Remote Access for Small Business Networks
Posted by Timothy Platt on Dec 6, 2017
How To Provide Remote Access for Small Business Networks
Today we’re going to talk about providing secure remote access to your business’ network. Why would you want to do this? To allow employees to work remotely – and to let them have access to the servers, applications, and file shares they use regularly. This is great not only for occasional use outside of the office, such as on the weekend, or when on business travel, but also for allowing remote employees, such as those in a branch office or other satellite location, to work effectively every single day. Lastly, you may have a special project or other need where a consultant or contractor requires temporary, secure access to your network. Being able to provide remote access can greatly decrease the need for travel (and physical space considerations), and therefore helps to reduce cost.
Ok, so remote access is helpful, and is a key efficiency and productivity advantage for your business. How can we accomplish this, and keep things secure? There are predominantly two ways to provide remote access: By using a Virtual Private Network (VPN) or a remote desktop access program, such as LogMeIn, TeamViewer, or GoToMyPC. Both methods have advantages and disadvantages, so we’ll contrast them and give you some pointers to help you decide which option best fits your situation.
Use a Virtual Private Network (VPN)
A Virtual Private Network (VPN) is normally provided as a capability of your internet firewall. With the use of client software installed on your PC, Mac, or mobile device, it allows your “endpoint” to create a secure, encrypted tunnel over the internet back to the office network, on demand. The encryption part of this solution is a key concept – as your business information traverses the internet, it’s going to pass through systems controlled by other entities – routers, gateways, etc. And if that information is not securely encrypted (being sent in “clear text”), it’s possible one of these intermediaries could read that information. Encryption prevents that, as it requires the two end points to negotiate keys that are subsequently used to ensure the connection is encrypted – the information is encoded via mathematical cryptographic algorithms. This ensures the information can only be read by the appropriate receiving party, but also ensures that the message can’t be modified (or corrupted) in transit.
Is someone snooping on your internet traffic a legitimate concern? Yes, it absolutely is. The insights from the Wikileaks Vault 7 document dump provide a fascinating view into this topic. These network snooping and other tricks can be in use by anyone – nations, cyber-vandals, or cyber-criminals motivated by profit, etc.
Once the encrypted tunnel is initiated, it’s as though your remote PC is plugged in directly on the office local area network (LAN). Servers, applications, and file shares will all be accessible. The speeds will be slower, because all the traffic must go back and forth over the Internet, but otherwise it will feel as though you are in the office.
The other key aspect of VPN security is authentication. The firewall has got to only allow access to those people who are authorized for access. Therefore, you’ve got to be able to prove to the firewall who you are, in a secure fashion, that can’t be abused by an attacker. This is called authentication. To authenticate to the network, there are normally a variety of options. Pre-positioned digital certificates can be used, which allow the firewall to recognize your machine and identity, and therefore allow access, in a relatively transparent fashion. Additionally, username and password is also possible. This option can potentially be integrated with your business’ Active Directory (AD) domain or other identity solution as well. When this is done, your users can use the same network account password they use in the office. Lastly, many of these solutions also support Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA). And lastly, all these methods can be combined, to provide the utmost in security.
Enterprise grade and small business firewalls, such as those from Fortinet, Cisco, and Palo Alto, normally provide this VPN feature. Sometimes there are additional licensing costs to utilize the feature, and as mentioned, it will require a VPN client to be installed and configured on the remote machine. This process is normally easy, but it is an extra step. Lastly, setting up the VPN feature of the firewall, ensuring it is configured securely, and integrating with your authentication source (such as Active Directory), will require a reasonably skilled network engineer. This isn’t the sort of solution you will likely want to setup on your own.
If your firewall doesn’t provide a VPN feature, an alternative option is open source software – OpenVPN is a widely used, secure, and freely available program. It runs on a server and allows you to use that server as the VPN gateway to which the client connects. Please note that with this method, you’ll have to enable port forwarding, so that the internal server is reachable through the firewall, from the Internet.
Popular reasons to use the VPN method:
- You’ve got an enterprise or small business class device that supports this feature.
