Remote Access Solutions 1
Stephen Craig
IT230
Remote access
Remote access is defined as the ability of a user to log onto a network from a distant location. This is accomplished with a remote computer connected to the distant network. Whereas remote control refers to taking control of another computer, remote access means that the remote computer becomes a work station on the network. Communication between the network facility equipment and the remote computer is accomplished through a data link. The only difference between a remote user and workstations connected directly to the network is slower data transfer speeds. Remote Access is also useful when you want to connect local office computers with corporate networks. This allows the business to share resources as if all computers are connected to the same LAN. Two common methods of providing this type of remote access are dial-up and Virtual Private Network (VPN).
Dial-up remote access is when a client uses the telecommunications infrastructure to create a physical connection with a remote access server, which is attached to a Local Area Network (LAN). The physical or logical connection between the remote access server and the remote access client is made possible through dial-up equipment. Dial-up remote access is considered a private communication portal. The nature of the dial-up equipment and WAN infrastructure varies, depending on the type of connection. There are several telecommunications technologies can make up the WAN infrastructure used in dial-up remote access. These technologies include Plain Old Telephone Service (POTS), T-carriers, Integrated Services Digital Network (ISDN), Asynchronous Transfer Mode (ATM), and Digital Subscriber Line (DSL). The remote access software dials in directly to the network server. Dial-up access is still prevalent in many companies.
A virtual private network (VPN) is a communications network linked through another network. A VPN connection has a topology more complex than point-to-point. A VPN connection is an Internet connection that is made secure for the use of transmitting data across a WAN. The distinguishing characteristic of VPN is that they overlay other networks to provide connectivity that is useful to a user community. With virtual private network remote access, a VPN client uses an IP internetwork to create a virtual point-to-point connection with a remote access server acting as the VPN server. One common application for a VPN is secure communications through a public network. VPN access has increased in recent years because connection costs between remote workforces and global enterprise locations continue to increase. Companies have begun taking advantage of the Internet as a remote access infrastructure by implementing VPNs.
Remote Access Solution - IP-based VPN
An IP-based VPN has been selected for this network. When choosing between dial-up and VPN for a remote access solution the following factors were considered:
•Cost
•Security
•Performance
VPNs are an increasingly popular option for interconnecting corporate locations over the Internet, including branch offices and telecommuters. Although Frame Relay and ATM continue to be used for VPNs, IP is the most popular type of VPN. A VPN is made possible via access to the Internet, but it is more than an Internet connection. A T1 connection to the Internet can be made into a VPN; however, the T1 alone is not a VPN.
Cost
When considering VPN versus other Wide Area Network designs the topic of cost is usually at the forefront. One of the best arguments for VPN is that you get more for less. VPN solutions can cost as much as 50% less than comparable T1 Frame Relay or Private Line services, while providing the same throughput and reliability. Because VPN, like most other Wide Area Network services, can be delivered on a T1 it provides many of the same advantages. T1 lines can be provisioned to provide both voice and data service, reducing the overall cost for the T1 line. Many carriers offer a managed VPN or network VPN solution. In this scenario, the tunneling and encryption is handled at the edge of the carrier's network, this reduces the company’s exposure to significant equipment or software costs. This includes customer premise equipment, software updates, equipment service and support, and management of the network.
Security
Security on networks is required due to increased remote access and also an increase in the type of hardware used to access the network. Companies that are concerned about their private information being accessed through the network connection are implementing VPNs. VPNs have gained favor as a security solution because they are standards based and relatively inexpensive. A major security issue is that network connection ports can be exploited by various threats, including viruses, hackers and spyware. On a VPN, before any function can be performed by an outside user, he/she must first connect via a VPN client. After proper authentication, they can connect to other network functions. This provides a secure network connection. VPNs have gained favor as a security solution because they are standards based and relatively inexpensive. VPNs need to be designed and operated with well-thought-out security policies. Organizations using them must have clear security rules supported by management.
Performance
AVPN can be deployed using a number of connection speeds including: Dialup, DS0, T1 and T3. T1 is the most common speed for VPN, and is the carrier speed selected for this network. Dedicated voice service or non VPN Internet access can be added to the T1 line. This is done using a fractional T1.Selected segments of the VPN can be securely opened to business partners, suppliers and clients. Companies can leverage their VPNs by running voice over the virtual circuits between their locations. IT specialists only need to plan and configure the authentication and connection.
Network Protocols
Two popular VPN protocols were considered. Internet Protocol Security (IPsec) and Secure Socket Layer (SSL). IPsec is the most common protocol for secure VPNs. IPsec protocols operate at the network layer, or layer three of the OSI model. SSL protocols operate from the transport layer up, OSI layers four through seven. This makes IPsec more flexible because it can be used for protecting layer 4 protocols, including both TCP and UDP, the most commonly used transport layer protocols. IPsec has an important advantage over SSL. Application level programs do not need to be designed to use IPsec. The ability to use SSL or other higher-layer protocols must be incorporated into the design of the application. The limitation of IPSec; however, is that it can only carry IP packets.
SSL VPNs are designed to address the needs of diverse users that need secure access to administrator-specified corporate resources. These resources are accessed from a wide variety of devices from many locations. The network administrator can change both the access methods and the resources allowed as the users’ circumstances change. The users can include mobile employees, contractors, offshore employees, business partners, and customers. As a result, SSL VPNs offer users the convenience of being able to access corporate resources using any Web-enabled device from anywhere. Disadvantages to SSL VPN include additional hardware and training costs and they require extensive administrator authorization and authentication.
IPSec VPNs were created to meet the challenge of how to securely provide employees around the world with “always on” connectivity that will enable them to access the corporate resources they need to achieve optimal productivity. This protocol is effective in achieving high performance, redundant, site-to-site connectivity. This technology allows users in geographically distributed locations to operate corporate resources as if they were logging in at the corporate headquarters. This seamless operation simulates actual presence on the LAN. IPsec VPNs are offered by technology vendors such as Cisco, Check Point, Microsoft, Juniper Networks, Sonic Wall, Symantec, and Watch Guard.
Office Applications
Business applications that are supported by this remote access solution include sales, inventory, communication, internet, database access, finance, and human resources. This solution also supports Voice Over IP, client/server applications, and e-mail.
Location of Servers
In this scenario, the tunneling and encryption is handled at the edge of the carrier's network. This is a managed VPN which will limit equipment costs. Each office location will have a VPN capable router connected to the T1 connection. Various workstations will also be connected to the LAN at each office.
References:
Podsedly, M (2006, May) Network Security Basics for Telecommuting Programs
Faulkner Information Services
Lombardi, C.B., (2007, April) Virtual Private Network Services Selection Guide
Faulkner Information Services
Barr, J. (2007, May) Network Access Control Technologies
Faulkner Information Services
Howarth, F., (2007, May) Best Practices: Implementing VPN Technology
Faulkner Information Services
Barr, J. (2008, January) Remote Access Security Guidelines. Faulkner Information Services.
Goodwin, B. (2006, March 21) Failure to secure remote access leaves firms at risk. Computer Weekly, 00104787
Ainsworth, M (2007, March) Network Security Best Practices. Faulkner Information Services.