Remote access VPN

J

jdido87

Expert Member
Joined
Nov 10, 2014
Messages
1,489
Reaction score
392
Good day All

What is the best way for a very large organisation to facilitate remote working. Some people have laptops with 4G cards or official sim cards in their laptops in order to access the organizations network. Our department were looking into remote working prior to the Covid-19 pandemic. We have been asked to look into this and see what the options are. What would be the best solution short of providing everyone with laptops and 4G cards. Will a remote access VPN provide sufficient security to sensitive data when staff is utilizing their own hardware and internet. Covid-19 is forcing the issue at the moment and it will not be feasible to get new hardware now.

Please note I am not in the IT industry nor is my department. I am just looking for some advise at this point.

Thank you.
 
Busy setting up a Terminal Server exactly for this reason.
 
jdido87 said:
Good day All

What is the best way for a very large organisation to facilitate remote working. Some people have laptops with 4G cards or official sim cards in their laptops in order to access the organizations network. Our department were looking into remote working prior to the Covid-19 pandemic. We have been asked to look into this and see what the options are. What would be the best solution short of providing everyone with laptops and 4G cards. Will a remote access VPN provide sufficient security to sensitive data when staff is utilizing their own hardware and internet. Covid-19 is forcing the issue at the moment and it will not be feasible to get new hardware now.

Please note I am not in the IT industry nor is my department. I am just looking for some advise at this point.

Thank you.
Click to expand...

Only our work-issued laptops are allowed to connect to the VPN. The issue is that you're essentially plugging foreign hardware into your organisation's network - big security risk there if it's not controlled. I also can't connect my personal laptop to the office's WiFi or physical LAN for the same security reasons.
 
The quick and dirty fix is to setup Remote Desktop Services which can allow anyone with their own device and an internet connection to access company resources remotely. There can be a significant costs depending the number of users, available bandwidth, capacity of existing networking devices, there's a lot of moving parts that needs to be considered

The more permanent solution would be, migration to the cloud, the likes of Microsoft Office 365 combined with various other tools such as DLP, CASB,... Few companies already have these types of setup for a while now and for them its just another day at the office beach...
 
Working remotely and how you allow your employees to do this entirely depends on your business, security policy, responsibilities etc
A standard remote access VPN is probably the most common and viable answer right now (unless you already use pure cloud based applications etc)
In terms of securing this, you have identified one facet, that is the usage of personal devices.
You would need to assess the risk of users having their own devices and using them to VPN into the network.

These risks could be managed via one or multiple of the following options
1. Limiting the access the remote user has
2. Profiling the remote device for security posture (i.e testing it when connecting to the VPN for security, so does it have AV, is it patched etc) and basing access on this
3. Restricting access based on device type and location
4. Utilizing security monitoring software to detect deviations of behaviour for possible malicious actions
5. utilizing data leakage prevention software

Additionally to this you would need to evaluate how your users connect, the availability of this connection service, the end user experience etc
For example will the users install a 3rd part application for remote access, if you are a large company as you say, this can introduce challenges such as user education, IT help desk support, conflicts with existing software etc
Availability of the service means is your remote VPN highly available? What if one of the termination points goes down, can your users VPN somewhere else? Is there intelligence in the way these VPN connections are load balanced?
User experience is probably one of the biggest factors. Users will go from expecting local LAN or wireless speeds to fractions of that, especially if you transform your workforce to a mobile one. You will be dependent on a combination of your VPN device internet speeds, its encryption capability, your end users internet speeds and general latency.
Additionally the more users connecting, the worse it will get and finally if users are uploading content, they will hate life as most connections are still not symmetrical, which means your upload is not as fast as your download.

There are alot of factors here that come into play besides just connecting unfortunately
 
jdido87 said:
Won't Cisco's Anyconnect do the job?
Click to expand...

Anyconnect requires a license, not sure if they have this but yes, it is one of Cisco's way of utilizing a remote access VPN.
The technology utilized would be dependent on the current infrastructure, user base, licensing etc
 
If this is a "large orginisation" like you say surely they have a VPN service in place already. You need to ask your IT department, they will provide you with what you want to know
 
RVQ said:
The quick and dirty fix is to setup Remote Desktop Services which can allow anyone with their own device and an internet connection to access company resources remotely. There can be a significant costs depending the number of users, available bandwidth, capacity of existing networking devices, there's a lot of moving parts that needs to be considered

The more permanent solution would be, migration to the cloud, the likes of Microsoft Office 365 combined with various other tools such as DLP, CASB,... Few companies already have these types of setup for a while now and for them its just another day at the office beach...
Click to expand...

And before you even setup RDP you would need to have a VPN in place, or are you suggesting they publish RDP out to the internet? Cause that is a big NO right there.
 
jdido87 said:
Good day All

What is the best way for a very large organisation to facilitate remote working. Some people have laptops with 4G cards or official sim cards in their laptops in order to access the organizations network. Our department were looking into remote working prior to the Covid-19 pandemic. We have been asked to look into this and see what the options are. What would be the best solution short of providing everyone with laptops and 4G cards. Will a remote access VPN provide sufficient security to sensitive data when staff is utilizing their own hardware and internet. Covid-19 is forcing the issue at the moment and it will not be feasible to get new hardware now.

Please note I am not in the IT industry nor is my department. I am just looking for some advise at this point.

Thank you.
Click to expand...

If you are a very large organisation you should be consulting with your IT department, not asking on Internet forums.

Especially if it’s not your own field.

It’s a very open ended question and not a quick and simple duct tape solution.
 
jdido87 said:
Won't Cisco's Anyconnect do the job?
Click to expand...

It’s only a very small part of the much bigger picture and requirement.

You need a VPN client. You need a VPN server and/or dedicated hardware.

There needs to be routing in place and firewalling and beyond that user management of some kind.
 
Since this is for a very large organization and some employees use their own devices (BYOD), the easiest is provision desktops for the relevant departments and push them for all users. This is easily managements from one single pane of glass by IT. Have you heard about CITRIX? the VDI, DaaS & Digital workspace will do the work. Quick to implement and integrate and rolled out whilst IT work in terms of security is easy. For VPN, you would require lots of bandwidth consumption which if you decide to go the VPN route, you would need to optimize bandwidth based on policy creation.

The good new is,the implementation supports cloud for ease which can be integrated with on prem like active directory etc.
 
We all setup for 40 staff to rdp in over 10Mb fibre.
brought backup server home with 50 ts licenses, clone of data.
taking no chances.
On vdsl at home 20Mb download 5Mb upload
 
Hemps said:
We all setup for 40 staff to rdp in over 10Mb fibre.
brought backup server home with 50 ts licenses, clone of data.
taking no chances.
On vdsl at home 20Mb download 5Mb upload
Click to expand...

Through a VPN though ?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X