Remote access is the ability to log on to a computer network from a “remote” location. Remote does not refer to physical distance, but rather locations that are not part of the configured network.
One conventional form of remote access is the virtual private network (VPN). A VPN is a network constructed by using public wires to connect divergent network nodes. A technique called tunneling enables establishment of the VPN. Tunneling enables one network to send its data via another network's connections. Tunneling encapsulates a first network protocol within packets carried by a second network.
A variety of mechanisms, such as encryption, are used to provide network security for access and data integrity. Another mechanism for network security is the use of authentication, authorization and accounting (AAA) services. AAA services control what computer resources users have access to and track the activity of the users on a network.
Authentication is the process of identifying an individual, usually based on a username and password. Authentication is based on the idea that each individual user will have unique information that sets him or her apart from other users.
Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username and password. The amount of information and the amount of services the user has access to depend on the user's authorization level.
Accounting is the process of keeping track of a user's activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there and the amount of data transferred during the session. Accounting data is used for trend analysis, capacity planning, billing, auditing and cost allocation.
Another aspect of network security is a firewall. The firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both software and hardware or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. There are several types of firewall techniques. A packet filter looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. An application gateway applies security mechanisms to specific applications, such as FTP and Telnet servers. A circuit-level gateway applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between hosts without further checking. A proxy server intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses. In practice, many firewalls use two or more of these techniques in concert.
When a user logs onto a network remotely, the user is generally logging on through a device called a concentrator. A concentrator is a type of multiplexor that combines multiple channels onto a single transmission medium in such a way that all the individual channels can be simultaneously active. For example, Internet Service Providers (ISPs) use concentrators to combine their dial-up modem connections onto fast T-1 lines that connect to the Internet. Concentrators are also used in local area networks (LANs) to combine transmissions from a cluster of nodes. In this case, the concentrator is often called a hub.