Remote-Access Defense

Telecommuters often connect to different Internet security providers (ISPs) that don't provide a secure environment and from wireless hotspots that are inherently insecure. Because of that, telecommuter hosts often have a higher exposure to viruses, worms, Trojans, adware, spyware, and direct attacks. This exposure becomes a problem when the telecommuter connects to the main business network. If proper security isn't in place, those hosts can spread viruses and worms to other devices inside the network. Another problem associated with telecommuting is the threat of proprietary data being sent over the Internet. Fortunately, you can mitigate both of these problems with a virtual private network (VPN) and the principles of defense in depth in the ASA/PIX Security Appliance.

The ASA/PIX Security Appliance allows businesses to set up private encrypted tunnels for people who need access to the inside network from the Internet. This group might include employees, partners, and even customers. This solution is called virtual private networking, and the ASA/PIX Security Appliance uses technology called IPSec to achieve the secure and encrypted communication. If you use IPSec/VPN, users who connect to your security appliance from the Internet essentially become part of a virtual network and have access to network services just as if they were inside the network.

VPN tunnels require authentication to allow only valid users access to the network. To mitigate the malicious software that can spread from these remote machines, you can use the VPN client "are you there" function to ensure that these users are running firewalls or CSA before they are allowed to connect to your network. After the VPN tunnel is terminated on the ASA/PIX Security Appliance, the security appliance then applies all its security functions to ensure that an attack isn't embedded within the VPN tunnel.