May 21, 2012

Remote Access

Remote access is defined as pertaining to communication with a data processing facility from a remote location or facility through a data link. Typically the data processing facility is a corporate network, and the data link can be any communications line through which you can access an external network. The external network will, in most cases, be the internet.

It is important to understand that some sort of connectivity to the internet must exist before you can connect to your corporate network. That connectivity can be supplied by cable modem, DSL line, dial-up modem, or 3 or 4G wireless network device. Where you connect from usually doesn’t matter.

VPN stands for virtual private network. The end goal of a VPN connection is to connect your local machine to your corporate network as though you were sitting at your desk. Networked drive and printers appear as though they are on the same network as your workstation. If you are accessing your e-mail through a VPN, the mail client (Outlook) has to be installed on your local PC. Because data has to be transferred from your corporate network through a slower communications line to your local machine, processing is typically slower than you would experience sitting at your desk.

Terminal Services / Citrix
Terminal Services is a product bundled with the Microsoft operating system. Citrix is a third party product that enhances terminal services functionality. With terminal services and Citrix, the applications run on the server not the local workstation. In essence the local workstation functions as a dumb terminal. You can access your e-mail without installing Outlook on the local machine. This makes for a more secure configuration, and requires a less powerful local device because the work is being done on the Citrix server. Because less data is moving between the corporate network and the local PC, response time is much faster, and less bandwidth is used.

Remote PC Software
With remote PC software, you remotely control a PC that is connected to your corporate network. With this method you get some of the speed advantages of terminal services. The down side is you must commit two devices to the process for each user.

Smart phones / tablets
There are several remote PC software applications available for Apple and Android based tablets and smart phones. There is also a Citrix client for these devices. The main downside to the smart phones is the size of the screen. The screen is simply too small to make it a viable solution for remote access other than to check e-mail. The larger screen of a tablet makes it a much more usable device. In addition, a Bluetooth keyboard and mouse can be paired with the tablet as well as an external monitor. This can turn the tablet into a legitimate workstation replacement.

Personal Devices
It is important to decide whether or not employees can use their personal devices to access corporate networks. When making this decision you must weigh cost savings and ease of use against potential security breaches. Allowing employees to use their personal devices will reduce the cost of buying and administering those devices. The downside is you will have less control over the devices. You can at any time shut off access from personal devices, but how can you ensure that there is no company information on them?

Connections between corporate servers and remote devices must be secured with certificates. You can generate your own or purchase one from any number of internet sites. You should also incorporate a token into your authentication scheme. This would require remote users to use their ID, password, and a code that is generated from a token that is assigned to them. The token is never stored with the remote device. In this fashion, if an ID and password is compromised authentication cannot take place without the associated token.

Remote access is necessary in today’s business world. Whatever procedures you put into place to allow remote access, make sure you do it safely securely. If a remote access connection is compromised your best protection is a cyber-security policy. Do your best to protect your company’s information from loss, and do your best to protect them when the loss inevitably occurs.



Cyber Bytes is S.H Smith & Company's Cyber, Security & Privacy blog – written by the experts you trust.


Betty Shepherd and Jeanine Loomis are experts in the field of Cyber, Security, & Privacy. Combined, they have over 40 years experience writing Cyber, Security & Privacy Liability policies.


With over three decades of experience as an IT Manager/Security Expert, Gene Barnes is intimately acquainted with the cyber threats that today's business owners face.