53 In order to maintain the integrity of the private network, the network administrator will have to monitor the VPN systems logs, error reports, and other documentation very closely. Users must be trained extensively in security issues, such as password and digital key integrity and confidential information procedures. The main anxiety for the systems administrator is that the entire Internets host of criminals looking for a challenge will have a shot at your private network. These people will try to break in to your system, but common sense and precautions will keep your private network from being an easy target. The network administrator can expect to spend 20 to 40 hours a month dealing with ISP, security, and Internet issues.

3.3.1.4 Security, scalability, and stability

Like WAN solutions, the VPN is by far more economical than RAS with regard to scalability, but scalability translates directly into economy. As the network expands, an RAS service could devour more than half of the network departments budget and time, while a VPNs cost can be kept at a more manageable level. And, while not entirely stable, a VPN is at least as stable as RAS. Users still dial in to a central point, but the burden of maintenance and support is on the ISP, not the organizations network administrator. While your local administrator may be as knowledgeable, those running an ISP are focused almost entirely on their RAS services. The network administrator in an organization has a plethora of issues to address daily. The VPN lightens this load, somewhat. The complete security of a RAS service is not as assured as a WAN, though it probably equals that of a VPN. Anyone with a modem and a password can hit the organizations RAS services. Attacks on private RAS pools are as old as the profession of hacking itself. With VPNs you have the security of encrypted traffic, including passwords, usernames, and, in many cases, IP addresses and communication ports via firewalls. While the Internet is the staging ground for most network attacks today, a VPN will keep a medium-sized network as safe as it can be.

3.3.2 Large Solutions

A large network is a prime candidate for replacement of RAS with a virtual private network. Figure 3-7 compares the two solutions. With a large RAS solution, many times there are small- to medium-sized remote sites connecting to the central network, in addition to roaming and static end users. Sales personnel calling from remote customer sites in other countries, developers telecommuting from home, and many other scenarios make a RAS pool a living nightmare for a network administrator. With the VPN, not only are costly long distance charges avoided, but the flexibility and scalability allow for efficient evaluation of upgrade and end user needs.