137 Chapter 10: Connections from Afar: Remote Network Access shows a typical login screen after browsing to the SSL VPN’s URL. (If you deploy an SSL VPN, this screen would be customized with your own company’s logo and other information.) SSL VPNs can authenticate users using a variety of different techniques, including the following: N Through user names and passwords defined in the SSL VPN for each user. N Through integration with an existing authentication system, such as Windows Active Directory. Choosing this option lets remote users use their normal network user name and password, and the SSL VPN then integrates with the preexisting authentication system on the network. N Through the integration of a two-factor authentication system. Two-factor authentication systems usually include a small device for each user that displays a number that changes every minute or so. Users log in by typing the number on the device at the time they are logging on, plus an additional number that is known only to them (sort of like an ATM PIN). Two-factor authentication systems are extremely secure, because the devices use a randomized sequence of numbers known only to a secure server installed in the network. Once users log in to an SSL VPN, they are shown a home page that displays all of the connection options available to them, such as the example shown in Figure 10-8. The choices available to a remote user may include the following: N Access to a remote node connection through the SSL VPN N Access to other web servers on the company’s network, such as a corporate intranet site, which are not normally accessible through the Internet N Access to e-mail, either through an application like Web Outlook or through a web-enabled e-mail client provided by the SSL VPN N The ability to perform web-based file management through the SSL VPN; files that are managed might be hosted on Windows- or UNIX-based servers N Access to shared corporate applications that have been set up to work through the SSL VPN, such as an accounting system N Access to Windows Terminal Services or Citrix sessions via the SSL VPN N Access to mainframe terminal sessions 138 Networking: A Beginner’s Guide While many of these choices are important for companies, the mainstay of remote access is letting remote users access e-mail and files stored on the network. SSL VPNs provide web-based access to many different types of e-mail servers. They also include the ability to manage files and directories through a web interface, such as the one shown in Figure 10-9. In this example, the user can select files in the left pane and can then choose to download, add to a download cart, view within the web browser, rename, or even delete files. The user can also manage folders and upload new files. All file access follows network permissions granted to the user that is logged in to the SSL VPN. Figure 10-8. A sample user’s home page on the SSL VPN 139 Chapter 10: Connections from Afar: Remote Network Access Chapter Summary Most network administrators would agree that supporting remote access is one of the trickiest parts of managing any network. Many factors come together to make this so. You can support remote connections in a number of ways. Most remote connection speeds have lower bandwidth than remote users would like. Many remote users are often important people in the company, and various problems are introduced with any connection made over a distance. Still, remote access is an important network service, and its benefits to the company justify most levels of effort to make it reliable and work right. Use the information you learned in this chapter to assess your own company’s remote access requirements, to learn what your users actually need, and to start searching among different possible solutions for the ones that make the most sense for your situation. You should also consider whether you need to support more than one type Figure 10-9. A folder containing several files that can be managed 140 Networking: A Beginner’s Guide of solution. For example, most networks support both modems hosted by the company and other types of connections that come in through a VPN link. Or you may support an existing remote access solution for a time while you deploy some sort of VPN solution, and you may decide to run both systems for some time to deal with your specific needs. The next chapter talks about technologies and techniques that can keep a network’s information safe and from falling into the wrong hands. Network security, when done right, shouldn’t require much of your time to maintain. You need to spend enough time and effort when you set up a network to ensure the network’s security is strong from the beginning. 141 Chapter 11 Securing Your Network . left pane and can then choose to download, add to a download cart, view within the web browser, rename, or even delete files. The user can also manage folders and upload new files. All file access. The ability to perform web-based file management through the SSL VPN; files that are managed might be hosted on Windows- or UNIX-based servers N Access to shared corporate applications that have. VPN, such as an accounting system N Access to Windows Terminal Services or Citrix sessions via the SSL VPN N Access to mainframe terminal sessions 138 Networking: A Beginner’s Guide While many of