Securing Remote Access with SSL VPNs
Part 5: Using SSL VPN access methods
[July 11, 2008] We conclude our SSL VPN primer by taking our demo VPN out for a spin, using everything from desktop browsers to mobile agents to access selected applications.

Securing Remote Access with SSL VPNs
Part 4: Adding SSL VPN endpoint controls
[July 10, 2008] We continue our SSL VPN primer series by expanding our policies to assess endpoint security state and safeguard access from unmanaged devices.

Securing Remote Access with SSL VPNs
Part 3: Defining SSL VPN access policies
[July 9, 2008] We continue our SSL VPN primer series by using the SonicWALL Aventail EX-1600 to implement an example set of secure remote access policies.

Securing Remote Access with SSL VPNs
Part 2: Deploying an SSL VPN appliance
[July 8, 2008] In part 2 of our SSL VPN series, we illustrate this "anywhere" remote access approach by taking the SonicWALL Aventail EX-1600 out for a test drive.

Securing Remote Access with SSL VPNs
Part 1: Reinventing Remote Access
[July 7, 2008] Today's users require secure remote access from an increasingly diverse collection of devices, many of which are unknown, unmanaged, and potentially dangerous. In this series, we illustrate how providers can use SSL VPN appliances to deliver flexible-but-safe "anywhere" access to network resources.

Fire-Proofing Your Network With UTM,
Part 4: Delivering UTM as a managed service
[December 31, 2007] We conclude our series on Unified Threat Management with a look at how ISPs can leverage UTM to defend themselves more effectively and earn more revenue.

Fire-Proofing Your Network With UTM,
Part 3: Layering on anti-X defenses
[December 31, 2007] We continue our Unified Threat Management series with a guided tour of network-based virus, spyware, spam, and web defenses, demonstrating how they responded to threats during our tests.

Fire-Proofing Your Network With UTM,
Part 2: Deploying a UTM appliance
[December 28, 2007] In part 2 of our Unified Threat Management series, we illustrate SMB UTM deployment by taking the IBM ISS Proventia MX1004 network multi-function security appliance for spin.

Fire-Proofing Your Network With UTM,
Part 1: Battling new security threats
[December 27, 2007] Today, it takes more than a firewall to defend a network against downloaders, trojans, worms, phishing attacks, and bandwidth-hogging spam. In this series, we examine an increasingly popular alternative: Unified Threat Management.

Bolting the Back Door with NAC
Part 4: Deploying the Juniper Networks UAC 2.0
[June 25, 2007] We had little trouble using Juniper's Unified Access Control (UAC) to quarantine non-compliant laptops and restrict customer/guest access in a diverse multi-vendor LAN, but found that third-party client interoperability is a work-in-progress.

Bolting the Back Door with NAC
Part 3: Comparing the alternatives
[June 22, 2007] Firewalls may guard their front door, but many networks remain vulnerable to threats originating inside the perimeter. Network Access Control (NAC) can batten down those hatches by stopping malware-infested laptops and restricting LAN resource use.

Bolting the Back Door with NAC
Part 2: Examining your needs
[June 20, 2007] Firewalls may guard their front door, but many networks remain vulnerable to threats originating inside the perimeter. Network Access Control (NAC) can batten down those hatches by stopping malware-infested laptops and restricting LAN resource use.

Bolting the Back Door with NAC
Part 1: Introduction
[June 20, 2007] Firewalls may guard their front door, but many networks remain vulnerable to threats originating inside the perimeter. Network Access Control (NAC) can batten down those hatches by stopping malware-infested laptops and restricting LAN resource use.

2006 MSSP Survey, Part 6: Managed Anti-Spam and Content Filtering
[December 22, 2006] ISP-Planet's biennial survey of MSSPs finds that, when it comes to spam and web content filtering, service featurs and packaging are so varied that consumers must examine their own business needs to carefully to match them to increasingly-available offerings.

2006 MSSP Survey, Part 5: Managed Anti-Virus and Anti-Spyware
[December 22, 2006] ISP-Planet's biennial survey of MSSPs finds network anti-virus being combined with anti-spyware and anti-spam functions to offer more proactive, multi-layered malware defenses, accompanied by increasingly sophisticated provider threat monitoring and reporting.

