|
Providing quality systems and comfort in the use of Internet networking is very important to the longevity of a business. With the Internet having grown to host websites ranging from cooking classes to major corporations, the Net has all sorts of travelers on the cyber-highway.
Last week we introduced the topic of network security, and in this article we will look at: providing worldwide connectivity to mobile and remote users, using the Internet to lower WAN data communication costs, providing business partners with selective network access through a secure extranet, and guaranteeing secure network performance, reliability and availability.
Providing Worldwide Connectivity
The Internet offers tremendous cost advantages for remote user connectivity when compared with traditional remote access solutions requiring large modem banks and expensive dial-up phone connections. Securing these mission-critical communications becomes crucial as more and more companies deploy Internet-based Virtual Private Networks (VPNs) to connect remote and mobile workers to the corporate network.
There are two main components that must be in place to ensure the privacy of enterprise data as it travels over public networks like the Internet.
First, the identity of both the remote client and of the corporate Internet gateway
must be authenticated in the strongest manner possible.
Second, once these identities are confirmed, all sensitive data transmitted
between client and gateway must be encrypted for privacy in transit.
Just as importantly, both the authentication and encryption capabilities must integrate seamlessly with existing network security solutions. Network security measures, such as access control, are just as vital for VPN communications as for traditional network traffic. Simply because a remote user is able to establish a VPN connection back to the corporate network does not imply that they should be able to access all network resources.
Network security managers must provide manageable and easy-to-use VPN solutions when the demand for remote network connectivity grows. The solution must be easy to deploy and administer for potentially large numbers of remote clients and it must be as seamless and transparent as possible for end users to progress beyond a pilot deployment.
Using The Internet To Lower WAN Data Communication Costs
Site-to-site VPNs enable enterprises to leverage the Internet to dramatically reduce the costs of connecting offices. Strong authentication and data encryption capabilities allow enterprises to move business communications away from expensive frame relay or leased line networks to the Internet while preserving data security.
As a result of strong authentication and encryption for connecting disparate sites and remote access solutions, new management issues arise. The first lies in managing hardware and software at multiple locations that may not have experienced IT staff onsite. Efficiency and security are maximized when a single enterprise-wide VPN policy can be defined and managed from a central management console. This eliminates the need for a separate security policy for each site.
While the cost savings of Internet VPNs are compelling, migrating business communications from private, dedicated networks to the Internet can produce unpredictable and unreliable performance. Integrated bandwidth management to prioritize critical traffic within a VPN and high availability to deliver fault tolerance can lessen many performance concerns of Internet-based communications.
Providing Selective Network Access Through A Secure Extranet
Extending the enterprise network to key business partners, such as suppliers, strategic partners and customers through extranet applications is the next issue after securing private networks. Achieving extranet interoperability requires strict adherence to industry standard protocols and algorithms. Reliance on proprietary technology will doom any VPN deployment from the beginning.
The accepted standard for Internet-based VPNs is the Internet Protocol Security (IPSec) standard. IPSec defines the format of an encrypted and authenticated IP packet, and is required for the next generation of IP communications. To automate the management of encryption keys, IPSec is often used with the Internet Key Exchange (IKE).
The extranet VPN must be implemented so that external partners are granted access only to the specific resources they need, such as particular application servers. We should stress here the importance of integrating the enterprise VPN into enterprise security policy, providing fine-grained access control so that extranet partners only access authorized network resources. When a corporate network is opened to increasing numbers of external users, enterprise needs to ensure resources are protected by a comprehensive, robust, policy-based enterprise security solution.
Guaranteeing A User-Friendly Network
Increased Internet usage for business communication produces network congestion, which can adversely affect the performance of mission-critical applications. The benefits of connectivity will not be fully realized if users suffer from poor response times, gateway crashes or other network delays/failures.
Oversubscribed Internet and intranet links can result in significant traffic congestion causing increase latencies, lower throughputs and dropped connections. Advanced bandwidth management can alleviate these potential problems by actively controlling the allocation of limited bandwidth resources. Critical traffic can be prioritized over discretionary traffic to ensure that bandwidth utilization is in alignment with enterprise goals.
Public web servers may become overwhelmed with connections whence the enterprise experiences increasingly higher traffic loads. Reliance on a single server can result in poor response times or even failed connections. Server load balancing provides a scaleable solution to this problem by allowing a single application server to be replaced by a pool of servers. The traffic load can then be distributed among the individual servers for improved performance.
Even with adequate performance, enterprise must provide a reliable network infrastructure that can withstand the failure of a network gateway. Companies cannot afford even momentary losses of network connectivity due to a gateway failure. Fortunately, fault tolerance is supported with many network security products.
Fault-tolerant solutions guarantee that your network is secure and available virtually 100% of the time through hardware and software redundancy, clustering or a combination of the previous solutions. When a failure does occur, the fault-tolerant components ensure that your network is secure and that connections are maintained in a manner that is completely transparent to end-users. Efficient solutions provide internal and external users on Intranets and extranets with a reliable service while providing network administrators with maximum security and easy-to-use tools.
|
