NCP's Virtual Private Network for Android Makes BYOD More Secure

 
 
By Jeff Cogswell  |  Posted 2013-05-12
 
 
 

NCP's Virtual Private Network for Android Makes BYOD More Secure


Today, a growing number of companies are making use of virtualization and private clouds. But along with such technologies comes business employees' growing use of personal mobile devices, such as smartphones and tablets to access corporate networks.

As much as companies might want to try to keep the bring-your-own-device (BYOD) trend out of their offices and networks, the fact is that they are a reality and they are here to stay. If companies tell their employees not to use them, the employees probably will anyway.

For example, if the company has a POP3 mail server, then the phones can be configured to access it. Employees will naturally access it with or without corporate permission. The solution, then, is not to forbid BYOD, but rather embrace it, and implement security measures to keep it safe and secure.

One such security measure is virtual private networks, which have been used for years through VPN servers in the main IT center and VPN clients installed on PCs, laptops and notebooks. VPNs are especially important for employees who work from home or who travel a lot. A VPN client installed on a laptop helps traveling employees stay securely connected to the office network.

But what about the recent BYOD excitement? eWEEK tried out a new entry in the space of VPN clients for mobile devices—NCP Network Communications' Secure Enterprise VPN Client for Android.

NCP offers different editions of the VPN Client for Android, with the difference being how licenses are managed. If you download it directly from the play store, you can get a full version for $29.90 or a smaller version with fewer features for $9 (although the price has changed from $9 to only $3.35 at the time of this writing, which proved to be a good deal).

Like most Android apps, the installation is a snap. I first downloaded the trial version from NCP's Website, and then downloaded the full version from the Play Store. Right away, I was able to try it out by connecting to NCP's test server. Once that worked, I connected to my own VPN server, which is an OpenBSD server. I also tried it with a Cisco server. In all cases, it worked well.

I have spent a lot of time using Android devices in recent years, and what struck me as particularly interesting is that your phone doesn't need to be rooted. Rather, Android supports the networking tasks that this VPN client requires. That's a huge plus.

NCP's Virtual Private Network for Android Makes BYOD More Secure


However, one important note is to make sure your device has VPN capability. I also tried the NCP Secure Client on a rather inexpensive Android tablet that I bought for my son at Walmart, and it didn't function.

The problem wasn't the software. Rather, this tablet didn't include the required VPN libraries. As such, I recommend first trying the free demo version (which is good for 10 days) before purchasing the real thing to make sure your device has the necessary libraries. Also, you need to make sure your device is running at least version 4.0 of the Android operating system. Apparently, NCP does make a client for earlier devices, provided they have been rooted, and you need to contact NCP directly for more information.

Setting up the client was easy, as it allows for multiple profiles with many options. Extended Authentication (XAUTH) is available, which is common in VPN clients. The client also allows you to choose the Internet Key Exchange (IKE) type or a fully qualified domain name and more. Split tunneling is even available, if you need it, as is Internet Protocol Security (IPSec) compression. In general, it has pretty much all the features you might need for a VPN client.

Another feature I found useful is that you can configure the VPN to start automatically. This is useful for corporate-issued devices, but I doubt people would want it for their own BYOD devices. However, the organization might institute a policy that if employees are going to bring their own devices, then they must always have the VPN turned on.

Differences Between Versions

There are two versions available in the Play Store, the basic client and the premium client, as well as one available directly from NCP called the enterprise client. The enterprise client includes central management. We didn't test that feature here. Other than central management, the premium client includes all the same features as the enterprise client.

The basic client is lacking only a couple features available in the premium edition, specifically FIPS (Federal Information Processing Standard) 140-2-validated cryptography although other types of encryption are available. Also lacking is IKEv2 (Internet Key Exchange v2) for authentication, but IKEv1 is available. The basic client also does not have a PKCS#12 interface for private key certificates or an auto-reconnect feature. Additionally the premium version includes a "VPN Path Finder" technology for when Port 500 can't be used.

Typically, a business will purchase VPN clients for its employees, including those who aren't very tech savvy. For that, the IT staff will probably need initially to configure the NCP Secure Client. Some user reviews complained that you can't import configuration files; however, another user pointed out that you can do so by saving the file directly on your Secure Digital (SD) card. That worked for me.

Once the software is installed and configured correctly, there really isn't much the user needs to do. A good VPN client should be transparent, and indeed this one is.

NCP Secure Client for Android includes all the features I needed for the VPN. The basic client, presently available for $3.35, is a great option for small organizations or individuals. The client is easy to install and configure. Once it's up and running, it sits in the background and doesn't interfere with your work. It definitely does what you would expect a good VPN client to do.

Rocket Fuel