Problem solve Get help with specific problems with your technologies, process and projects.

Securing the intranet with remote access VPN security

Connecting remote offices with the main branch can be done many ways, but for those companies looking at tightly securing their intranet, they may need to consider remote access with VPN security. Learn more in this expert response.

Our business has a main office in the city and a branch office about 150 miles away. We need a highly secure corporate intranet. Conventional wisdom seems to say that we should have a single, firewalled and highly secure point of connection to the global Internet, probably at the main office. Is there a different, better configuration? What security-related factors should I take into account when considering different configurations?

The strategy you outline is a common one and allows network communications to be carefully controlled at a single point; however, it also poses some challenges. First, it increases network latency (which will be noticeable to users) by forcing all of their traffic through the central office. Second, it creates a single point of failure. If the central office loses network connectivity, the remote office will go down as well. This isn't a great topology, especially if you consider the remote office a potential backup site for the central office.

I'd suggest establishing an Internet connection at both offices and using VPN technology to create a secure tunnel between the two for interoffice communication. Supplement that with similarly configured firewalls and content filtering at both locations. That strategy should adequately secure both sites without the drawbacks identified above.

For more information:

This was last published in August 2009

Dig Deeper on Secure remote access