Security Concerns of Accessing a Private Corporate Network over Virtual Private Network (VPN)

The primary purpose of VPN technology is to allow customers working at home or on the road to access Microsoft Windows file shares, Microsoft Exchange servers, and many corporate intranet that are not sufficiently secured to allow them to be placed on the external internet. As more workers telecommute and travel, traditional remote access services have become expensive and cumbersome in serving the needs of an increasingly dispersed and mobile workforce. These changes in work habits create a strain on conventional network infrastructures, especially as the once-clear distinction between the corporate LAN and the public WAN blurs.    VPN’s low-cost, robust, worldwide data network that can connect anyone, at any time, anywhere, overcomes the limitations of traditional WAN services. A properly designed VPN can solve these problems, providing the end user with a greatly improved business communications infrastructure at a significantly reduced cost. VPN links remote offices over a network and gives allows workers to efficiently share ideas and information throughout a company. Firewalls can be easily added to a VPN to provide solid encryption to secure data as it travels over the Internet. VPNs provide access from anywhere the Internet reaches and enables rich, flexible communications with customers, suppliers and business partners over extranets. VPNs improve the productivity of remote workers and hence, their organizations. VPNs promote flexible work styles, extend workplaces beyond office walls, connect remote offices with the headquarters, and foster competitive advantages with strategic partners; all at reduced costs, compared to other options. Another new working style that might emerge with virtual private network is making outsourcing jobs mainstream. Therefore, additional security measures should be taken into consideration when accessing a private corporate network over VPN as opposed to accessing it from a private corporate office are: Access only thru a specified telephone number as in Dial VPN/Internet based VPN Callback security, in which the operating system calls back the client to make sure the connection is legitimate. Make sure the data is encrypted  Make sure there is access authentication Make sure Remote access security policies and profiles are in place i.e. Windows can be administered thru Remote Desktop Client, while Netware 6.x can be remotely accessed when the REMOTE.NLM is loaded. These features can be turned on or off as needed.  Make sure Password Security rules are enforced. There must be Access restrictions based on time of the day or day of the week. In addition, the network should have a way of filtering to prevent or allow specific IP addresses. Etc...etc... References: Garfinkel, S., with Spafford G. (2002). “Web Security, Privacy & Commerce, 2nd Ed.” Sebastopol, CA: O’Reilly LINK Palmer, M. (2003). “Guide to Operating Systems Security.” Boston, Massachusetts: Thomson Technology http://www.enterasys.com/products/whitepapers/vpn/9011742.html