Securing DialIn Access

This chapter examines how to secure the dial-in connections coming into the corporate network. Often, corporate networks encompass both privately connected dial-in infrastructures (direct dial-in) and public data infrastructures (virtual dial-in) from Internet service providers (ISPs) to deliver remote access to corporate users. Dial-in access for a corporate network usually includes access between corporate branches located in different geographic regions, telecommuters, and mobile users.

The direct dial-in access can be by way of public switched telephone networks (PSTN)---for example, modem lines, frame relay, ATM, T1/T3 circuits, or ISDN. A sample dial-in environment is shown in Figure 10-1; notice that there are branch offices connected with T1 lines, mobile users dialing in with modems, and telecommuters dialing in using ISDN BRI.

Figure 10-1: A Sample Dial-In Access Environment

Another way corporations provide dial-in access is by partnering with an ISP and using the ISP's public infrastructure to provide network access. This concept of virtual dial-in is shown in Figure 10-2. For this model to work in a secure manner, tunneling technologies, such as GRE, L2F, L2TP, or IPsec, must be used to provide secure access back to the corporate network.

Figure 10-2: Dial-In Access Using the Internet

The following sections look at both the direct dial-in and the virtual dial-in scenarios and examine ways that various protocols can be applied.

Note The example configurations given are specific to Cisco Systems equipment; however, many of the functions shown can also be used with other vendors' products if they are available.

0 0

Post a comment