As you are considering different VPN solutions, you’ll run into a couple of important decisions, questions and factors that will help you select the best VPN for your needs.
In general, most decisions around which VPN router is right for your situation begin with a comparison of hardware and software based VPNs. If you are here, you’ve most likely already decided that a hardware-based VPN is the right fit for you.
In general, the greatest benefits of a hardware-based VPN are:
- No software is required for end user devices.
- Centralized maintenance and management is much less involved.
- No software compatibility concerns.
- They provide firewalling and isolation through a VPN gateway.
- In general, there is a smaller attack surface.
- Lower risk of “VPN hijacking.”
- Greater control over where traffic is sent.
- Potential to connect multiple devices.
- Reduced risk of misconfigurations and user error.
If you have chosen hardware as the route for you, now you are faced with the task of determining the best hardware VPN solution.
Ultimately, the right solution for you will be based on your needs, as there isn’t a one-size-fits-all solution. There are, however, a few important key factors you should consider when looking for solutions, or selecting between different hardware VPNs.
Level of protection
One of the most important factors you will want to consider is the level of protection and encryption offered by the solutions you are considering.
Depending on your application, you may need very high levels of security, or you may just need baseline protection.
In government use cases, you’ll definitely need to ensure that your chosen solution is using CNSA grade or Suite B encryption, is NIAP certified and potentially even CSfC approved.
In non-government use cases, you may not require those levels of rigorous certification, but it will behoove you to know that a vendor has gone through those processes.
One of the most important steps in the NIAP and CSfC approval processes is verification of the technology through an objective third party.
This means that someone outside of the organization that produces the product has fully reviewed, tested and vetted the security measures of the hardware VPN and its encryption.
Even if you do not require a NIAP certificate to operate, it often benefits your organization to know the solution you’ve chosen has been approved by a neutral third party.
Examples of some NIAP certified hardware VPNs include:
- PacStar 351, 451, 455 or 551
- Cisco IR1101 Integrated Services Router
- Attila’s GoSilent Hardware VPN
Ease of use
Many hardware VPN server management systems are notoriously difficult to use, requiring almost complete control through a command line interface rather than a user-friendly graphical user interface (GUI).
When evaluating hardware VPNs, you should make sure to look for a more advanced control interface than a simple command line control environment.
Ideally, you’ll want the ability to easily deploy and control the VPN server. The more complex the setup and management of your VPN server, the more time you’ll have to spend managing it and the higher the risk of misconfiguration or error.
Look for a solution that makes it simple.
On most hardware VPNs you’ll have at least 30 different settings you have to keep track of, or ensure are set correctly to get full protection.
Some VPN providers will find a way to simplify that list down to the minimum you need to do your job.
For instance, on our GoSilent VPN server management console, we’ve narrowed the number of settings you will need to tune down to 12, and we’ve made it very easy to find and adjust those settings rather than burying them deep in the admin interface. The most secure and compliant settings are also pre-configured out of the box.
Ask for a demo of the management console for any hardware-based solution you are considering to understand how much effort it will take to manage, and if it allows you the control you need.
Read the Hardware VPN Buyer's Guide
Which Kind of Hardware VPN is Right for You? Find out!
Size and form factor
Depending upon how you plan to use your VPN client, another very important factor to consider in identifying the right hardware VPN for your needs is the size of the VPN client device.
If your solution needs to be mobile, and will be used for travel or remote access, you’ll need to take into account the size and weight of the solution you choose.
In general, you will find that you have to sacrifice certain things when shrinking down the size of your solution. Typically, if a solution is smaller in form factor, you’ll find that it can protect fewer devices at one time and may have lower throughput or higher latency.
There aren’t many solutions that can provide the performance of an “enterprise grade” solution that are also small enough to be portable. As far as we are aware, Attila’s GoSilent Cube is the only product on the market that offers the performance it does at a size small enough to fit in the palm of your hand.
The majority of hardware VPNs that have the same performance and throughput are at least four to six times the size, require two to three times the amount of power, and weigh two to three times as much as a GoSilent.
If portability is not an important factor, there are plenty of solutions that offer good performance, including those listed above with NIAP certifications.
Captive portal protection
Particularly if you are using your solution to protect remote or traveling workers, you’ll want to ensure that it provides protection against captive portals.
When connecting from locations with free guest Wi-Fi access, users will often be siphoned through a Captive Portal, requiring personal information for access and approval of terms and conditions, before granting network access.
According to research by Intel, 38% of users regularly choose to use unsecured public Wi-Fi (including networks with captive portals) rather than their own cellular data providers in order to save money on wireless access, making it highly likely that remote employees will at some point choose to use a captive portal to gain access to the internet.
Captive portals provide an easy point of entry for malicious actors looking to gain access to an individual user’s device and, through that, the larger corporate network.
Most VPN connections typically take about 60 seconds or more to establish a connection. In addition, the user's device will be on the network for at least 120 seconds while they attempt to authenticate with the captive portal. The problem here is that this all before the VPN attempts to establish a connection.
It’s during that 180 second “captive vulnerability zone” that is where the risk comes in.
The only solution that we are aware of that completely protects a user from captive portals (other than simply not using them) is captive portal isolation, and that is why we've built it in to our GoSilent Cube.
Captive portal isolation involves the use of a combination firewall and hardware VPN with a built in, stateless sandboxed web browser.
You’ll want to ensure that your chosen hardware VPN solution offers this level of protection.
Wired vs. wireless connection
Depending on what you are looking to protect with your hardware VPN, you may or may not need the ability to connect wirelessly.
All hardware based VPN solutions will cover a wired connection, but some may not offer coverage for wireless connections.
If you need the ability to connect wirelessly, or envision that you may need to in the future, make sure you select a hardware VPN that allows both types of connections and offers the same protection over both.
Number of devices protected
Another important factor to review when comparing and selecting the right hardware-based VPN for your needs is the number of devices that can be protected by a single VPN connection or VPN client device.
For instance, one of the most attractive features of the GoSilent Cube, when compared to other hardware-based VPN solutions, is its ability to protect multiple devices at once.
A single GoSilent Cube can protect up to 25 end user devices, depending upon physical proximity and how the devices are connected.
Ultimately, the decision of which hardware VPN will be best for your needs is up to you and must be based on your situation, requirements and users. But, no matter your use case, running through the decision factors listed above will help you uncover the right answers and ensure you select the perfect solution for your needs.