As more and more credit unions find themselves on the Internet, and transmitting data across networks of all shapes and sizes, there are some baseline requirements to keep in mind and benefits to accrue, besides keeping and serving members. Minimum requirements: According to Harold Randolph, director of the CUNA Network Services Operations Center in Tempe, Ariz., credit unions that for reasons of size or finance find themselves employing a “subset of a full-scale VPN deployment” need to include the following “minimum components”: *Regularly scheduled security audits consistent with NCUA regulations. *Some kind of IP (Internet protocol) management device that protects Internet-based services from attacks. A managed firewall would be an example. *Public-key infrastructure (PKI) authentication and encryption technology. This controls access and protects information. Best practices: What about the state-of-the-art VPN solutions? According to Randolph, they would include: *Strong authentication: PKI backed by digital certificates issued by an accredited registration authority. Randolph says scalable, portable systems based on smart-chip technology also are in use today. *IP address management: The most secure, highest performing VPN’s in use now are based on IPsec protocol and VPN concentrator server structures, Randolph says. He adds, however, that there are “very reliable and secure solutions available using a managed firewall approach.” *Information security: “In those applications where the protection of data is required, an industrial-strength encryption technology (such as triple DES) will be in place,” the CNS Operations Center director says. Benefits package: So, what benefits does the diligent CU accrue from having an effective virtual private network? “While this is highly dependent on the organization’s IP-based deployment,” Randolph says, some benefits are: *Cost avoidance associated with installation and maintenance of expensive modem-based access devices. *Both secure and general Internet services to their employees and members can be provided in one deployment. Last, but not least, the security of VPN architectures is addressing the concerns of regulatory agencies, and “in a scalable, cost-effective manner.”