2006 MSSP Survey, Part 4: Managed Virtual Private Networks
[December 21, 2006] ISP-Planet's biennial survey of MSSPs finds that virtual private network offerings are becoming increasingly sophisticated as they are used to differentiate a provider's service—and as the VPN market continues to grow rapidly.

2006 MSSP Survey, Part 3: Managed Intrusion Detection and Prevention Services
[December 21, 2006] ISP-Planet's biennial survey of MSSPs finds that intrusion prevention and detection services are augmented by new devices to deliver unified threat management in several different forms.

2006 MSSP Survey, Part 2: Managed Firewall Services
[December 20, 2006] ISP-Planet's biennial survey of MSSPs finds a even more features than ever—but make sure you understand what's included and what's extra when you compare services.

ISP-Planet Survey: Managed Security Service Providers
[December 20, 2006] ISP-Planet's biennial survey of MSSPs finds that as industry consolidation continues apace, service providers are offering more as administrators face new demands. But admins must understand that their job doesn't end when they start working with an MSSP.

Mobile Security: Where risk meets opportunity, Part 3:
Value-Added Security Services
[July 28, 2006] As your most valuable customers adopt the latest mobile devices, you will need to know how to protect them. This article describes the wide variety of value-added services you can offer to your corporate road warrior clients.

Mobile Security: Where risk meets opportunity, Part 2:
Threats and Defenses
[July 21, 2006] As your most valuable customers adopt the latest mobile devices, you will need to know how to protect them. This article describes the solutions available to protect a road warrior's most vulnerable devices.

Mobile Security: Where risk meets opportunity: Part 1
[July 14, 2006] As your most valuable customers adopt the latest mobile devices, you will need to know how to protect them. This three part article provides an overview of your options.

Thinking Outside The (Windows) Box, Part 4: Free Windows Firewalls
[March 3, 2006] While many businesses depend on Microsoft and its various product suites, alternatives exist, some of which are not well known. Part four of this series examines free firewalls for Windows users.

Thinking Outside The (Windows) Box, Part 3: Free Mail Clients
[March 2, 2006] While many businesses depend on Microsoft and its various product suites, alternatives exist, some of which are not well known. Part three of this series examines free e-mail clients.

Thinking Outside The (Windows) Box,
Part II: Free Web Browsers
[December 30, 2005] While many businesses depend on Microsoft and its various product suites, alternatives exist, some of which are not well known. Part two of this series examines freely-available alternative web browsers.

Thinking Outside The (Windows) Box, Part I
[December 23, 2005] While many businesses depend on Microsoft and its various product suites, alternatives exist, some of which are not well known. This four part series will examine freely-available alternative web browsers, e-mail clients, and personal firewalls.

KoolSpan: Bridging The Secure Access Gap
Part 3: Under the Hood
[July 29, 2005] In parts one and two of this review we looked at an innovative product and tested it. In this conclusion of our review of this novel product, we look under the hood to show how it works.

KoolSpan: Bridging The Secure Access Gap
Part 2: The Test
[July 22, 2005] In Part 1 of this review, we described this novel secure access product's architecture, our test network configuration, and client installation. This week, we test the product in the office and on the road.

KoolSpan: Bridging The Secure Access Gap
Part 1: The Tools
[July 15, 2005] KoolSpan's novel SecurEdge "Lock and Key" solution provides simple secure access over any kind of LAN, wired or wireless, local or remote.

Beyond Passwords: Implementing The Vision
[April 5, 2005] In part two of this series, we present the pros and cons of your five options: digital certificates, one-time passwords, hardware tokens, smart cards, and biometrics.

Beyond Passwords: Stronger Authentication
[April 4, 2005] When passwords are no longer sufficient, enterprises have plenty of options to improve security.

MSSP Survey Part 4: Managed Anti-Virus, Anti-Spam, and Web Filtering Services
[January 18, 2005] This year's MSSP survey finds more providers offering broader, deeper managed services to defeat viruses and spam.

MSSP Survey Part 3: Managed Virtual Private Networking Services
[January 11, 2005] Our MSSP survey finds marked growth in SSL VPN services and stronger security methods.

MSSP Survey Part 2: Managed Firewall and Intrusion Detection Services
[December 28, 2004] Our 2004 MSSP survey finds Managed Intrusion Prevention services elbowing out pure-play Managed Firewall and IDS offerings.

