Chapter 7: Using Connection Manager for Quarantine Control and Certificate Provisioning

Overview

One of the most serious issues for information technology (IT) administrators using virtual private networks (VPNs) is determining whether the client computer that is being granted access to the corporate network is safe. After all, the user is somewhere out on the Internet, often with her own home-based computer, and there is no way to be sure that her computer has a firewall enabled and virus protection installed, administrative lockdown controls in place, split-tunneling enabled, and so forth.

How does an IT administrator make sure that connection computers conform to the corporate standards of security prior to allowing it to access the network? Also, how does the IT administrator make the connection—and the security that goes with it—easy for their employees to activate on their home computers?

IT administrators who design and implement remote access solutions often face two problems:

1. How does an administrator enforce network access requirements on remote computers? The administrator doesn’t have control over what happens on any remote computer when it is not on the organization’s network, and therefore, the administrator is exposing their organization’s network to potentially dangerous situations.

2. How does an administrator deploy a practical implementation of Layer Two Tunneling Protocol with Internet Protocol Security (L2TP/IPSec) remote access VPN without making it difficult for the user? This is a problem because setting up a remote access connection is not exactly intuitive, as we saw in the previous chapter.