Secure Dial-in Program lets IRS field teams connect over a virtual private network

Secure Dial-in Program lets IRS field teams connect over a virtual private network

By William Jackson

GCN Staff

The IRS is implementing a virtual private network that will let as many as 30,000 employees make secure dial-in connections from the field with their notebook PCs.

The Secure Dial-in Program is part of the IRS' modernization. The agency will use the SafeNet/Smart VPN from Information Resource Engineering Inc. of Baltimore to replace all the remote-access products now in use, such as Microsoft Windows NT Remote Access Server and SafeAccess Server from LeeMah DataCom Corp. of Fremont, Calif.

The various remote-access products were 'an organizational nightmare and very difficult to troubleshoot,' said Reginald McFadden, the IRS' acting director of architecture. Smart cards will encrypt the field users' transactions via the Data Encryption Standard and will authenticate the IRS' 72 regional points of presence. The connections will be routed over an intranet from dial-in point to authentication server.

The IRS has tested SafeNet/Smart in small pilots in its Southeast region. It plans to conduct larger pilots for the Northeast and for Washington headquarters. Plans call for installing up to 15,000 clients this year and assessing the traffic patterns and telecommunications costs.

First on the block

The IRS is on the cutting edge of using VPN technology for remote access, Information Resource Engineering chief executive officer Tony Caputo said.

They are into a substantial VPN deployment, and there are very few organizations into that,' Caputo said.

VPN projects over IP networks usually go slowly, he said, because 'any implementation of encryption on a packet network must be done carefully.' Encrypted routing data in a packet can bring a network down, he said.

The IRS chose SafeNet/Smart because it is standards-compliant and because the company has a track record of large implementations, McFadden said.

The tax agency had been using the company's products on its old X.25 network. The new-generation products for secure communications over TCP/IP place a smart- card token at the client end for continuous authentication during a session, as well as an encryption key. IRS users' notebook computers will have smart card readers in the PC Card slots.

Data will travel from each tester's dial-in point over the IRS intranet to the computer center in Martinsburg, W.Va., where each session will be authenticated.

We consider our intranet a trusted environment,' McFadden said. The intranet rides on the Treasury Department's WAN, supplied by AT&T Corp.

The initial 72 points of presence are likely to expand, McFadden said. Traffic patterns discerned during the start-up will help officials strike a balance between maximizing access points and minimizing telecom costs. But the VPN will not be the final remote-access project.

We have always considered this an interim solution,' McFadden said.

The service eventually will migrate to one integrated method of authentication for both remote access and intranet sessions, controlling file access according to user profiles, he said. The intranet now has a proprietary system for authentication; how an integrated system would work has not been determined.

It's part of the modernization blueprint,' McFadden said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.