Managed Security Service Provider Survey (December 2004)
[December 21, 2004] This multipart survey shows what options are available to you when you choose to outsource a portion of the security function.

Wireless LAN Tools Part 4: Monitoring and Reporting
[August 17, 2004] In the final part of this four part study, we discuss how to use WLAN analyzers to help keep your WLAN running smoothly.

Wireless LAN Tools, Part 3: Discovery and Planning
[August 10, 2004] In part three of this four part study, we tackle the toughest part of WLAN deployment, patrolling your network.

Battening Down SNMP
[February 15, 2002] Everyone knows that SNMP has a security hole, but little concrete advice has been profferred. Take a walk through your network with us at your side, battening down all those loose SNMP hatches.

Better Than WEP
[February 1, 2002] Will concern over the inherent vulnerability of wireless and inadequate security measures erode consumer confidence in wireless LANs? Not if the WECA and the IEEE can stop it.

VPN RFP Lab Eval: Final Thoughts
[January 4, 2002] We present a side-by-side comparison of the results of our lab tests of VPN solutions from three vendors: NetScreen, RapidStream, and SonicWALL, and we ask that you vote to choose the best below:

NetScreen Lab Eval
[December 21, 2001] Final installment of our lab test evaluating equipment from NetScreen Technologies. [Part 2] [Part 3]

Improving WLAN Security
[November 26, 2001] We examine all the tools—and basic security procedures—that are available to businesses deploying 802.11-b based networks and points of presence.

RapidStream Lab Eval
[November 21, 2001] The final installment from the second set of results describing our lab experience with RapidStream VPN products. Our technical support experience, customer feedback, more. [Part 2] [ Part 3]

SonicWALL Lab Eval
[November 1, 2001] The final part from the first set of results describing our lab experience with SonicWALL VNP products. Details about our technical support experiences, customer feedback, more.  [ Part 2] [ Part 3]

News From Fall VPNcon
[October 23, 2001] October—fall foliage, crisp mornings, apple cider, candy corn, jack-o-lanterns—and VPNs? It's true. VPN news increases during the fall conference season, culminating at Fall VPNcon.

Agere ORiNOCO AS-2000
(Part 1) : Guarding The Gate      (Part 2) : Installation Nitty Gritty

Managed Security Service Providers
[July 11, 2001] Consider this a starting point for any ISP thinking about purchasing or providing Managed Security Services. Packed with details, remember that only you can determine which security service suits your ISP.

Multi-Vendor VPNs: The Quest for Interoperability
[June 20, 2001] Should your ISP stick with a single vendor solution to deploy VPN services or do multi-vendor systems deliver a better ROI? Learn how to build a VPN offering around your ISPs short and long-term goals.

RFP Series: Our Take On VPN Vendors for Broadband SMBs
[June 13, 2001] We've showed you the original RFP sent to vendors and their responses. Now it's time to get down to the brass tacks and with our expert take on IPsec hardware solutions for ISP deployment to broadband SMBs.

RFP Series-VPN for Broadband SMBs: SonicWALL
[June 6, 2001] Final RFP in our VPN appliance review evaluating IPsec hardware devices suitable for ISP deployment to broadband-enabled SMBs. This week, SonicWALL surpasses our VPN barriers.

RFP Series-VPN for Broadband SMBs: Rebel.com
[May 30, 2001] ISP-Planet VPN appliance reviews continue, evaluating IPsec hardware devices suitable for ISP deployment to broadband-enabled businesses with 10-200 employees. This week, Rebel.com takes a stand.

RFP Series: VPN for Broadband SMBs: RapidStream
[May 23, 2001] ISP-Planet's VPN appliance review continues. This week, RapidStream presents its case for our ISP to consider its IPsec hardware devices and broadband solutions for small businesses.

RFP Series: VPN for Broadband SMBs: NetScreen
[May 16, 2001] Our VPN appliance reviews continue, evaluating IPsec hardware devices suitable for ISP deployment to broadband-enabled businesses. This week, NetScreen Technologies presents its case.

