Issue link: https://epubs.iltanet.org/i/58400
Remote Access for the Small Law Firm of the Remote Control Services and at no cost beyond configuration time, with the exception of the purchase cost of the CALs, if you choose to access a server instead of a desktop. Once the client and service are configured, a shortcut can be created and shared with the host name or IP address. Once connected, the user is presented with a Windows login screen that should be familiar to enter their standard username and password. Once authenticated, they'll be presented with their desktop. The interface window can be resized to be smaller or take over the whole screen. The main flaw with this solution is that if you enable access directly from the Internet, it leaves the network open to external threats. It doesn't take a very sophisticated attack to crack basic passwords. Once a hacker identifies an open port, they can easily run a "dictionary" attack, which methodically tries the most commonly used passwords first and then starts trying common English words and all their spelling permutations (for example, five of the 10 most commonly used passwords have "12345" in them). But there are ways to secure the connection by limiting access through a hardware firewall. The drawback to this method is that you usually have to know the IP address you are connecting from and most of those change daily. You can also require stronger passwords of at least 8 characters (including upper- and lowercase letters, numbers and symbols) that change every 90 days. If you like Terminal Services/RDP but are concerned about the security risks, a virtual private network (VPN) might be the solution for you. Secure Virtual Private Networks Virtual private networking uses public networks (the Internet) to provide remote users access to the firm's network as if their device was directly connected. The current trend for remote access is to have a secure VPN appliance in place, sometimes called a Secure Socket Layer (SSL) VPN, to authenticate remote users. Some SSL VPNs are separate appliances that are dedicated to the task, while others — designed for smaller networks — are integrated with the firm's firewall. Either way, they act in a similar manner and appear the same to remote users. You may be familiar with SSL from shopping websites like Amazon and Target. When making a purchase, your browser will put a padlock icon on the page to indicate the site is using SSL to encrypt and secure your session. SSL VPN is very similar in that it uses Web pages as the login portal. This adds flexibility and ease of use because you can access the firm's network from any PC or Mac that has a Web browser and Internet access. No more toting around a laptop with the VPN client installed! To use SSL VPN, the user connects to a portal page that can be customized with your firm's logo and logon fields to enter their username, password and domain (if you have integrated it with your Windows domain). Once authenticated, depending on the appliance vendor, the user will see a list of accessible resources, including Outlook, Terminal Services sessions and file shares. Users can also be connected so the remote PC acts like it is physically connected to the office network. This allows a mobile user to run applications directly from their remote laptop. This type of direct connection may be slow or fast depending on the Internet connection at your office and from your remote connection. This is a very simple and powerful method for remote access to data, and it is considered a best practice for small law firms. SSL VPNs are very reasonably priced and, if configured properly, are very easy for end users to navigate. So Which One Should I Use? Determining which method works best for your small firm will make it easier for your attorneys and staff to securely access the data they need, when they need it. Everyone will benefit from this added functionality and flexibility. ILTA White Paper 47