Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Tools to help include extranet services within the perimeter

I want to provide a secure means for authentication for partners and remote customers by including extranet services within our perimeter. Are there any tools you can recommend that will help me provide this service in an integrated and secure manner?

Providing secure extranet and partner access is one of the more difficult things to do from a security perspective....

The issue really boils down to a question of control. In general, you don't have control over your extranet partners systems and yet they have access to your systems. This puts your network at risk.

The traditional method of providing authentication of partners and remote customers has been via VPN connections and either certificates or pre-shared keys. While this is an effective solution, it still leaves your network susceptible to risk -- even if a system is authenticated and using the VPN, a virus can still spread to your network. As a result, I have found myself more and more often recommending remote control solutions utilizing either Microsoft Terminal Services or Citrix MetaFrame to allow extranet partner access to resources. This allows you to provide all of the services, including authentication, to your extranet partner while leaving your network completely insulated from the partner system. In fact, when using Citrix Secure Gateway the extranet partner accesses your network using a Web browser, allowing you to reduce the amount of ports you need to open in your firewall. The traffic is also completely proxied by the Secure Gateway, further ensuring that your network is secured from partner systems you can't control.

This was last published in December 2004

Dig Deeper on Network intrusion detection and prevention and malware removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.