ISP-Planet Series-Request For Proposal:
Managed VPN Appliances for Broadband SMBs
[May 3, 2001] Introduction to our new series of VPN appliance reviews evaluating 6 turnkey IPsec hardware devices suitable for ISP deployment to broadband-enabled small businesses. It's what you need to know, now.

Wireless Privacy: An Oxymoron?
[April 26, 2001] ISPs deploying 802.11b for public broadband or fixed wireless Internet access should consider the risks associated with this emerging technology before network security is compromised.

Slipping IPsec Past NAT
[April 19, 2001] NAT/NAPT are techniques used to share and hide private IP addresses on edge devices like routers and firewalls. But, when an IPsec session runs through NAT/NAPT, security is often compromised.

Defying Double Dippers: Funk Concurrency Server
[April 12, 2001] Does your ISPs Authentication, Authorization, and Accounting system stink? If you've already solidified access to your AAA server—why not consolidate concurrency control there as well?

Satellite Content Delivery: Streaming with iBEAM-Part 2
[April 5, 2001] iBEAM's free dish deal has already lured several large ISPs into its access partner program—at that price any ISP with a broadband subscriber base has nothing to lose by giving iBEAM a long, hard look.

Satellite Content Delivery:
Cidera's Internet Broadcast Backbone-Part 1
[March 1, 2001] Could satellite systems turbocharge The Web without eating ISPs bandwidth? Cidera says yes, the solution lies in avoiding point-to-point delivery in favor of broadcasting content.

Boosting Bandwidth through Bonding: Stallion ePipe
[January 18, 2001] The market for business-grade Internet and Intranet bandwidth is highly competitive. To compete effectively, ISPs must continually seek innovative solutions.

InternetConnect: Joining IP and ATM with MPLS
[January 10, 2001] MPLS speeds up Virtual Private Networks by ensuring that next-hop decisions are made before data is sent, not made while the data is in transit. It could cut bandwidth prices by a factor of ten versus Frame Relay.

ISPCON CDN FaceOff:
Content Bridge, Content Alliance, and Akamai Networks
[January 4, 2001] Two multi-vendor cooperatives, Content Bridge and Content Alliance, were launched to enable more effective competition with CDN market-leader Akamai. How will they do it? ISPCON keynoters offer insight.

The Remote Access Conundrum Part 2: Tunneling at Layer Two
[December 22, 2000] AT&T's approach to managed VPN services—multi-protocol support and simple client software—can teach us a lot about structuring such a business. The main take-away: One size does not fit all.

eTunnels VPN-on-Demand
[December 11, 2000] Speeding up deployment at the core of your ISPs network is a challenge. Review eTunnels VPN-On-Demand—designed to speed past bumps in the road and streamline high volume service deployment.

The Remote Access Conundrum Part 1: Extended Authentication
[November 30, 2000] Can ISPs offer the security of IPsec-based remote access VPNs without the expense of massive Public Key authentication systems? There's no fully standardized solution, but there are ways ...

What To Look For In A Managed Security Provider
[November 13, 2000] A look at Managed Security Services from the customer's point of view may help you decide what to buy and what to sell.

Cisco Joins The Network-Based VPN Market 
[November 9, 2000] Cisco, longtime player in VPN router space, continues to infiltrate the VPN market with new remote access concentrators.

Infrastructure To Go
[October 23, 2000] Well-funded, powerfully partnered, and staffed by legions of experts, Loudcloud is redefining the way online operations are put together. Just pick your platform; they do the rest.

NMS: Series Wrap-Up  
[October 5, 2000]  At the carrier-class level, network management systems can easily run into the six-figure price range. But our NMS series has demonstrated that ISPs and other network admins can get serious query, monitoring, and control tools for well under $1,000.

Stream Caching with TeraEDGE 
[September 11, 2000] Entera, Inc.'s new "content distribution server" tames the biggest bit-hog on the Internet, proxying, storing, and managing live media streams at the network edge. An initial deployment by Axient will broadcast the summer Olympics

Offer Managed Security & Anti-Virus Services  
[September 7, 2000] Network Associates' security-ASP subsidiary MyCIO.com is looking for a few good ISPs and hosting providers to transparently resell security services. It'll handle everything down to and including customer service.

