Why Replace Your IPSec for Remote Access

To reduce administrative complexity and cost, organizations commonly implement unacceptably open remote access security policies. Open access means that a remote user is granted access to any resource once he is authenticated, irrespective of location, access method, and device.

This is a common practice among IPsec remote access deployments. IPsec’s access controls were designed to secure IP traffic between trusted networks when packets traversed untrusted networks. The same policy mechanisms are inadequate for implementing user access to individual file shares and hyperlinks, or to block specific commands and actions within individual applications like FTP. When IPsec VPN administrators attempt to define strict access controls for remote access, the number of policies quickly grows unmanageable but still doesn’t provide the granularity of control needed. VPN administrators have little alternative but to fall back on the trustworthiness implied from user authentication, and allow users to see everything on the network. SSL VPN administrators have more granular controls at their disposal, but when faced with a myriad of access networks, end point devices, and use cases, they too may define simpler/broader policies than business needs and security regulations dictate.