- You need a high level of security and authentication integrated with other systems.
- You would like to have your remote access solution integrated with your source of identity, ensuring when an employee is “off boarded” their ability to access the network is also terminated.
- Doesn’t require a computer in the office to be on and available for a remote worker. This point may make more sense once you’ve read the next section…
- Proper setup and configuration will likely require some expertise. You don’t want a misconfigured device to compromise network security.
These solutions aren’t perfect, and historically there have been known bugs and issues that allowed other parties to access the network, or to snoop even on encrypted traffic. This is why it’s important to review and apply security updates (in the form of VPN Client software updates, and device firmware upgrades) regularly.
Use a Remote Access Program
The other popular option is a remote desktop access tool, such as LogMeIn, TeamViewer, or GoToMyPC. These solutions provide a very similar capability, but in a different way. For starters, you’ll be connecting to your running machine at work – meaning it’s got to be powered up, and connected on the network. But because of that, you’ll have all the applications, mapped drives, shortcuts, and other items easily available – you’ll have your desktop and all its familiar settings easily accessible. You’ll literally feel as though you are working on your machine in the office.
The remote access software is effectively transmitting a view of the desktop of the remote machine to your computer – and this is done in a very efficient manner – on a good internet connection, you’ll feel just like you are in the office. What’s more, you can utilize any special hardware that your machine may have – editing videos or doing graphics work is quite feasible, in many cases.
And lastly, these remote desktop access programs provide the same secure, encryption technology just like a VPN. Nothing is transmitted in clear text.
Popular reasons to use this method
- It’s much less IT intensive. You can typically install and configure one of these programs with minimal effort. This is because the technology is targeted to small business and consumers, and it’s very easy to use.
- You are effectively using your regular machine, so everything you need is already installed and feels familiar.
- What’s more, you can utilize any special hardware, such as special graphics cards.
- You can access your Windows machine from a Mac, or vice versa. If you use a Mac as your home computer, it might be easier to work with your business files on Windows, like you use in the office.
- There’s usually very little setup on the remote end – meaning you can typically access your work machine from anywhere there’s Internet and a web browser. This might be helpful if you are using a friend’s or family member’s computer and need to access something urgently.
- These services will cost money, usually as part of a subscription.
- Requires your office machine to be powered on and connected to the network – otherwise you can’t reach it!
- Make sure you are using any provided screen blanking option, otherwise anyone in the office with a view of the office computer monitor is going to be able to observe what you are doing! This reason alone might be a security show stopper… it all depends on the level of security your business must have.
- You must trust a 3rd party service to secure and prevent any unauthorized use of your desktop. There have been instances of these publicly available services being targeted by hackers. That isn’t to say the same thing can’t happen to your VPN, but some of these services are a big, juicy target. If the hackers can find a way in, they can potentially compromise many, many machines.
Other Options – Cloud Storage of Files
Beyond these two methods, there are other options, that may apply in some situations. Are you really trying to simply share access to files? A cloud based file syncing solution such as OneDrive or Google Drive may be easier to use, and less of a security risk. These solutions allow you to maintain a synchronized copy of your work files on multiple computers. This option can work for multiple users as well, you can share the cloud files with other people in your company – giving them read, or read and write access. Of course, you’ll need the appropriate software installed on both machines to edit the files. Cloud services, such as Office 365, offer many other benefits, as we discuss in this article.
Get Help from the Computer Support Experts
In summary, providing remote access to your business network can be fulfilled by implementing a VPN, or using a remote desktop access program. For more limited capabilities, but with less hassle, a cloud storage based solution may help as well.
We hope this information has been helpful. Knowing what option is best for you requires understanding your goals and needs. And remember, we’re here to help. Give us a call at (407) 268-6626 today.
IT Support by Virtual Operations
Virtual Operations provides IT support for small businesses in the Orlando and Central Florida area. Our managed IT services offering provides the expertise and quality care your small business needs. Please contact us today to find out how we can help with your computer support and network support needs.