IT Jobs
Remote access is no longer a luxury
But if it's a necessity, it had better be safe.
By Stan Oien, Computerworld | Computerworld UK
Published: 01:00 GMT, 10 April 06
Mobile sales teams, remote workers, telecommuters, strategic partners and other trusted users all need timely, secure access to specific data on your corporate network. Yet some remote-access systems rely on little more than usernames and passwords and lack robust authentication and encryption components.
The remote-access boom is undeniable. Today's mobile and global workforces demand anywhere, anytime access to information. Roughly 82 percent of large companies now have virtual private networks in place, up sharply from 55 percent in 2003, reports Forrester Research. The majority of this momentum is behind IP virtual private networks (VPNs) which use technologies such as IPsec, Secure Sockets Layer (SSL) and Multiprotocol Label Switching to provide low-cost, site-to-site and remote-access connectivity.
IPsec is a set of extensions developed by the Internet Engineering Task Force to provide security services for the Internet Protocol (IP). Moreover, IPsec can protect any protocol that runs on top of IP, such as TCP, UDP, and ICMP. The IPsec standard provides services that support authentication, integrity, access control, and confidentiality. As a result, IPsec allows for the information exchanged between remote sites to be encrypted and verified.
Still, the technology has some drawbacks. For instance, IPsec requires users - or their IT administrators - to properly install and configure security software on each system involved in the VPN connection. By contrast, SSL VPNs do not require remote users to install or configure software on their notebooks or PCs. Moreover, SSL VPNs use established firewall ports that are already open for secure web traffic, and typically don't require technology managers to reconfigure firewalls. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate (or server identification) enables SSL capabilities.
Security options
Any time a remote connection is attempted or activated, the process involves risk. Without the proper safeguards, organisations risk personal data and identity theft, network abuse, denial-of-service problems and other digital threats.
To minimise these risks, organisations are increasingly embracing IPsec VPN, SSL VPN, and security ID offerings. Still, these systems resolve only part of the security challenge. Experts recommend deploying personal firewalls, adware-scanning systems and intrusion-detection software on internal and mobile systems. Moreover, mission-critical systems containing confidential corporate information should also leverage localised file-encryption software. Without these safeguards in place, VPN systems can become high-speed pipelines that allow hackers to inject worms and viruses into corporate networks.
Fortunately, many VPN clients include integrated desktop-security software, such as adware fighters and anti-virus software. Some SSL VPNs also combine client security with access rules and some organisations are also exploring secure ID technologies.
According to Evans Data, here are the most common security solutions for ensuring safe remote access to enterprise resources:
Top tips before going mobile
Stan Oien manages information security and computer networking experts at CDW, a Fortune 500 provider of technology products and services. His teams focus on designing a range of technical systems spanning remote access, content filtering, encryption, wireless networking, and other security and network solutions that help business customers secure their networks.
.gif)
SANs tuned for virtualisation
Add your commentComments