Security Solutions
3-37
Designing Access Controls
Make Decisions about Remote Access (VPN)
Decide Whether to Grant Remote Access
You must first decide whether or not you will even grant remote access. You
must weigh the initial cost and hassle of setting up a VPN against the benefits,
which can be numerous.
Establishing a VPN entails certain costs, some of which are listed in Table 3-
23. You can minimize these costs, however. For example, although sending
private data over the Internet seems risky, with the industry-standard IP
security (IPsec) and a strong encryption algorithm such as Advanced Encryp-
tion Standard [AES], the data is secure.
Table 3-23. Disadvantages of Remote Access
You should weigh the advantages of a VPN against the disadvantages. Try to
quantify benefits as much as possible. For example, rather than justify the cost
of a VPN by saying that it increases productivity, estimate the number of
additional productive hours the VPN enables. Talk to managers and employees
and estimate how many work hours employees spend out of the office—and
how many of those hours could be put to better use with remote access to the
private network.
Table 3-24 summarizes several benefits of a VPN.
Disadvantages Mitigating Factors
Cost of purchasing a VPN solution VPN solutions built into existing devices—for
example, the ProCurve Secure Router 7000dl—tend
to be more cost effective than standalone hardware
appliances.
Security vulnerabilities • IPsec with Internet Key Exchange (IKE) is quite
secure, particularly with digital certificate
authentication.
• Strong encryption (preferably Advanced
Encryption Standard [AES]) protects traffic.
Performance implications of
encrypting traffic
Additional hardware can handle encryption:
• Standalone hardware appliance
• Hardware added to device, such as the IPsec
VPN Module for the Secure Router 7000dl