Communication Security: Remote Access and Messaging • Chapter 3  117

                 Remote Access VPN

                 A remote access VPN, known as a virtual private dial-up network (VPDN), differs
                 from a site-to-site VPN in that end users are responsible for establishing the VPN
                 tunnel between their workstation and their remote office.An alternative to con-
                 necting directly to the corporate VPN is connecting to an enterprise service
                 provider (ESP) that ultimately connects them to the corporate VPN.
                    In either case, users connect to the Internet or an ESP through a point of pres-
                 ence (POP) using their particular VPN client software. Once the tunnel is set up,
                 users are forced to authenticate with the VPN server, usually by two or three factor
                 authentication.

                 Figure 3.3 Client Workstation Establishes a VPN Tunnel to Remote Host



                                                        Internet

                                           Client requests
                                            connectivity






                                                        Internet


                                                              VPN / Firewall responds
                                                              upon valid authentication






                                                Tunnel across the Internet






                 RADIUS


                 As noted in the discussion about 802.1x, users need a centralized entity to handle
                 authentication. Initially, RADIUS was created by Livingston Enterprises to handle
                 dial-in authentication.Then its usage broadened into wireless authentication and




                                                                              www.syngress.com