous WAN circuits. That is to say, where you need high availability and redundancy, the cellular uplink provides a valuable backup.

The MX68 includes the Power of Ethernet capabilities described in the section above as well as dual WAN interfaces and 10 LAN RJ45 interfaces. On the other hand, the MX67 includes only one dedicated WAN interface and three LAN RJ45 interfaces.

Meraki MX84, MX100, MX250, & MX450

The Cisco Meraki MX84 and above appliances pack a bit more punch behind their security performance.

    • MX84 Recommended Users & VPN Throughput: 200 users, 250 Mbps
    • MX100 Recommended Users & VPN Throughput: 500 users, 500 Mbps
    • MX250 Recommended Users & VPN Throughput: 2,000 users, 1.0 Gbps
    • MX450 Recommended Users & VPN Throughput: 10,000 users, 2.0 Gbps

In sum, it’s clear these models are designed for medium branches and enterprise networks. With top-end speeds up to 6.0 Gbps of stateful firewall inspection, the advanced security technology behind Cisco Meraki MX firewalls bring serious security and performance.

Blog Banner General Buy Now Red-High-Quality

Advanced Security Licenses and Support

Check out our Renewals & Licensing wizard to find advanced security licenses for Cisco Meraki MX firewalls like Cisco Meraki Advanced Security Licensing.

 


← Older posts Newer posts →