The remote- user network offers an opportunity for an organization to expand its operational reach and enable its people to work from where they choose. At the same time, it presents a potentially easy route for a hacker to enter the main network if a remote host can be compromised. Add to that the fact that the communications between the remote host and the headend travel over a public infrastructure and must be secured, and you begin to realize that supporting remote users is what one wag called "an insurmountable opportunity." The remote-user model of the SAFE SMR Blueprint offers four optionswhich are really four design alternatives, by another nameto satisfy the need to emulate the inside-the-LAN experience for users as much as possible while securing their hosts and the communications path between them and the headend. These four options provide filtering, traffic direction, authentication, and traffic isolation in different ways. Because no one design ever fits all situations, you should know how each option does this so that you can make a reasonable design choice when faced with the need to support remote users. |