Remote access enables “extended” and “open” enterprises to make efficient use of people and resources wherever they are located at home, on the road, using public PCs, or drop-in business centers in hotels. However, opening the network to access from anywhere introduces security concerns. For that reason, sensitive information on systems used for remote access should be encrypted using a system that integrates seamlessly into normal application use. Encryption systems are currently available that enable the user to operate normally, not requiring manual or individual encryption/decryption of files
Remote access VPNs. Internet-based remote access provides tremendous flexibility and high bandwidth. Two approaches are common:
• VPNs based on IPsec, with IPsec client software loaded on the user’s access device.
• SSL VPNs with SSL security, that uses the SSL capability built into standard Web browsers and requires no other client software.
IPsec-based VPNs: IPsec is a network-layer approach that can be used across applications. For example, an IPsec-based VPN connection can be used to access e-mail, HR self-serve applications on the intranet, and browse the network. An IPsec “client” (the user-interface software), must be installed on the access device—PC, PDA, handheld computer, etc. The VPN client authenticates the user, verifies the integrity of the user’s computer system, and establishes a secure link (“ tunnel”) to the enterprise. The VPN client ensures that the remote system is secure even during session setup, where exchange of authentication information is encrypted.
SSL (Secure Sockets Layer) protocol uses encryption and authentication to secure communications between Web browsers and Web servers at the application layer. Originally developed for electronic commerce, SSL is built into most browsers, Web servers, and e-mail applications to provide data encryption, server authentication, message integrity, and optional client authentication between users and their applications one application at a time. By putting a Web front-end on a networked application, secure access to the application can be made through SSL from any Web-enabled device, anywhere. So enterprises are now using SSL VPNs to extend the reach of Web-based applications to users who need only limited access to such applications.
Like IPsec, SSL also offers deployment choice:
- Encryption (if used) can be accomplished through 40-bit or 128-bit RC4, 56-bit DES or 168-bit Triple-DES, 128-or 256-bit AES
- Authentication of users can be based on username and password (e.g., RADIUS), username and token and personal identification, or x.509 digital certificates
BTC Networks through its partners offers both types of VPNs: IPsec and SSL, and support for both in several platforms, in order to provide whatever level of VPN support enterprise customers choose.
BTC Networks has partnered with the following vendors to offer best of breed Remote Access security solutions.
Internet Security Systems (ISS)