Solutions for Security

Remote-Access VPNs Provide Secure Access

The ubiquity of the Internet, combined with VPN technologies, allows you to cost-effectively and securely extend the reach of your network.

Remote-access virtual private networks (VPNs) allow secure access to corporate resources by establishing an encrypted tunnel across the Internet. VPNs have become the logical solution for remote-access connectivity for the following reasons. They:

  • Provide secure communications with access rights tailored to individual users, such as employees, contractors, or partners
  • Enhance productivity by extending the corporate network and applications
  • Reduce communications costs and increases flexibility
Next Steps

Learn more about remote-access VPN solutions.

Read the full-length version of this article.

Locate a Cisco VPN/Security Specialized Partner.

Anytime, anyplace network access gives employees great flexibility regarding when and where they perform their job functions. VPNs accommodate day extenders, or employees who desire network access from home after hours and weekends to perform business functions such as answering e-mail or using networked applications. Using VPN technology, employees can essentially take their offices wherever they go, improving response times and enabling work without interruptions present in an office environment.

VPNs also provide a secure solution for providing limited network access to non-employees, such as contractors or business partners. With VPNs, contractor and partner network access can be limited to the specific servers, web pages, or files they are allowed access to, thus extending them the network access they need to contribute to business productivity without compromising network security.

Technology Options

There are two primary methods for deploying remote-access VPNs: IP Security (IPsec) and Secure Sockets Layer (SSL). While many solutions offer either IPsec or SSL, Cisco remote-access VPN solutions offer both technologies integrated on a single platform with unified management. Offering both IPsec and SSL technologies enables organizations to customize their remote-access VPN according to their deployment and operating environment needs without any additional hardware or management complexity.

By offering both technologies on a single platform, Cisco remote-access VPN solutions make the choice simple: deploy the technology that is optimized for your deployment and operating environment.

Security Considerations

Worms, viruses, spyware, hacking, data theft, and application abuse are considered among the greatest security challenges in today's networks. Remote-access and remote-office VPN connectivity are common points of entry for such threats, due to how VPNs are designed and deployed. Unprotected or incomplete VPN security may allow the following:

  • Remote-user VPN sessions to bring malware into the main office network, causing virus outbreaks that infect other users and network servers
  • Users to generate unwanted application traffic, such as peer-to-peer file sharing, into the main office network causing slow network traffic conditions and unnecessary consumption of expensive WAN bandwidth
  • Individuals to steal sensitive information, such as downloaded customer data, from a VPN user desktop
  • Hackers to hijack remote-access VPN sessions, providing hackers access to the network as if they were legitimate users

To combat these threats, the user desktop and the VPN gateway to which the user connects must be properly secured as follows:

  • User Desktops: Endpoint security measures such as data security for data and files generated or downloaded during the VPN session, plus anti-spyware, antivirus, and personal firewall.
  • VPN Gateway: Integrated firewall, antivirus, anti-spyware, and intrusion prevention. Alternatively, if the VPN gateway does not provide these security functions, separate security equipment can be deployed adjacent to the VPN gateway to provide appropriate protection.

Technologies required for mitigating malware such as worms, viruses, and spyware and for preventing application abuse, data theft, and hacking exist in the security infrastructure of many organizations' networks. In most cases, due to the native encryption of VPN traffic, they are not deployed in such a way that protects the remote-access VPN.

Although you can purchase and install additional security equipment to protect your VPN, the most cost-effective and operationally efficient method of securing remote-access is to look for VPN gateways that offer native malware mitigation and application firewall services as an integrated part of the product.