Remote Access Authentication
Remote access systems have become common in corporate America and are becoming a basic cost of doing business. New remote access alternatives have gained acceptance, including full client-based systems, browser-based remote access portals, and remote desktop control offerings. The increasing availability of remote access introduces new security implications.
In the past, corporate IT departments had the option of carefully controlling physical access to the network, as well as managing the software and hardware used by employees for network access. However, this approach doesn't work in the context of remote access. Physical security is now difficult or impossible to control, and the computers used for remote access are often completely beyond the reach of network administrators.
To address these concerns, the deployment of any remote access technology must include a detailed and comprehensive security plan. An effective remote access deployment always includes an endpoint security strategy, including anti-virus, anti-spyware, client-side firewall, and critical update components. Network-side security, including access restriction policies, firewalls, intrusion detection, and intrusion prevention, should also be deployed.
In addition to these considerations, however, a complete remote access security policy must address the often-overlooked area of authentication. Although authentication within the corporate environment is often straightforward, the anywhere, any-computer access paradigm that accompanies remote access deployments calls for closer consideration.
Authentication is the act of determining, within a chosen level of certainty, the identity of the user requesting or providing access to resources. It encompasses authentication of the end-user and end-user equipment, authentication of the system to which end users connect, and even the security of the authentication information itself.