1. Field
This application relates generally to computer networks and more particularly, the invention relates to for providing secure on-demand remote access to protected computer systems.
2. Related Art
As computer networks grow in size and diversity, and with the recent growth of regulations for securing access to protected computer systems, it has become an ongoing challenge to provide secure on-demand access to those computers for support and maintenance. Once access is enabled, it is also difficult to restrict the remote user to specific destination device using the current models. Different manufacturers have different methods for management (e.g. command-line applications, web interfaces, and Java clients). To make things more complex, different vendors often implement methods for remote access that conflict with other vendors or their customers' policies. Network operators have standard remote access methods (e.g. virtual private networks and access control lists). The needs of the device or software manufacturer often do not meet the implementations of the network operator. Network operators usually need to combine several separate functions to provide this access. This may include access control lists, virtual private networks, and one-time passwords. The described functionality can combine elements of a proxy, one-time password server, and a dynamic firewall to enable secure ad-hoc remote access to internal network devices within a secured network. It simplifies remote access while eliminating common security issues and administrative overhead. Its primary use is for permitting remote access and file transfer, but it can also be used as an internal tool to enable granular access control to network elements. The system may be implemented on a dedicated server appliance, on a gateway device such as a router, firewall, or VPN concentrator, or integrated with the management software for the device or application itself.