Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
17 November 2008  
Untitled Document
Sections

Market
Management
 Technology
Technology Life

Express Intelligent Enterprise

Events

Technology Senate
Technology Sabha
Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Express Healthcare
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Vendor Accent

Reduce security risks for teleworkers

Shubhomoy Biswas argues that SSL-VPN increases productivity for teleworkers by extending secure remote access to a wider swath of resources for a low TCO

With expanded access capabilities, organizations improve employee productivity. Yet, as productivity increases, so do risks to your network.

While teleworking helps meet today’s productivity demands, the additional network security risks anywhere access can create have to be addressed while offering additional benefits to today’s mobile workforce.

Teleworking is ubiquitous

Ubiquitous computer technology and connectivity enable people to do their jobs virtually anywhere and at any time—while traveling or at home. Increasingly, “the office” is anywhere employees can get an Internet connection to access the resources they need. As a result, workers enjoy more flexibility in their work hours and work locations, leading to increased job satisfaction.

Security risks posed by teleworkers

Without proper security measures in place, anytime, anywhere access introduces a number of risks for organizations. For example, unsafe user behavior can leave sensitive corporate information behind on a public machine, easily accessible to curious outsiders. The biggest risk comes from sophisticated malicious hackers. They may launch a full-fledged attack against your organization in an attempt to hijack your computing resources and sabotage your operations and reputation.

Incorrect settings

Without IT oversight, home computers, personal laptops and mobile devices are more likely to be improperly configured for file and printer sharing, potentially exposing sensitive information to roommates, spouses and children. Teleworkers may not be using the latest operating system or application software. They may not have installed the latest security updates or kept up with their anti-virus definitions. Overall, personal devices are more likely to be infected by viruses or malicious code than corporate devices. Moreover, infections are slower to be detected and cleaned up on personal devices. Teleworkers increase corporate risks by potentially infecting other corporate machines and by spreading infections to customers and business partners.

Malware and remote devices

Worms and viruses cause damage by slowing down infected systems and networks, corrupting files and applications, and stealing bandwidth. Unless appropriate information security products are deployed, hackers can use this type of malicious software to access corporate resources through an unprotected VPN tunnel, unbeknown to the authorized user.

WLANs: insecure by default

Additional risks come from the nature of home computing environments. Today, many home computers connect to wireless home networks (based on IEEE 802.11 wireless LAN standard). Since wireless networks extend outside of the physical property boundaries, anyone just outside of the building can eavesdrop on traffic going through the wireless network or access file shares. Furthermore, sophisticated hackers can easily defeat WEP by exploiting its widely publicized security flaws.

Broadband exacerbates vulnerability

With always-on broadband connections, hackers can take their time penetrating a remote device. Unless products like a personal firewall are properly deployed, port scans, and other hacking attempts and intrusions can go undetected for a long time. Hackers can exploit all open ports to steal resources or to damage unprotected connected systems.

IT cannot control the end user’s environment

A remote user’s access device might be a home computer, a friend’s laptop, a shared computer on another organization’s network, a wireless PDA, a smartphone or a public kiosk. This remote user device tends to be the weakest point of security, due to non-technical users’ inexperience and IT’s lack of control over the configuration settings and software updates. Today some of the best SSL VPN and network security appliances are strong, adaptable security that can help you defend against these risks.

SSL VPNs reduce security risks

You know that it is not realistic to give your teleworkers the benefits of an anywhere access solution without an underlying platform that makes it secure, scalable and manageable. Proven SSL VPN solutions give IT the control that makes this type of end user convenience possible.

Protecting corporate networks

For teleworkers in particular, the increasing availability of always-on broadband access and local area wireless networks gives hackers high speed 24x7 opportunity to snoop and cause damage to the teleworker’s PC. If successful in penetrating the teleworker’s PC, hackers can try to use the compromised device and high-speed connection to go after your corporate network.

By adding SSL VPN technology to your information security infrastructure, you can minimize your security risks. SSL VPN hardened appliances or managed services automatically perform the following functions at the edge of the network:

  • Detect the security of an endpoint prior to teleworker authentication
  • Protect resources with granular policy based on that user and endpoint
  • Connect the teleworker effortlessly to only authorized resources

Protecting your resources

In-built endpoint controls designed to help IT proactively control the security of the remote user’s PC. With endpoint controls, you get the precision you need to reduce risk. EPC provides the ability to enforce policy based on the level of trust that IT has for the user as well as his or her environment.

  • Device Interrogation: Endpoint control systems automatically interrogate the endpoint anytime a user accesses the SSL VPN. To ensure that the access point is free of malicious software, or malware, like keystroke loggers and Trojan horses before allowing access, the solution automatically launches an agent client integrity partners (like Symantec).
  • Policy Zones: With EPC, IT organizations can establish and define different Policy Zones to fit their needs. Common Policy Zones include zones for untrusted machines such as kiosks, semi-trusted machines such as home PCs, and trusted corporate assets like laptops. IT can then manage those zones with a simple set of parameters.
  • Enhanced data protection and remediation: A mobile user can browse the Internet, check e-mail and work with personal files using client/server applications, but once the session is over, all sensitive data is automatically removed from the unmanaged workstation.

One secure gateway

SSL VPN is flexible enough to work well in any remote access situation, providing you with the best possible security for that environment. There are three access options:

  • Network security providers give their users clientless browser access for Web applications, client/server applications and file shares.
  • SSL-VPN technology provides a Web-delivered client for secure access to the corporate network.
  • The SSL-VPN can deliver the “in-office” experience for mobile devices

Broadest application access from the most endpoints

Top of the line SSL VPNs deliver transparent access to all network resources. This unparalleled ease of use significantly increases productivity, while reducing support costs associated with solutions that are more cumbersome.

Manageable and cost-effective

One of the reasons many organizations are adopting SSL VPNs is to reduce the cost and complexity they are experiencing with IPSec. With SSL VPNs, the reduced complexity and increased end user self-sufficiency quickly translates into improved user productivity and reduced workloads for IT.

Advantages for mobile email

Since SSL VPNs provide universal access to e-mail and other resources from multiple devices, there is no need to support mobile e-mail using a separate proprietary infrastructure, like Blackberry Enterprise Server (BES).

Object-based policy model

You can easily manage any resource, application or network file share for all of your remote access policies and user organizations from a centralized location. State of the art SSL-VPN technology approaches access control policy using the same security and management principles that underlie firewalls.

Scalability

As additional users start accessing your corporate network remotely, scalability of your infrastructure becomes a real issue. Add new high-bandwidth applications like voice over IP and document sharing, and scalability and reliability quickly percolate to the top of your list of concerns.

Multiple authentication realms

Most SSL VPNs can support more than one authentication repository as well as differing methods of authentication (e.g., username/password and tokens), providing more flexibility and scalability. This makes it easy to support a policy model spread across multiple directories or to support situations where differing authentication credentials are required.

SSL VPNs offer easy, flexible access options to secured resources and reduce companies’ information security risks.

The author is the Country Director - India, SonicWALL

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.