Numerous options exist for providing remote access to your internal network. Some are fairly simple and inexpensive, and others are more complex.
Dial-up is still the most common remote access method. Traditionally, companies have implemented modem banks and RAS servers to provide remote access to their employees. Figure 1 shows the architecture of a company using a modem bank for remote access.
Figure 1 Dial-up modem banks are the most common method of remote access.
Figure 2 shows secure remote access when the Internet is used instead of the public telephone network.
Figure 2 Internet-based remote access solutions are becoming the new standard.
Prior to the Internet, it made sense to use modem banks for remote access. They were pretty much your only choice. The Internet provides a more cost-effective, secure remote access method with VPNs, though. Dial-up remote access is very expensive. Either you have to pay for a 1-800 line for your users to call, or you must reimburse long-distance charges.
The growing use of broadband access in the home also makes a strong case for switching to an Internet-based remote access method. The productivity and efficiency gains you see by switching from a v.90 or ISDN modem to cable or DSL can be significant.
Dial-up remote access is a little more secure than Internet remote access because your passwords and data are not traveling over a public packet network. (Line tapping is much harder than packet sniffing.) Additionally, you do not need to be as worried about the security of end user systems because they are not connected to the Internet while connected to the corporate network. (Although, if employees use the same PC to connect over private dial-up and the public Internet, they can inadvertently expose the company to Trojans planted earlier, while the PC was connected to the Internet.)
One thing you need to be very wary of is users setting up their own dial-in modems to gain remote access to their machines. Rogue modems provide easy entry for hackers, so hackers always look for them. With a dial-in modem, you bypass the firewall, intrusion detection, and most other security solutions used by the enterprise. Using war-dialers—software that calls a large range of numbers looking for systems that answer—you can easily find unauthorized modems on your network. TeleSweep Secure by SecureLogix is one war-dialing tool you can use to test your own network for modems.
When you move from a dial-up solution to an Internet-based solution, you introduce the issue of Internet access. Users need an account with an ISP and a phonebook of POPs (points of presence). The level of control you want to impose on your users will help determine what type of access you want to provide. Compulsory solutions mandate that the user must dial into a specific ISP. Voluntary solutions let the user decide which ISP to use as long as he can gain Internet access when necessary.
For More Information...
Check out the Microsoft RAS Web page at http://www.microsoft.com/technet/network/default.asp, and Securelogix TeleSweep at http://telesweepsecure.securelogix.com/.