Remote access allows end users to access resources on the corporate network from a distant location. The most common function of remote access is to enable employees who are traveling or telecommuting to connect to the company network and access resources such as internal applications, intranet, mail services, and file sharing.
In the past, remote access was a service that companies provided through dial-up modems. In order to avoid the expense of long distance or toll-free phone lines, companies started adopting remote access methods that took advantage of public networks over the internet. The evolution of internet technology led to a parallel growth in remote access with more adaptive and secure options.
The predominant method of providing remote access is via a Virtual Private Network (VPN) connection. Normally, a user has no expectation of privacy on a public network, as their network traffic is viewable by other users and system administrators. A VPN creates a “tunnel” that passes traffic privately between the remote network and the user. The tunnel protects the traffic and keeps it safe from being intercepted or tampered with.
VPNs are commonly implemented using the protocols IPsec or SSL. Both are in popular use, but the main difference is the layer of network traffic it secures. An IPsec connection requires client software (provided by a third party or by the operating system), whereas an SSL VPN connection can be accessed through a web browser. However, due to the growing complexity of running code in a web browser and the diversity of browser platforms, many SSL VPN products now use client software as well.
SSL VPNs may also provide remote access through a proxy. Proxy-based portals require remote users to connect to an intermediary server (the SSL Portal VPN) where they are granted access to applications and resources permitted from the network administrators. A proxy serves as an intermediary between the application and the user, providing more access control but also introducing problems with application compatibility.
An emerging model of remote access provides the benefit of a tunnel for broad application support while retaining strong control over access to applications through the next-generation firewall security policy. This approach allows administrators to safely enable remote user activity and access on the network. Combining the benefits from earlier implementations, this model is the most secure and practical remote access solution available today.