Early Look At Network-Based VPN Deployment 
[September 5, 2000]  The latest Virtual Private Networks are truly "virtual" (software plus provider equipment). Eliminating customer premises equipment lowers costs significantly at every stage, not just installation. We look at new equipment, new software—and a whole new market.

NMS Series #6: Castle Rock SNMPc 
[August 31, 2000] SNMPc 5.0 Workgroup Edition provides almost every feature we'd expect from an entry-level SNMP NMS. This reliable management server enables single-workstation monitoring and control for small-to-midsize networks. Unfortunately, you'd need to shell out a few grand to get remote access.

NMS Series #5: Ipswitch WhatsUp Gold 
[August 16, 2000]  This excellent, low-cost network and service monitor puts its awareness of connections between devices, subnets, and services to work in achieving highly efficient, scalable 24x7 surveillance.

NMS Series #4: MG-Soft NetInspector & MIB Browser 
[August 9, 2000] An overlapping duo, NetInspector and MIB Browser, together offer nearly everything you'd expect from an under-$1,000 SNMP NMS—including a plug-in architecture for expansion.

Hardware Switching & Traffic Management
[August 2, 2000] RADWARE's new Application Switch provides ASIC-based layer four server load balancing, creating a more robust platform for Internet traffic management by ISPs, web hosters, and ASPs.

NMS Series #3: SNMP ToolChest 
[July 19, 2000]  Here's a collection of task-specific network management tools that can easily be customized—or augmented—via Tcl scripting. It's not a comprehensive NMS, but it can flexibly supplement such a system.
NMS Series #2: ipMonitor 
[July 12, 2000]  While not a full-fledged NMS, ipMontor is a flexible and cost-effective watchdog, suitable for granular surveillance in small networks or selective surveillance in other networks.

NMS Series #1: NetPlus AutoManage 
[July 5, 2000] Want the benefits of automated network management and monitoring without the high costs typically associated with this kind of software? Try this entry-level solution from ACE*COMM.

Realm-Specific IP for VPNs and Beyond 
[June 23, 2000] Although still in draft stage, RSIP holds great promise for bridging public and private address spaces. Better yet, it sidesteps many of the pitfalls associated with applying NAT to IPsec traffic.

IP Security and NAT: Oil and Water? 
[June 15, 2000] IPsec and NAT can be employed together in some configurations, but not in others. In today's column, we'll explore the issues and limitations associated with combining IPsec and NAT, and take a brief look at recent advances in this area.

Akamai Broadens Reach, Sweetens Pot for ISPs
[June 7, 2000] New partnerships with technology, network, and content providers supercharge Akamai's basic value proposition. Free, satellite-based Usenet feed and other goodies lure ISP customers.

VPN Product Briefs
[May 24, 2000] A new standard for product interoperability, a global VPN, "security as a service" partnerships, and more.

SSH: From Secure Administration to VPN
[May 16, 2000] Sysadmins: If you're still administering *NIX servers over the Internet using rsh or telnet, stop right now. SSH is an inexpensive, easily configured improvement. And there's a free bonus: simple VPN functionality. Here's how to do it.

A Trio of Mail Servers 
[May 8, 2000] Vircom VOP Mail: A Low-Cost NT Mail Server for ISPs • Stalker Communigate Pro Adds Heterogeneous Multi-Server Clusters • Rockliffe MailSite 4 DataCenter selected by CoolEMail, Infomaniak

New Product: MegaMail  
[May 4, 2000] By front-ending a coordinated, load-balanced mail server cluster, Bluetail Mail Robustifier virtually eliminates email reliability and scalability worries. It's green, but the benefits make it worth any ISP's while to take a look.

We Need a Public Key Infrastructure  
[May 2, 2000] Many of today's virtual private networks (VPNs) are limited by their simple security systems. We discuss some of the changes that will be necessary in order to build massive, secure VPNs.

ISP Planet Primer: Analyzing Cache Logs  
[April 19, 2000] Our primer offers an overview of Common and Squid log formats and the tools you may use to work with them.

In-Depth Eval: IMail - Easy, Inexpensive Mail Server for NT 
[April 11, 2000] Easy-setup, low-maintenance, and support for a large number of users/domains makes for a low total cost of ownership. A la carte add-ons like customizable web mail create ISP revenue opportunities.

