The common practice against unwanted Internet access has been to fortify the enterprise network’s main entrances against hackers. High-end security solutions are now in place at the main entrances to the enterprise network. But that is not enough. Although the front door may be fortified and monitored, the distributed enterprise faces a growing number of other network entrances from remote offices and workers. These remote sites often lack the enterprise class security and remote access protections found at larger sites. Not only do they place their own data and applications availability at risk, they also provide an unguarded “back door” into the headquarters network. Protecting remote offices and workers connected to the enterprise network requires the same security measures used protect the main entrance. But the high cost and complexity of these security solutions makes it inappropriate to deploy them at these locations.

With the arrival of affordable broadband Internet connections and standards based Virtual Private Networks (VPNs), communications links can be done quickly, cheaply, and safely across the world. VPNs can be used to connect mobile users using dial-up Internet connections, link two LANs together via the Internet, allow remote offices and users to securely access internal TCP/IP applications running on the corporate intranet and enable secure access to the corporate extranet for vendors, partners, and customers.


VPNs are generally perceived to be 100% impervious. However, the vast majority of existing VPN solutions on the market today do not make allowances for the fact that remote workers may themselves be on a small family network. This means the network activities of other family members could inadvertently leave the VPN tunnel open to unwelcome visitors.

To stay safe, SonicWALL recommends businesses should make sure their VPN solutions meet the following criteria:

• Isolate the telecommuter connection - where the teleworker unit is on a shared network at home it should not be possible for the VPN tunnel to be accessible to anyone else on the home network
• Enforce network protection at the telecommuter site - companies should consider giving teleworkers security levels at home that comply with the basic minimum corporate standards thereby enforcing a multi-layered defense mechanism that incorporates firewall, anti-virus, content filtering and authentication
• Scale the telecommuting network infrastructure - the majority of enterprises will require VPN connections with many different users so it is important that the solution should be scalable to allow security measures to be deployed rapidly via a web browser
• Manage telecommuting security policies - any solution must be capable of being managed remotely by the company’s service professionals so that the VPN links remain in full control of the organisation at all times
• Perform stateful inspection - where malicious attacks are detected at the application layer rather than at operating system level
• Comply with standards - IPSec, ICSA certification and PKI