Remote Access Basics
There are many ways to access your server remotely. Although this section focuses on remote access using virtual private networks (VPNs) or dial-up, other remote access options are mentioned to compare them in terms of functionality and ease of use.
If you were to take a poll asking users what they like most about SBS, you would find that the ability to work remotely ranks high. Being able to read your mail and access filesor even your computerfrom anywhere has become a necessity in today's business world, and it's one of the major reasons why people choose SBS.
Fortunately, remote access in SBS 2003 has improved significantly over previous versions. Not only it is easier to configure, but SBS also has a wide array of options to connect remotely in specific scenarios. Thanks to these improvements working remotely is more feasible than ever before, not to mention more secure.
Remote Access Options
Although working remotely can be a blessing, it can also become a nightmare (and I'm not talking about working at home at 2:00 a.m.!). SBS does a great job protecting your network, but enabling remote access is always a risk. On the other hand, this risk can be minimized by carefully considering all your remote access options and following the security best practices such as enforcing complex passwords and changing them frequently.
This discussion begins by addressing the following questions:
Dial-up remote access is similar to accessing the Internet through a dial-up account. You connect to the server using a modem directly through a phone line. One of the main advantages of this is that you can access the network remotely even in the event of an Internet outage. The main disadvantage is speed; in most cases, the maximum speed attainable is 33.6 kbps, which is very slow. Another disadvantage is that you must have a line dedicated (at least partially) for this kind of access. Having said that, a dial-up connection will behave as part of your internal network (albeit much slower). In fact, you can even use it to connect to the Internet through your own server.
Virtual private networks on the other hand use a public network infrastructure (such as the Internet) to create a private link between two networks or computers. In other words, when you establish a VPN you are creating a secure tunnel between your computer and the remote network that goes through the Internet.
Not only can you access all the resources of the network as if your computer was physically connected to it, but traffic is encrypted in both directions while it travels the public network. When you connect to the VPN you can potentially do everything a local user would do (although it will be slower).
Risks of Using VPNs
VPNs are powerful, but they also present certain risks. Because VPN traffic is trusted, it effectively bypasses the firewall. This means that if you connect through VPN to a computer that has been infected with a virus or worm, you can potentially compromise the whole network because the virus/worm has unrestricted access to it. Also, if a hacker were to obtain access to the VPN, he would have access to the network, not just to a particular machine or service.
One of the main concepts in securing your network is to always give users the minimum access necessary to do their jobs. In that spirit the first thing you should evaluate is whether giving them VPN or dial-up access is required.
Alternatives to VPNs
In the past VPNs were essential to work remotely. However, many new features in SBS 2003 make VPNs unnecessary in many cases. Table 7.2 shows several alternatives to VPNs for accomplishing certain tasks.
In many cases using these alternatives can provide a better end-user experience. Also, from a practical standpoint using alternative methods can sometimes be the only way to access resources remotely because some providers may block VPN traffic while still allowing other (more common) protocols.
Guidelines for Using VPNs
From the previous discussion it becomes clear that VPNs are not for everyone. The question remains how to decide when the use of a VPN is really warranted. This section addresses these concerns by examining some common usage scenarios.
For administrative purposes VPNs can be really useful. The ability to see the whole network at once can be helpful for domain administrators to help diagnose and solve problems that involve several machines. Additionally, administrators are generally tech-savvy and take better care of their machines than regular users. Considering all this, granting administrators VPN access has many advantages and an acceptable risk level.
VPNs can also be helpful for users running an application locally that requires connecting to a resource in your network that is not available from the outside. For example, a user might need to connect to a database remotely. Setting VPN access for such users, where they can access the resource as required is a good idea.
Another example worth mentioning is printing to the SBS shared fax printer while you are on the road. You can potentially send faxes from anywhere in the world that has Internet access.
Remote Access Basics