Remotely Accessing your internal network and data is sometimes mandatory and can be used for a variety of reasons. Maybe you are outsourcing some of your business to an external partner, maybe you require external technical support, or you may have employees on the road or tele-workers that require access to internal data and resources in your company. In any case, you must take measures to protect your data and network, but still keep the operation of your remote access service as functional as possible.
In this article I describe the most popular methods and technologies available to use in order to enable your company users to access internal data from outside your company.
1. Dial-up access
This method was very popular in the past, but nowadays is not used so much since there are other faster and more secure technologies. Basically, a dial-in modem is installed on the serial port of your Remote Access Server (RAS), which serves as the entry point in your network. A remote user dials-in the company’s modem number, using for example the Microsoft Dial-up Networking (DUN), and is authenticated by the RAS server before entering the internal network. This method is vulnerable to ‘war dialers’ which are tools used to scan telephone networks and get access to dial-up modems for hacking into your network.
2. IPSEC VPN with Remote Access VPN Client
This is probably the most secure and popular method used when individual users want to connect with their laptops or desktop computers from outside your corporate network. A VPN client has to be installed on the user’s computer, and there has to be an Internet connection available for the remote user. The VPN client creates a secure and encrypted IPSEC tunnel between the laptop of the user and the corporate office. This tunnel is terminated on a VPN IPSEC capable device located in the company office. Even if this VPN tunnel goes through the Internet, the IPSEC protocol encrypts all the data flowing inside the tunnel, thus providing strong security.
3. IPSEC VPN with LAN-to-LAN Communication
This method uses again the IPSEC protocol, but it is utilized for connecting a whole remote office LAN with the central corporate office, rather than individual users. The remote office has to be equipped with an IPSEC capable device and connection to the Internet. The IPSEC device (router, firewall etc) creates a VPN tunnel with the IPSEC device in the central office, thus creating a secure tunnel to connect the two data LANs. Even if the two LAN networks have private IP addresses (e.g 192.168.1.0 or 10.1.1.0 etc), they can still communicate through the Internet since the VPN tunnel encapsulates all data within public addresses which are routable in the Internet.
4. SSL VPN
SSL (Secure Sockets Layer) is the security protocol that is used extensively in web browsers. It employs the public and private key encryption system from RSA, and it provides secure and flexible communications through the internet. SSL VPN gains a lot of popularity since it already exists inside web browsers, and does not require an extra VPN client to be installed on the user’s computer. The central corporate office has to be equipped with an SSL VPN termination device, and the remote clients just need to use their web browser for connecting to their corporate office.