Chapter 17

Connecting from Home

In This Chapter

Accessing your e-mail with Outlook Web Access

Using a virtual private network

A typical computer user takes work home to work on in the evening or over the weekend and bring back to the office the following weekday. This arrangement can work okay, except that exchanging information between your home computer and your office computer isn’t easy.

One way to exchange files is to mark them for offline access, as I describe in Chapter 3. However, this approach has its drawbacks. What if someone goes to the office on Saturday and modifies the same file you’re working on at home? What if you get home and discover that the file you need is on a folder you didn’t mark for offline access?

What about e-mail? Offline access doesn’t give you access to your company e-mail account, so you can’t check whether you have mail in your Inbox or send mail from your company e-mail account.

This chapter introduces two features that can alleviate these problems. The first is Internet-based access to your e-mail via Outlook Web App (OWA) in Microsoft Exchange. The second is the virtual private network (VPN), which lets you connect to your network from home as though you were at work so that you can safely access all your network resources as though you were locally connected to the network.

Using Outlook Web App

Most people who connect to their office networks from home really just need their e-mail. If the only reason for accessing the office network is to get e-mail, try this simple, easy tool: Outlook Web App, also known as OWA. This Microsoft Exchange Server feature can access your company e-mail from any computer that has an Internet connection. The remote computer just needs a web browser and an Internet connection; no VPN or other special configuration is required.

The best part is that you don’t have to do anything special to enable OWA; it’s enabled by default when you install Microsoft Exchange. Although you can configure plenty of options to improve its use, OWA is functional right out of the box.

To access OWA from any web browser, just browse to the address designated for your organization's OWA. The default address is the DNS name of your mail server, followed by /exchange. For example, for the mail server smtp.lowewriter.com, the OWA address is smtp.lowewriter.com/exchange.

The connection must use the secure version of the normal HTTP web protocol. You must type https:// before the OWA address. The complete address will be something like https://smtp.lowewriter.com/exchange.

When you browse to your OWA address, you’re prompted to enter a name and password. Use your regular network logon name and password. OWA appears in the browser window, as shown in Figure 17-1.

Figure 17-1: OWA looks a lot like Outlook.

If you’re familiar with Outlook, you’ll have no trouble using OWA. Almost all Outlook features are available, including your inbox, calendar, contacts, tasks, reminders, and even public folders. You can even set up an Out of Office reply.

One difference between OWA and Outlook is that there’s no menu bar across the top. However, most of the functions that are available from the menu bar are available elsewhere in OWA. If you can’t find a feature, look in the Options page, which you can reach by clicking Options at the bottom left of the window. Figure 17-2 shows the Options page. From here, you can create an Out of Office reply, set your signature, and change a variety of other options.

Figure 17-2: Set OWA options here.

Using a Virtual Private Network

A virtual private network (VPN) is a type of network connection that creates the illusion that you’re directly connected to a network when in fact, you’re not. For example, suppose you set up a LAN at your office, but you also occasionally work from home. But how will you access the files on your work computer from home?

You could simply copy whatever files you need from your work computer onto a flash drive and take them home with you, work on the files, copy the updated files back to the flash drive, and take them back to work with you the next day.

You could e-mail the files to your personal e-mail account, work on them at home, and then e-mail the changed files back to your work e-mail account.

You could get a laptop and use the Windows Offline Files feature to automatically synchronize files from your work network with files on the laptop.

Or you could set up a VPN that allows you to log on to your work network from home. The VPN uses a secured Internet connection to connect you directly to your work network, so you can access your network files as if you had a really long Ethernet cable that ran from your home computer all the way to the office and plugged directly into the work network.

Here are at least three situations in which a VPN is the ideal solution:

Workers need to occasionally work from home (as in the scenario just described). In this situation, a VPN connection establishes a connection between the home computer and the office network.

Mobile users — who may not ever actually show up at the office — need to connect to the work network from mobile computers, often from locations like hotel rooms, clients’ offices, airports, or coffee shops. This type of VPN configuration is similar to the home user’s configuration except that the exact location of the remote user’s computer is not fixed.

