SAN MATEO (03/20/2000) - Your company has headquarters in Houston, branch offices and business partners around the world, a mobile workforce, and employees asking to work from home, all of whom want access to the internal corporate network that contains sensitive information. So how do you allow such decentralized access and still protect the internal network and the information that travels through it?
The most popular and cost-effective answer is to implement VPNs that use the Internet as the method of transmission. One of these products, Axent Technologies Inc.'s PowerVPN 6.5, is a great improvement over the previous iteration of the product, PowerVPN 6.0. I gave this product a score of Excellent for making great strides toward flexibility, ease of use, and interoperability of VPN products following International Computer Security Association (ICSA) Internet Protocol Security (IPSec) standards.
PowerVPN is a software-based solution that acts as a proxy server, sitting at the application level and requiring that "services" (small programs to handle traffic for each protocol) be created to allow traffic to pass through the firewall.
PowerVPN includes three main components: PowerVPN server, Raptor Firewall, and the RaptorMobile VPN client. The PowerVPN server ships with proxies for the major protocols, including FTP, HTTP and HTTPS, Telnet, NNTP (Network News Transfer Protocol), NTP (Network Time Protocol), and ICMP (Internet Control Message Protocol). The server also contains proxies for, among others, RealAudio, NetBIOS, SQLNet, and AOL Instant Messenger, as well as the option to create your own proxies. You can also implement packet filtering on a specified interface to allow granularity over what enters and leaves the server at a very low level.
Many authentication options are included in PowerVPN, including user ID/password, Entrust certificates, NT Domain, SecureID, S/Key, LDAP, Remote Authentication Dial-In User Service (RADIUS), and TACACS+. Currently, only Entrust certificates are supported, and with Axent's focus on complying with the IPSec standard, I would like to see the company apply that same focus to support for X.509v3 certificates.
Administrators manage the PowerVPN server via the fairly intuitive Raptor Management Console. This program is a snap-in to Microsoft Management Console and can be run on the PowerVPN server itself or any other machine to manage the server remotely.
PowerVPN has many new features that make this product comparable, if not better, than Checkpoint's VPN-1. The PowerVPN server can stand on its own and is interoperable with any firewall on the market, allowing fast and relatively painless integration with an existing network architecture.
Also new to this release is full Network Address Translation (NAT) support for the PowerVPN server. With NAT, internal network IPs can be hidden from public view to better secure your internal network architecture. This feature can be enabled and is necessary if encrypted packets require any IP address payload modification (FTP, for example).
One of the greatest areas of improvement in Version 6.5 is the RaptorMobile client. Besides making the installation process much easier and fixing a pesky NT service pack problem, Axent has added a "personal firewall" that blocks traffic to the specified ports. This added component helps ensure that systems with always-on broadband Internet service are protected from unauthorized access. Axent is the first company to release a personal firewall with a VPN client that has configurable options and varying levels of protection.
I installed PowerVPN on an NT server, without the Raptor Firewall. The installation process was very quick and simple, taking about 15 minutes, including NT restarts. It took me about an hour to configure a secure tunnel and connect the RaptorMobile client. It was the easiest installation and configuration I have seen for such a feature-rich VPN solution.
I was curious about Axent's firewall and IPSec interoperability claims, so I tested them. I set up the PowerVPN server behind a Checkpoint firewall and had no problem passing tunnels through the Checkpoint firewall to the PowerVPN server. I also used the freeware PGPnet client to connect to the PowerVPN server and had no difficulty establishing a connection.
In addition to my interoperability testing, I configured user groups, proxy services, and alerts. These areas are fairly similar to the previous version of the PowerVPN server. I was unable to test scalability, but Axent representatives claim the product scales at least as well as its competitors.
The PowerVPN 6.5 provides a very powerful, flexible, and easy-to-use solution that is perfect for companies looking to implement a VPN in their existing network and security architectures.
Axent's application proxy approach can be cumbersome to configure, but the new PowerVPN makes that process simpler and more intuitive than previous versions.
Plus, at $1,995, it's a bargain, deserving of an Excellent rating.
Mandy Andress (email@example.com) is director of information security at Privada.net, a privacy infrastructure provider.
THE BOTTOM LINE: EXCELLENT
Axent PowerVPN 6.5
Business Case: This best-of-breed VPN product is an excellent addition to any organization that must allow mobile and geographically dispersed employees cost-effective access to an internal corporate network.
Technology Case: PowerVPN's flexibility, high level of control, and interoperability with other virtual private network products make it a solution that is easy to implement as part of an existing architecture.
- No X.509v3 support
- Client available only for Windows platformsCost: Server: $1,995; client license: freePlatform(s): Client: Windows 95/98/2000, Windows NT; Server: Windows NT/2000, Solaris 2.7Axent Technologies Inc., Rockville, Md., (301) 258-5043; www.axent.com