A remote access point is a type of virtual private network used for connecting physically isolated clients or client networks to a larger, central system whenever a high level of security is a priority. For clarity, that “high level” would be anything requiring encryption. Granted, that isn’t a particularly difficult bar to clear nowadays when pretty much everything is encrypted by the way of SSL.
Using a remote access point is still considered to be an optimal practice, especially seeing how its deployment costs are minimal. Either way, a remote AP (the RAP abbreviation never caught on, for some reason) is traditionally used in one of two ways: it either allows a restricted client to access a different environment or allows a client from an external environment to access a private, internal network.
A different kind of a VPN
While we don’t usually think of VPNs as doorways or even keys to specific doorways, that latter application can definitely be described as such. It’s also the more popular of the two, by far. Subnets incorporating remote access points tend to be enterprise-owned and use distant APs in order to minimize the risk of having their most sensitive components compromised over the Internet.
Instead, most of us who had to take our corporate work home over the last year did so by remoting into company-specific apps and services. Those scenarios would near-unthinkable without VPNs acting as individualized access points. If every level-one tech support staffer required access to the entire company subnet just to clear a ticket about a password reset, there would have been an influx of companies getting hacked in the early days of last year’s stay-at-home economy.
A remote AP limits the risk by encrypting communications between a remote client and a given internal network. It does so respectively of any other cybersecurity measures on the remoter’s part. It’s hence quite possible to see this VPN application used in setups that end up involving more than one network address translation process.
As for the specific tunneling mechanics in place, they aren’t of vital importance to how remoting actually works. Meaning it doesn’t matter whether it’s L2TP, IPSec, or some other protocol that’s doing the encrypting. An incoming connection request will sometimes interface with a designated controller via the Internet before getting to a private network. At other times, the corporate firewall will be the one doing the forwarding, depending on the setup.
These same principles apply when you want your local users to communicate with the outside web, just in reverse. A remote AP can be used for obfuscating their true origin and minimizing the chances of painting a target over your system. Every individual approach has its advantages, but in practice, the choice will mostly come down to one’s existing capabilities. These days, many enterprise networking companies like Cisco offer two-in-one solutions for turning one or even multiple APIs on the edge of a belonging WLAN into VPNs. But simplicity often requires foresight and the way most enterprises like to budget for their IT needs is they don’t – unless they’re about five seconds away from a disaster. Remote AP deployments hence have a tendency to get complicated as the tech definitely falls under that “why are we paying for this” category in the eyes of your typical management.
Best practices aside, many industries have an obligation to use remote APs due to regulations. Perhaps the best-known U.S. example of such compliance scenarios is the Health Insurance Portability and Accountability Act. HIPAA was signed into law under the Clinton administration in ’96 for the explicit purpose of ensuring that digitalized medical records containing personally identifiable information are properly safeguarded. Remote APs play a big role in HIPAA compliance to this date.