Enabling Remote Access

Today’s mobile employees need remote access but what’s the best way to provide it — RDP or VPN?

Remote Access

You can’t blame IT managers for wanting to lock down access to the network, given the endless barrage of sophisticated security threats they must attempt to thwart. However, increasing numbers of mobile employees need anytime, anywhere access to mission-critical applications and data. Organizations must find ways to provide that access without compromising security.

There are a number of ways to connect to the company network from outside. Two of the most common methods are Remote Desktop Protocol (RDP) and Virtual Private Networking (VPN). Many people tend to think they’re the same because they accomplish the same goal. However, there are major differences between the two and which you choose depends upon a number of factors.

A Tale of Two Protocols

RDP was developed by Microsoft and has been included with every version of Windows starting with Windows 2000. It allows a user to access and control a specific remote computer. The user can view the remote desktop, control the keyboard and mouse, run applications and access data located on that computer’s hard drives. The user may be able to access open network resources connected to that computer but not necessarily all of that computer’s network connections.

With RDP, only screens are transmitted from the remote computer — files and applications are accessed locally on the network by the remote machine. As long as you have sufficient bandwidth, RDP is a low-cost, easy-to-use method for accessing a remote desktop.

VPN is very different. A VPN enables access to an organization’s private network by establishing a secure connection over a public network such as the Internet. Those network resources may or may not include the hard drive of a particular machine. Files and applications are transferred over the VPN connection for processing on the local machine running the VPN client.

There are two types of VPNs: remote access VPNs and site-to-site VPNs. Remote access VPNs enable one user to access the network from any location with Internet access. Site-to-site VPNs enable multiple users in a fixed remote location, such as a branch office, to connect to the network.

Into the Tunnel

VPNs establish encrypted “tunnels” for communication over the public Internet, providing end-users with highly secure access to network resources as if they were physically connected to the corporate LAN. Traditionally, companies used VPNs based upon the IP Security (IPSec) suite of protocols. However, IPSec VPNs require that client software be installed on the end-user’s machine — software that is notoriously difficult for the IT department to manage and the end-user to operate. In addition, IPSec VPNs often require a special firewall configuration to allow public IP addresses to come through.

SSL-VPN technology makes secure remote access easier for both end-users and network administrators. It combines Secure Sockets Layer — the encryption and authentication technology built into every Web browser — with access control, policy enforcement and other tools to create secure connections via the public Internet. SSL-VPNs come with fewer headaches than IPSec VPNs, making it easier for organizations to provide remote access without increasing security risks or IT support woes.

With SSL-VPNs, the remote user’s interface is a standard Web browser. There’s no learning curve because almost all users are familiar with browsers, and the IT department doesn’t have to install and maintain any client software. What’s more, the end-user can access the network from any Internet-connected device.

Complementary Solutions

RDP and VPN have different sets of advantages and disadvantages. The latest RDP solutions encrypt data and can be fairly secure if strong passwords are used. However, RDP can be subject to a so-called “man-in-the-middle” attack in which a hacker tricks the remote machine into providing the user’s credentials. An RDP connection can also be quite slow, making it nearly impossible to use in situations with low-bandwidth or lots of network traffic, and difficult to troubleshoot when things go wrong. On the other hand, RDP would be a faster solution for applications that require large files to be transferred.

VPNs are easier to troubleshoot and enable access to multiple resources on the network. Because they validate the server through certificates, they are not subject to man-in-the-middle attacks. Every file the user accesses needs to be transferred over the VPN connection to the local machine, and the need to encrypt and decrypt data makes a VPN slower than the LAN. On the other hand, only network resources rely on the VPN connection; all the work is done by the local machine.

Security concerns notwithstanding, RDP is a great tool for giving end-users remote access. As a result, organizations often combine the two technologies to provide greater security and more flexibility. This solution is also preferable if multiple users need remote access.

As mobility continues to increase, organizations need to find ways to give employees remote access to resources within the network. Armed with an understanding of the differences between RDP and VPN, organizations can choose the right remote access technologies to meet business needs and security requirements.