Secure Remote Sessions

Francisco M. De La Vega

During the design and implementation of a corporate information infrastructure, special consideration is usually given to the security aspects of the architecture. Strategies ranging from encryption to firewalls are commonly discussed. Firewalls can provide a strong barrier and isolation against external attacks and unauthorized access to the corporate information assets. However, this protection is gained at the cost of reducing the services crossing the corporate frontier. But, what happens when corporate users need to access company information and services from the Internet? The current trend in user mobility and extranet access to enterprise networks by business partners poses a difficult security problem.

Often the asset requiring access is a very simple but important one: corporate email. Field engineers, salespersons, and executive personnel need to access internal servers and applications when they are away or just at home. System administrators often need to take emergency actions when their pagers signal important system events, or just to check if everything is in order before being able to sleep. Some companies have provided modem access directly to their internal network for these key personnel. This is costly and sometimes not secure. The drive behind the creation of Virtual Private Networks (VPN) using the public Internet infrastructure as part of the corporate WAN is to reduce costs. It is much more cost-effective to provide employees and partners with a dial-up account to a local ISP than to provide dedicated access.

Some of the problems of remotely accessing corporate information can be alleviated using properly secured Web interface systems (see "Securing Intranets" in the June, 1997 issue of Sys Admin).