Security Solutions
3-38
Designing Access Controls
Make Decisions about Remote Access (VPN)
Table 3-24. Advantages of Remote Access
Select VPN Options
After you decide to establish a VPN, you must start designing your deploy-
ment. Deploying a VPN can be a bit complicated. You have a lot of choices to
make—from the type of VPN gateway to the exact encryption algorithms used
to protect data. This guide focuses on the decisions with the greatest implica-
tions on deployment; examining every detail of VPN security policies is
beyond its scope.
One important choice is your VPN protocol. Common ones include:
■ IP Security (IPsec) with Internet Key Exchange (IKE)
■ Point-to-point Tunneling Protocol (PPTP)
■ Layer 2 Tunneling Protocol (L2TP)/IPsec
Note Although L2TP can be implemented without IPsec, it does not provide ade-
quate security on its own. Therefore, this guide will consider only the L2TP/
IPsec implementation.
In addition to selecting the VPN protocol, you need to choose various options
for the selected protocol:
■ Authentication method—options include:
• Digital certificate
• Password (preshared key)
■ Encryption protocols and algorithms, which ensure data privacy (encryp-
tion) and data integrity (hash or authentication)
Advantages Explanation
Increased productivity Users can access data and perform work
tasks when out of the office
Increased employee satisfaction Some users may be able to work more flexible
hours or telecommute from home. Others
escape the frustration of a long commute;
they can focus on work rather than on
traveling to the office.
Benefits to the environment Telecommuting decreases traffic congestion,
pollution, and fossil fuel consumption. You
might even find government programs that
offer incentives for companies that
encourage telecommuting.