The connection is encrypted with a 256-bit stream cipher and has no possibility of third-party attacks because the connection is made outbound from the corporate network and is secured with a packet-level network firewall. There are no firewall ports open to inbound external access because the firewall is contained in the
Tehama Room. The compute infrastructure has no default access to the external internet, no direct access to remote users’ computers, and therefore no possibility of propagating malware to the corporate network.
This approach removes the possibility of external network threats while eliminating the configuration and maintenance complexities of VPN hardware appliances—plus the costs.