Remote access provides end users with the ability to access resources on the corporate network from a distant location. The most common function of remote access is to enable employees who are traveling or telecommuting to connect the company network and access resources such as internal applications, intranet, mail services, and file shares.
In the past, remote access was a service that companies provided through dial-up modems. In order to avoid the expense of long distance or toll free phone lines, companies started adopting remote access methods that took advantage of public networks over the Internet. The evolution of Internet technology led to a parallel growth in remote access with more adaptive and secure options.
The predominate method of providing remote access is via a virtual private network (VPN) connection. Normally, a user has no expectation of privacy on a public network, as their network traffic is viewable by other users and system administrators. A VPN creates a “tunnel” that passes traffic privately between the remote network and the user. The tunnel protects the traffic and keeps it safe from being intercepted or tampered.
VPNs are commonly implemented using the protocols IPsec or SSL. Both are in popular use, but the main difference is the layer of network traffic that it secures. An IPsec connection requires client software (provided by a 3rd party or by the operating system), whereas an SSL VPN connection can be accessed through a web browser. However, due to growing complexity of running code in a web browser and the diversity of browser platforms, many SSL VPN products now use client software as well.
SSL VPNs may also provide remote access through a proxy. Proxy-based portals require remote users to connect to an intermediary server (the SSL Portal VPN) where they are granted access to applications and resources permitted from the network administrators. A proxy serves as an intermediary between the application and the user, thus providing more access control but also introducing problems with application compatibility.
An emerging model of remote access provides the benefit of using a tunnel for broad application support, while retaining strong control over access to applications through the next-generation firewall security policy. This approach provides the administrator full visibility and granular control over what the remote user runs on the network. Combining the benefits from earlier implementations, this model is the most secure and practical remote access solution available today.