Chapter 14. Remote Access Security

Remote access presents one of the biggest potential security risks in any network. In fact, remote access is a risk by its very nature: remote access is intended to allow remote computers to access your private network. The key to mitigating the risk is to ensure that the individuals who are accessing your network are legitimate and that the data they transmit to and from your network is protected. In this chapter, I'll discuss the ways Windows Server 2003 lets you deploy secure remote access solutions.

This chapter isn't intended to be an exhaustive how-to guide for remote access. Entire books on that subject?many of them larger than your phone book?are available. Instead, this chapter is designed to help you understand the security implications of remote access and show you how Windows Server 2003 can help mitigate any security risks that remote access creates. For the ultimate remote access reference, see the Deploying Virtual Private Networks with Microsoft Windows Server 2003 Technical Reference (MS Press).

Because remote access is such a significant security risk, some organizations prefer to cut it off entirely, refusing to offer remote access services to their users. That's usually a mistake, because the benefits of remote access are usually just as significant as the security risks. Many administrators, for example, require remote access in order to respond to evening emergencies and to perform other administrative tasks. Refusing to offer remote access services simply isn't an option, because the administrators can't operate any other way. And many employees work very effectively from remote locations, including homebound or traveling employees. Cutting these employees off from any resources could mean cutting productivity and ROI. Some companies see remote access pay for itself in increased employee effectiveness.