Choosing this option lets remote users use their normal network user name and password, and the SSL VPN then integrates with the preexisting authentication system on the network.. Two-fa
Trang 1shows a typical login screen after browsing to the SSL VPN’s URL (If you deploy an
SSL VPN, this screen would be customized with your own company’s logo and other
information.)
SSL VPNs can authenticate users using a variety of different techniques, including
the following:
N Through user names and passwords defined in the SSL VPN for each user
N Through integration with an existing authentication system, such as Windows
Active Directory Choosing this option lets remote users use their normal
network user name and password, and the SSL VPN then integrates with the
preexisting authentication system on the network
N Through the integration of a two-factor authentication system Two-factor
authentication systems usually include a small device for each user that
displays a number that changes every minute or so Users log in by typing
the number on the device at the time they are logging on, plus an additional
number that is known only to them (sort of like an ATM PIN) Two-factor
authentication systems are extremely secure, because the devices use a
randomized sequence of numbers known only to a secure server installed in
the network
Once users log in to an SSL VPN, they are shown a home page that displays all of
the connection options available to them, such as the example shown in Figure 10-8
The choices available to a remote user may include the following:
N Access to a remote node connection through the SSL VPN
N Access to other web servers on the company’s network, such as a corporate
intranet site, which are not normally accessible through the Internet
N Access to e-mail, either through an application like Web Outlook or through a
web-enabled e-mail client provided by the SSL VPN
N The ability to perform web-based file management through the SSL VPN; files
that are managed might be hosted on Windows- or UNIX-based servers
N Access to shared corporate applications that have been set up to work through
the SSL VPN, such as an accounting system
N Access to Windows Terminal Services or Citrix sessions via the SSL VPN
N Access to mainframe terminal sessions
Trang 2138 Networking: A Beginner’s Guide
While many of these choices are important for companies, the mainstay of remote access is letting remote users access e-mail and files stored on the network SSL VPNs provide web-based access to many different types of e-mail servers They also include the ability to manage files and directories through a web interface, such as the one shown in Figure 10-9 In this example, the user can select files in the left pane and can then choose
to download, add to a download cart, view within the web browser, rename, or even delete files The user can also manage folders and upload new files All file access follows network permissions granted to the user that is logged in to the SSL VPN
Figure 10-8. A sample user’s home page on the SSL VPN
Trang 3Chapter Summary
Most network administrators would agree that supporting remote access is one of the
trickiest parts of managing any network Many factors come together to make this so
You can support remote connections in a number of ways Most remote connection
speeds have lower bandwidth than remote users would like Many remote users are
often important people in the company, and various problems are introduced with any
connection made over a distance Still, remote access is an important network service, and
its benefits to the company justify most levels of effort to make it reliable and work right
Use the information you learned in this chapter to assess your own company’s
remote access requirements, to learn what your users actually need, and to start
searching among different possible solutions for the ones that make the most sense for
your situation You should also consider whether you need to support more than one type
Figure 10-9. A folder containing several files that can be managed
Trang 4140 Networking: A Beginner’s Guide
of solution For example, most networks support both modems hosted by the company and other types of connections that come in through a VPN link Or you may support an existing remote access solution for a time while you deploy some sort of VPN solution, and you may decide to run both systems for some time to deal with your specific needs The next chapter talks about technologies and techniques that can keep a network’s information safe and from falling into the wrong hands Network security, when done right, shouldn’t require much of your time to maintain You need to spend enough time and effort when you set up a network to ensure the network’s security is strong from the beginning
Trang 5Chapter 11
Securing Your Network