VPN Client with Integrated Personal Firewall

 

The dilemma of system requirements may be resolved by a VPN solution with a client-integrated personal firewall. The advantage of the integrated variant is that a personal firewall and VPN client are functionally linked to one another. In a quasi-teamwork fashion, the existing firewall rule statements are dynamically activated with dependence on the network environment. Fundamentally, three situations may be differentiated: known networks, unknown networks and VPN networks.

Automatic recognition of the network takes place by validating different network factors. In friendly networks, permissive firewall rules apply as they do in public environments such as the hotspot. The personal firewall must work with intelligent mechanisms that guarantee a secure activation of network access via the browser, as well as a secure registration on the hotspot. The user chooses the menu point "hotspot registration" in the welcome area of a public WLAN. Subsequently, the VPN client automatically searches the hotspot and opens the Web site for registration in a standard browser. For example, after successful entry of access data and activation by the operator, the VPN connection can connect to the company headquarters and communicate as securely as it would in an office.

In this manner, the PC is accessible in the WLAN in no time. Plus, there are ports dynamically assigned for HTTP/HTTPS for registration and logging off the hotspot. During this time, only data traffic is possible with the operator's hotspot server. Unnecessary data packets are refused. In this way, it is guaranteed that a public WLAN can use the VPN connection at the central data network and no direct Internet access can take place.

Inspection of security-relevant parameters

Another important component of the implementation of companywide security directives for mobile computing on hotspots is central management of client software. With central security management, the administrator also fundamentally determines the client's firewall rules. It can enforce adherence in which the user allows no on-site possibility of an intended or unintended change. Additionally, further security-relevant parameters such as the status of virus protection programs, operating system patch status and software release of the VPN client must be inspected upon connection to the company network. Access to the productive network is only authorized after the clearance of all security risks.

Be secure with a personal firewall and user authentication

A prerequisite for secure remote access in WLANs is end-to-end security, with dynamic interlocking security technology. The use of a VPN client with an integrated, intelligent personal firewall and strong user authentication is state-of-the-art in this scenario. The firewall rules must automatically adapt to registering onto and logging off the hotspot. They must be inspected within the framework of an integrated endpoint security system with each connection. Only in this way can administrators and users be consistently sure that they are securely sealing off terminal devices and data, and signing off the company network.

 John Gates is a programmer and private consultant with over eight years of experience in the information technology field. He is owner of Dimante Computer Services. He also serves as manager of information systems for a high school district in Illinois. Over the years, John has worked as a consultant for financial institutions and small businesses. He specializes in the deployment of secure remote access solutions for numerous client locations. John can be reached at dimante@dimante.net.