Client VPN Troubles: Navigating Security Pitfalls with DirectAccess

Atari Pitfall Image

 In recent years there has been a shift in how we work; a redefinition of the workplace. Working remotely, either from home or while traveling, has become increasingly popular and necessary. With this ever-growing mobile workforce comes the challenge of maintaining corporate standards on user PCs. The challenge is to provide workers the ability to access corporate resources from anywhere – without sacrificing your company’s security posture.

As recently as the 1990’s, administrators didn’t have to worry about their computers leaving the safety of the corporate network. Security concerns were limited to properly managing points of ingress/egress with basic firewalls, web proxy servers, and email servers handling the majority of the workload. Fast forward to the new millennium and the adoption of remote access VPNs. Users suddenly had the flexibility of taking their PCs home with them, making it possible to be productive from nearly anywhere. But this increased productivity came at a cost. It was now possible for previously sheltered corporate systems to get onto any convenient (and possibly unsavory) network. Administrators were faced with the challenge of balancing ease of use and productivity with maintaining proper security.

Improvements in anti-virus programs, software firewalls, and advanced security features in remote VPN clients have helped mitigate the added risk of a remote workforce. However, the ability to enforce many of these security enhancements is limited to the frequency and/or willingness of individual users to remotely connect and get updated instructions from the corporate network.

So what is an administrator to do? One option gaining in popularity is Microsoft’s DirectAccess VPN solution. This concept aims to help administrators regain the ability to manage remote PCs as if they were still on the corporate network. With DirectAccess VPN, connectivity is established passively as soon as the user turns on their PC and connects to a network with Internet access. Before the user ever logs on, their computer is already connected and receiving updates to group policies, anti-virus definitions, and other centrally controlled software and policies. No longer do administrators have to worry about that rogue sales laptop.  You know, the one that connects once a year and brings with it twelve months of viruses, malware, and illegally installed software? Now, even that PC is managed as if it was sitting on your safe, controlled corporate network.

That’s not to say DirectAccess is the solution to every problem. There will always be things we as administrators can’t control. And yes, our remote PCs are still migrating from network to network; constantly being bombarded by hackers, viruses, and other less than virtuous individuals. But at least now with DirectAccess, administrators have a fighting chance to protect their users, no matter where they choose to work.