Chapter 12. The Remote-User Design

Chapter 12. The Remote- User Design

Terms you'll need to understand:

• Software access option

• Remote site firewall option

• Hardware VPN client option

• Remote site broadband router option

• CRL

Techniques you'll need to master:

• Performing threat analysis against VPN services

• Evaluating remote-user connectivity needs

Chapter 10, "The Small Network Implementation," and Chapter 11, "The Medium Network Implementation," dealt with fixed locations, where everything is (nominally, at least) under the control of the IT organization, even if that is outsourced. When we look at securing remote users, however, we face a different kind of problem: Sometimes although the principal information asset is the organization's property, it is not under the organization's actual control. When that is the case, problems can develop in the remote user's host and can travel from that host into the headend network, where they can cause even greater problems.

As an example of what could happen, several teleworkers were disabled by the recent MSBlast worm because they were outfitted with hardware and software, but were not allowed to update their configurations (they were not allowed to have Administrator rights). Their IT organization never got around to patching the remote users. The teleworkers became infected when they connected to the Internet just to log in to work. This particular worm had such a rapid cycle (rebooting its host every 60 seconds) that they weren't able to infect their headend networksbut that was not as a result of anything the IT did properly. Remote users can be a great benefit to an organization, but they must be kept as current in all respects as though their hosts were permanently in the LANor more so because they are more likely to be exposed to trouble.