TUTORIAL - REMOTE ACCESS NETWORKING
Charlton Networks specialise in the
design, installation & support of remote access networks and
we have put together a simple overview of this technology, listing
some key factors for you to consider before deploying or upgrading
a remote access solution.
Overview
Remote access systems provide your users
with connectivity to resources, such as data files or email, when
working away from their normal office, such as home or when on the
road. There can be many components incorporating a remote access
system, but essentially there are two major components;
• Access Network – The various methods
of physically connecting to a central location, including the boxes
that handle the routing and set-up of these connections. This element
would handle the authentication of each user.
• Access Server – Centralised box(es)
that handles the authorization process, assigning users the correct
permissions, such as what systems they can access.
Depending upon the security requirements and the number of remote
access users, solutions can vary widely, from a single box performing
both functions, through to many access points, integrating into
a corporate wide network.
The most secure systems are based upon two-factor authentication
and have something you know (such as a pin number) and something
you have (such as a token id that generates a key). However, password
based systems can still offer good levels of security if they are
deployed correctly.
Benefits
In this time of highly mobile staff,
flexible working and the need for ever increased productivity, access
to data ‘anywhere’ ‘anytime’ can be critical
to some businesses. Even for smaller companies, working from home
can be a real benefit. Key advantages are;
• Increased productivity
• Worldwide access to head office data.
• Dispersed teams can share information.
• Reduced duplication of data.
• Improved efficiency & more flexible working practices.
Solutions
Connectivity solutions are generally
based upon dial-up or broadband, or a combination of both. Dial-up
is still very popular, especially when travelling and certain ISPs
can provide world-wide connectivity options. Combining this with
VPN provides a secure and flexible solution.
Termination of remote access connections can be achieved via a number
devices, that include routers, firewalls and authentication servers.
Virtual Private Networks (VPN) are now becoming popular with the
increasing use of broadband and allow a private, encrypted connection
between two devices, typically over the Internet, providing a ‘virtual’
network to be created. Dial-up users can access the same VPN, via
their existing ISP accounts, allowing remote access connectivity.
Authorization can be integrated into an existing network, such as
NT or Windows 2000 domain, allowing a user to enter his existing
user name / password and obtain the same access rights as when working
in the office.
Security
Security is a primary concern and many
standards exist, providing strong security mechanisms. VPN (as mentioned
above) can be deployed with differing levels of encryption and other
systems such as Radius and Token ID systems add further layers of
security.
Radius is a security service that work in conjunction with networking
equipment, to authenticate & authorize users in a network. Radius
servers service login requests from the network and can be integrated
in to network operating systems, such as Windows NT.
Token ID systems are either hardware or software based and consist
of a user pin number and a constantly changing token ID. The ID
is recognised by the Remote access system and provides a ‘once
only’ password, which changes on the next login attempt, ensuring
maximum security.
Considerations
A key consideration in the use of remote
access is the type of applications to be used - especially with
regard to the use of bandwidth. Slow dial-up lines, VPN & encryption
technologies have a dramatic effect upon performance. Applications
such as Windows Terminal Services can help reduce the impact and
offer effective means of running high bandwidth applications.
Other considerations would include COST, Manageability and Functionality.
Further Details
Contact
us .....
|