Load Balancing News Briefs  
[April 7, 2000] Alteon announces virtual matrix architecture for Web switches, Resonate offers free entry-level server load balancing software, how to survive a DoS attack with HydraWeb, and much more.

SLAs Meet Managed VPNs  
[April 5, 2000] Although just beginning to take shape, guaranteed service levels for VPN and other manged security services will become vitally important in the emerging application services market.

Pending Protocol Promises ISP Revenue Opportunities  
[March 29, 2000] The Internet Content Adaptation Protocol (iCAP), now a draft submission to the IETF, will enable ISPs to run locally targeted ads. It will also enable ISPs to offer virus scanning and other revenue-generating application services.

Windows 2000's VPN-Related Security Issues
[March 27, 2000]  The new OS from Redmond has lots of new security features, but—surprise! There are significant compatibility issues with existing security gateways. We scrutinize the technology and offer a list of pitfalls to watch out for.

Cache Series Wrap-Up 
[March 6, 2000] We finish up our cache review series with a head-to-head comparison of the six reviewed products across all of our evaluation criteria.

In-Depth Eval: QMail - A Better Sendmail?
[March 2, 2000] This modular suite of e-mail programs offers scalability, security, and simplicity of administration. Better yet, it's more efficient than Sendmail. Best of all, it's free!

Do-It-Yourself Caching: Squid 2.3  
[February 28, 2000] This open source solution is a great low-cost way to get into caching. It's far from 'cost-free.' though, since a stable Squid installation calls for some fairly hefty hardware.

Multiprotocol Caching: NetCache C720s  
[February 14, 2000] The NetCache C720s provides a full-featured, versatile platform for ISPs who want to cache streaming multimedia and/or news, as well as Web traffic.

Predictive Caching: CacheFlow 545  
[February 3, 2000] The first unit to survive our tests without a reboot, the CacheFlow 545 offers many innovative features, including an intriguing hybrid config interface and a proactive 'adaptive refresh' algorithm.

NICS with Integrated Management: Compaq TaskSmart  
[January 24, 2000]  Compaq has succeeded in creating an appliance-style cache system that addresses the management needs of both novice and experienced cache admins.

Fail-Safe Caching: InfoLibria DynaCache  
[January 17, 2000] This is a solid web cache for high-availability networks—with a price that reflects the target market.

Caching Appliance Style: Quantex WebXL 
[January 10, 2000] Here's a stable, economical, easy-to-set-up system running Novell Internet Cache System software.

VPNs: Extending Dial Access Reach   [January 6, 2000]  
The ROI in remote access VPNs is all in the telco charges. Offering ubiquitous, low-cost access helps build a market for managed VPN services. We explore the options.

Managed Security Services: A Primer with David Piscitello
[December 9 1999] You've heard the term, but what's this market all about? Are any of MSS's many aspects a business opportunity you might persue? Here's an in-depth look.

Network-Based VPN Platforms  
[December 2, 1999] Here's a sneak preview of the carrier-class VPN boxes that will let ISPs and other managed VPN providers eliminate customer premise equipment. This stuff is BIG!

Return on Investment for Remote Access VPNs  
[Nov. 2, 1999] Everyone 'knows' there's $$ to be made in outsourced VPN services. But how much? And at what level of investment? Here some hard numbers.

Protocols for Remote Access VPNs 
[October 6, 1999] Before you can offer VPN service to your business customers, you'll have to make some basic decisions about the kind of VPN your ISP will support.

VPN Platforms for ISPs  
[September 1, 1999] The number of VPN hardware devices is exploding. Settling on a service platform means optimizing many variables. Here's a concise guide to help you sort it all out.

Customer Premise Equipment for VPNs  
[July 28, 1999] Picking the right CPE for a particular VPN service customer isn't a trivial problem. Lisa sorts out the tangle of solutions and highlights the hot-button issues.

What do VPN Customers Want?  
[ June 30, 1999] The market for outsourced VPNs is growing, changing, segmenting. If you're considering VPN offerings, this in-depth analysis can help point you in the right direction.

Meeting the VPN Challenge  
[May 31, 1999] Thousands of corporations are looking to outsource VPN services and savvy ISPs are planning to provide them. But deploying dial VPNs still poses substantial technical and practical challenges. Networking consultant Lisa Phifer offers some insights.