Advertisment

Effective method to secure remote access

author-image
CIOL Bureau
Updated On
New Update

Shubhomoy Biswas

Advertisment

BANGALORE, INDIA: The technology world is fast changing. With this there have been changes in the business needs and the world has become a global village. More and more people are working from more locations using more devices than ever before. This has lead to the increase of security threat and to counter it, there has been a spurt in evolution of both local and remote access.

Today, all users are potentially remote and all endpoints potentially unsafe. But users will demand access to business resources from any location. The future trend is towards a universal access control model, one which inverts the network so that the protective perimeter is concentrated around application resources. Your focus shifts to securing communications between all users and business-critical applications.

Advertisment

The impact on access control

Mobile trends in technology and business operations have accelerated the replacement of traditional network nodes from IT-managed hard-cabled desktops to wireless laptops and mobile devices. Even when these devices are issued by IT, it is increasingly hard for IT to control what users do with access devices and to limit ways in which users expose these devices to threats that can impact the security of enterprise resources. For example, an end-user might use the same mobile computing device at home as in the office — use a personally-owned device for business purposes, or use a corporate-owned device for personal purposes.

Also read: Security Trends 2010

The convergence of local and remote access

In many ways, local access is now treated more like remote access and vice versa. Local user access must be as tightly secured as if they were remote and remote user access must be as simple and comprehensive as if they were local. Policy can dictate that instead of gaining network-wide access, local users are restricted to only authorized resources. However, policy can also widen access for remote users to a broader set of collaborative business tools. Hard-wired LAN access is being outmoded by ubiquitous high-speed connectivity over wireless networks and the Internet. Data centers are becoming virtualized, providing fluid access to resources from anywhere. With the convergence of local/remote access, rather than striving for a secure network, IT should focus on establishing secure communications to network resources. The traditional network perimeter must be tightly concentrated into a resource perimeter around the back office systems of the application data center.

Advertisment

Also read: Cisco 2010 Midyear Security Report: Key findings

Universal access

With universal access, the access playing field is leveled. No user, device or location is trusted implicitly and the focal point becomes the information resources: applications, data and services. Additionally, universal access expands the playing field. All users, devices and network technologies are potentially welcome, and all resources must be potentially available with ease from any endpoint device or location. However, while universal access to any resource must be potentially available, it does not mean it should be universally allowed. IT needs a strategy to establish and maintain universal access control.

Universal access control

As laptops and other mobile devices move in and out of an increasingly fluid perimeter, the traditional network cannot be fully protected by IT. The most dangerous attacks on your network may actually come from local rather than remote users. IT managers must now assume that any user and device is a potential risk point, whether the user is gaining access remotely or plugged directly into the LAN. The increasing difficulty of managing end-users and their remote endpoint devices has increased costs for IT. Infrastructure costs have sharply escalated in attempts to harden an increasingly fluid network perimeter.

Advertisment

To increase mobile workforce productivity, organizations want to increase access to resources, while not increasing costs or complexity. To meet this goal, organizations need to consider increases in scale of deployments, application diversity and security demands. The scale and complexity of deployments is increasing, driving up costs of managing and maintaining traditional “fat client” remote access solutions. IT needs solutions that scale to existing infrastructure and systems, while maintaining performance. Application resources such as Web and client/server applications are becoming increasingly diverse and complex to use and manage remotely. And in order to mitigate risk, security must be tightened using universal access control. To successfully establish universal access control, enterprises should re-examine how they view network security. Today, all users are potentially remote, all endpoints potentially unsafe and the underlying network is inherently insecure. Therefore, in order to manage and secure communications across the enterprise, three fundamental questions must be answered:

1) Who is the user?

2) What is on the endpoint device?

3) What resources are being accessed?

{#PageBreak#}

To establish universal access control, every user should be authenticated; every endpoint system should be interrogated to determine its identity and state of integrity; and only then should users be provided appropriate, policy-based access to resources. IT needs to make a comprehensive evaluation of the state of the endpoint device in order to implement a policy decision (e.g., based upon whether the user is authorized to use the particular device, or whether the device contains a valid device certificate or current anti-virus signature file) and classify the device accordingly. IT also needs to be able to correlate authenticated users with the resources which they are authorized to access according to security policy. And IT needs to unequivocally discern proof of the user’s identity, using a strong authentication method.

(The author is country director — India, SonicWALL. The views expressed in this article are that of the author and do not necessarily reflect the views or policies of CIOL)

tech-news