Mobile sales teams, remote workers, telecommuters, strategic partners and other trusted users all need timely, secure access to specific data on your corporate network. Yet some remote-access systems rely on little more than usernames and passwords and lack robust authentication and encryption components.

The remote-access boom is undeniable. Today's mobile and global workforces demand anywhere, anytime access to information. Roughly 82 percent of large companies now have virtual private networks in place, up sharply from 55 percent in 2003, reports Forrester Research. The majority of this momentum is behind IP virtual private networks (VPNs) which use technologies such as IPsec, Secure Sockets Layer (SSL) and Multiprotocol Label Switching to provide low-cost, site-to-site and remote-access connectivity.

IPsec is a set of extensions developed by the Internet Engineering Task Force to provide security services for the Internet Protocol (IP). Moreover, IPsec can protect any protocol that runs on top of IP, such as TCP, UDP, and ICMP. The IPsec standard provides services that support authentication, integrity, access control, and confidentiality. As a result, IPsec allows for the information exchanged between remote sites to be encrypted and verified.

Still, the technology has some drawbacks. For instance, IPsec requires users - or their IT administrators - to properly install and configure security software on each system involved in the VPN connection. By contrast, SSL VPNs do not require remote users to install or configure software on their notebooks or PCs. Moreover, SSL VPNs use established firewall ports that are already open for secure web traffic, and typically don't require technology managers to reconfigure firewalls. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate (or server identification) enables SSL capabilities.

Security options
Any time a remote connection is attempted or activated, the process involves risk. Without the proper safeguards, organisations risk personal data and identity theft, network abuse, denial-of-service problems and other digital threats.

To minimise these risks, organisations are increasingly embracing IPsec VPN, SSL VPN, and security ID offerings. Still, these systems resolve only part of the security challenge. Experts recommend deploying personal firewalls, adware-scanning systems and intrusion-detection software on internal and mobile systems. Moreover, mission-critical systems containing confidential corporate information should also leverage localised file-encryption software. Without these safeguards in place, VPN systems can become high-speed pipelines that allow hackers to inject worms and viruses into corporate networks.

Fortunately, many VPN clients include integrated desktop-security software, such as adware fighters and anti-virus software. Some SSL VPNs also combine client security with access rules and some organisations are also exploring secure ID technologies.

According to Evans Data, here are the most common security solutions for ensuring safe remote access to enterprise resources:

  • Public key infrastructure: 15 percent
  • SSL/TLS connections: 12 percent
  • User authentication: 11 percent
  • WAP 2.0: 10.5 percent
  • Digital signatures: 10.3 percent
  • VPN: 10.1 percent
  • Encryption of data: 6 percent
  • Biometrics: 5 percent
  • Firewalls: 4.5 percent
  • Encryption: 4.1 percent
  • Other: 3 percent
  • Undecided: 10 percent

    Top tips before going mobile

  • Before buying, ask vendors how they test their products for security.
  • Review software on the basis of security features.
  • Have a process for monitoring vulnerability.
  • Install the latest patches, but first check newsgroups and other sources for patch anomalies.
  • After adding new programs or hardware, install the latest patches.
  • Use an automated tool to scan all PCs in the network for compliance.
  • Use open standards such as Security Assertion Markup Language when developing software architecture.
  • Do not use one server for multiple purposes (for example, Web server plus Domain Name System server); the more services, the more vulnerabilities.
  • Install firewalls inside the network, not just on the perimeter; segregate departmental applications.
  • Deploy intruder-detection systems internally and within each network segment system administrators.
  • Use one-time passwords - they can be intercepted but will be invalid for future sessions.

    Stan Oien manages information security and computer networking experts at CDW, a Fortune 500 provider of technology products and services. His teams focus on designing a range of technical systems spanning remote access, content filtering, encryption, wireless networking, and other security and network solutions that help business customers secure their networks.