Remote access is no longer a luxury

Computerworld - Mobile sales teams, remote workers, telecommuters, strategic partners and other trusted users all need timely, secure access to specific data on your corporate network. Yet some remote-access systems rely on little more than usernames and passwords and lack robust authentication and encryption components.

The remote-access boom is undeniable. Today's mobile and global workforces demand anywhere, anytime access to information. Roughly 82% of large companies now have virtual private networks in place, up sharply from 55% in 2003, reports Forrester Research Inc. The majority of this momentum is behind IP virtual private networks (VPN), which use technologies such as IPsec, Secure Sockets Layer (SSL) and Multiprotocol Label Switching to provide low-cost, site-to-site and remote-access connectivity.

IPsec is a set of extensions developed by the Internet Engineering Task Force to provide security services for the Internet Protocol. Moreover, IPsec can protect any protocol that runs on top of IP, such as TCP, UDP, and ICMP. The IPsec standard provides services that support authentication, integrity, access control, and confidentiality. As a result, IPsec allows for the information exchanged between remote sites to be encrypted and verified.

Still, the technology has some drawbacks. For instance, IPsec requires users -- or their IT administrators -- to properly install and configure security software on each system involved in the VPN connection. By contrast, SSL VPNs do not require remote users to install or configure software on their notebooks or PCs. Moreover, SSL VPNs leverage established firewall ports that are already open for secure Web traffic and typically don't require technology managers to reconfigure firewalls. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate, or server identification, enables SSL capabilities.

Anytime a remote connection is attempted or activated, the process involves risk. Without the proper safeguards, organizations risk personal data and identity theft, network abuse, denial-of-service problems and other digital threats.

Security options

To minimize these risks, organizations are increasingly embracing IPsec VPN, SSL VPN, and security ID offerings. Still, these systems resolve only part of the security challenge. Experts recommend deploying personal firewalls, adware-scanning systems and intrusion-detection software on internal and mobile systems. Moreover, mission-critical systems containing confidential corporate information should also leverage localized file-encryption software. Without these safeguards in place, VPN systems can become high-speed pipelines that allow hackers to inject worms and viruses into corporate networks.

Fortunately, many VPN clients include integrated desktop-security software, such as adware fighters and antivirus software. Some SSL VPNs also combine client security with access rules and some organizations are also exploring secure ID technologies.