Your company has offices in two or more locations, each with its own LAN, and you want to connect the locations so that users on either network can access each other’s network resources. In this situation, the VPN doesn’t connect a single user with a remote network; instead, it connects two remote networks to each other.

Looking at VPN security

The V in VPN stands for virtual, which means that a VPN creates the appearance of a local network connection when in fact the connection is made over a public network — the Internet. The term tunnel is sometimes used to describe a VPN because the VPN creates a tunnel between two locations, which can be entered only from either end. The data that travels through the tunnel from one end to the other is secure as long as it’s within the tunnel — that is, within the protection provided by the VPN.

The P in VPN stands for private, which is the purpose of creating the tunnel. If the VPN didn’t create effective security so that data can enter the tunnel only at one of the two ends, the VPN would be worthless; you may as well just open your network and your remote computer up to the Internet and let the hackers have their way.

Prior to VPN technology, the only way to provide private remote network connections was through actual private lines, which were (and still are) very expensive. For example, to set up a remote office, you could lease a private T1 line from the phone company to connect the two offices. This private T1 line provided excellent security because it physically connected the two offices and could be accessed only from the two endpoints.

VPN provides the same point-to-point connection as a private leased line, but does it over the Internet instead of through expensive dedicated lines. To create the tunnel that guarantees privacy of the data as it travels from one end of the VPN to the other, the data is encrypted using special security protocols.

The most important of the VPN security protocols is Internet Protocol Security (IPSec), which is a collection of standards for encrypting and authenticating packets that travel on the Internet. In other words, it provides a way to encrypt the contents of a data packet so that only a person who knows the secret encryption keys can decode the data. And it provides a way to reliably identify the source of a packet so that the parties at either end of the VPN tunnel can trust that the packets are authentic.

Another commonly used VPN protocol is Layer 2 Tunneling Protocol (L2TP). This protocol doesn’t provide data encryption. Instead, it’s designed to create end-to-end connections — tunnels — through which data can travel. L2TP is actually a combination of two older protocols: Layer 2 Forwarding Protocol (L2FP, from Cisco), and Point-to-Point Tunneling Protocol (PPTP, from Microsoft).

Many VPNs today use a combination of L2TP and IPSec: L2TP over IPSec. This type of VPN combines the best features of L2TP and IPSec to provide a high degree of security and reliability.

Understanding VPN servers and clients

A VPN connection requires a VPN server — the gatekeeper at one end of the tunnel — and a VPN client at the other end. The main difference between the server and the client is that the client initiates the connection with the server, and a VPN client can establish a connection with just one server at a time. However, a server can accept connections from many clients.

Typically, the VPN server is a separate hardware device, most often a security appliance such as a Cisco ASA security appliance. VPN servers can also be implemented in software. For example, Windows Server includes built-in VPN capabilities even though they’re not easy to configure. And a VPN server can be implemented in Linux as well.

Figure 17-3 shows one of the many VPN configuration screens for a Cisco ASA appliance. This screen provides the configuration details for an IPSec VPN connection. The most important item of information on this screen is the Pre-Shared Key, which is used to encrypt the data sent over the VPN. The client will need to provide the identical key in order to participate in the VPN.

Figure 17-3: An IPSec configuration page on a Cisco ASA security appliance.

A VPN client is usually software that runs on a client computer that wants to connect to the remote network. The VPN client software must be configured with the IP address of the VPN server as well as authentication information such as a username and the Pre-Shared Key that will be used to encrypt the data. If the key used by the client doesn’t match the key used by the server, the VPN server will reject the connection request from the client.

Figure 17-4 shows a typical VPN software client. When the client is configured with the correct connection information (which you can do by clicking the New button), you just click Connect. After a few moments, the VPN client will announce that the connection has been established and the VPN is connected.

Figure 17-4: A VPN client.

A VPN client can also be a hardware device, like another security appliance. This is most common when the VPN is used to connect two networks at separate locations. For example, suppose your company has an office in Pixley and a second office in Hooterville. Each office has its own network with servers and client computers. The easiest way to connect these offices with a VPN would be to put an identical security appliance at each location. Then you could configure the security appliances to communicate with each other over a VPN.