Remote Access

Remote access is integrated "routing and remote access" part of the service, used for remote office staff, going personnel, as well as monitoring and managing multiple department office server administrator provide remote network.

Specific application

Have run Windows computer and network connecting users can dial-up remote access their network to get services, such as file and printer sharing, electronic mail, plans and SQL database access.

User classification

Usually need to undertake remote access people have two kinds, one kind is administrator, another kind is the common user.

System administrators usually require remote access enterprise network network equipment or server, remote configuration management operation. At the current product development perspective, most of enterprise-level network equipment or server, usually provide remote configuration management interface or function, the administrator can Telnet, SSH, through web GUI and even remote management software terminals of ways, from enterprise network into a network management side WAN maintenance.

Ordinary users remote access requirements, usually remote office staff, going personnel, especially those executives need to be on business often and ERP, CRM often need operation, HR etc of the informationized management system, examination and approval, bill of lading operation. In enterprise informatization unceasingly progress today, more and more such remote access requirements gradually become the focus of enterprise IT administrators. far

Remote access needs classification

The remote access for ordinary users demand, at present relatively common means has 3 kinds.

The first kind is the internal applications directly open port, allowing external IP directly access, through application system itself account verification mechanism preventing illegal users.

The second type is using Windows Server 2003 and updated versions of the terminal service function provided in external PC running Windows remote desktop, first connected to the terminal Server, the connection through the Server proxy access to network application system.

The third kind is to use VPN technology realization and enterprise network, and the remote connections in VPN access network application system.

The first category: open port mode

Firewall open directly in the port internal applications. For example a company ERP system application 7001 ~ 7006 port is, can be in firewalls configuration will be forwarded to 7001 ~ 7006 port connection ERP server IP address. Telecommuting personnel can go out or via TCP/IP access enterprise lo-fi 7001 ~ 7006 port, directly into ERP system. In the ERP system itself through the identity authentication, then he shall enter ERP system operation. This way is very simple, for the realization of technical ability is limited, especially limited budget enterprise, is a common solution. But its threat is obvious. Directly to the public network open ERP server port, would bring network attack, hackers and other security risk. Especially in the virus and attack increasingly stormy today, which will no doubt for internal application system and application system server security pose a serious threat.

The second: using Windows remote desktop technology

Windows XP, Vista on all the versions of the remote desktop terminals are integrated, just open application system server terminal service function, and open fire wall 3389 port (i.e. remote desktop technical dedicated port), go out or telecommuting researchers can, through their own PC remote desktop terminal server system, connected to the application, and the application system running related procedure.

The plan for universal and become common Windows. Several anubis: solutions

1, through remote desktop access application system, which is equivalent to the operating system application server client program, or to the terminal server connection PC identity access to the internal application system, generated file default is stored in the server. If need to save in the distal PC, or in the distal PC connected on the printer to print, still need further configuration terminal service disk mapping function, as well as in server installation remote printer driver etc complicated Settings.

2, remote desktop technology itself needs identity authentication, more than the first kind of scheme verification mechanism, a heavy security than the first kind of scheme. Inevitably

3, external through remote desktop PC to connect to the network server, you still need to lo-fi, because open 3389 ports open port caused by the attacks and invasion of server risks still exist.

4, remote desktop technology itself wrong the transmission, encrypted data in the network if someone deliberately using caught tool, is totally possible to transmit data recovery, causing the should belong to enterprise internal information, or even commercial secrets of leakage.

There has been some products adopts remote desktop technology as the core, developed a convenient maintaining and managing remote access platform software. Some brand has can realize disk mapped and remote printing, and provide simple encryption functions. Safety and feasible Windows solutions rise somewhat, but more tedious installation process. And encryption, low levels of risk. Existing crack The server 3389 port by the opening of the risks are still hard to avoid.

Third class: VPN technology

VPN technology application, the biggest advantage has also lies in data transmission is all in the public network tunnel, VPN encryption of corresponding security is higher. Subdivision up to a three kinds of main VPN technology: IPSec VPN and PPTP VPN, SSL VPN.

The PPTP VPN

The PPTP is a remote dial-up technology, Windows cabin dial-up will provide the PPTP VPN dial-up. Users can through the predefined configurations good account, through the Windows cabin dial-up, remote dial PPTP VPN gateway, the enterprise, and then get the connection IP address within the identity of a PC access to the internal network application systems.

The PPTP VPN's advantage lies in the technical popularization, Windows cabin dial-up made the final users need further buy installation extra software, reduced cost and maintenance. Weakness is that, the PPTP protocol itself also provide lower levels of encryption for data transmission to provide corresponding on the public network security. But the PPTP encryption security level is not high, there is the risk of crack civic-minded individuals. And the connection, the user dial no corresponding rights management, can access to network resources, to the detriment of any internal network information security management.

IPSec VPN

IPSec VPN with its up to 168 bits encryption security, and the popularization of core technology brought by cost down, had become enterprise construct border-crossing VPN network preferred solution. Between any two network established IPSec VPN, if, as in the same local area network, can transmit data and access to any other application system.

On the market at present is the gateway router mainstream brand IPSec VPN functionality is usually support this function is also more for enterprise headquarters and branch is established between border-crossing VPN, connect to several different regions the LAN. IPSec VPN if used to solve the remote access needs, must be installed on the remote PC IPSec VPN client program. Often this client program is not free, prices ranging from hundreds of pieces to thousands of pieces of dollars. And client configuration is relatively complex, usually for enterprise employees, especially enterprise executives, there exist certain technical difficulties. Similarly, IPSec VPN also hard to do rights management, as long as connected VPN, can not restricted access any system, go against internal information security management.

The SSL VPN

The SSL VPN adopted the 128-bit encryption technology can also provide high-level data transmission safety. And SSL technology generally placed inside all kinds of mainstream browser, the average user need only HTTPS way, can visit the channel in SSL encryption transmission of data, to avoid the installation of trival, also need not additional input costs. It is due to have high safety, application is simple and the low cost advantage, SSL encryption technology has been used widely and online banking, online shopping, online payment on safety and mobility to demand higher industries.

For enterprise go out or remote office staff, need to open the browser, input enterprise the SSL VPN entrance website or IP, use individual VPN account login, can enter the connection, visit the connection of of all kinds enterprise resource. The current commercial SSL VPN products usually contain user permissions management function, some can according to user groups -- such as financial group, administrative team, etc -- are permissions Settings, management in the group all members allow or prohibit the visit to a network resources or application system. There is a minority products can even for each user permissions Settings, and executive batch set operation, greatly enhance the enterprise internal network information security management maneuverability.