Sooner or later, your employees will have to work offsite. Itâ€™s important to establish the security of the hardware they use and the networks that connect them to the office.
It is becoming easier and easier for the general workforce to accomplish their office work from home or on the road. The office network is easily connected to enabling employees to do business not only anytime and anywhere but all the time and everywhere. According to a recent survey by the Economist Intelligence, more than half of companies in North America, Europe, and Asia Pacific have remote users. That number is expected to increase to 80 percent by 2006.
Yet, the same study reported that 49 percent of employers cited remote security as a major concern. As many organizations have realized, remote connections are essential to accomplishing business tasks, which underscores the importance of securing those connections in order to protect corporate assets.
The first step to ensuring a remote user has a secure connection is to evaluate the methods and technologies employees use to connect remotely. Remote users can connect over phone lines into remote access servers or by tunneling into the network by a virtual private network (VPN). Both options are viable, but are they enough?
Remote and mobile workers typically take their laptops home or on the road, then work from their new location in much the same way they would in the office. The primary difference is that while they¡¯re in the office, they¡¯re working within the perimeter protection provided by the corporate firewall and other security controls. When they¡¯re working out of the office, they no longer have that protection.
Without security controls in place on the laptops of these mobile and remote workers, these systems are at risk of attack by hackers and, even worse, can become the conduit for introducing malicious code into the corporate environment.
Blended threats pose the most significant threat to remote and mobile workers and the company networks to which they connect. Blended threats use a combination of malicious code and vulnerabilities to launch their attacks. Examples of recent blended threats include the Slammer, SoBig, and Blaster worms of 2003. According to the Symantec Internet Security Threat Report, blended threats were the most frequently reported threat last year, accounting for 60 percent of submissions in the first half of 2003?a 20 percent increase over the previous six months.
These threats are fast and getting faster. One university found that out the hard way. Upon hearing about Blaster on the morning the worm launched, the university unplugged its network connection at the perimeter firewall to keep all Internet traffic?malicious or not?at bay. However, by lunchtime, every machine was infected with Blaster. How? Through a laptop that had unknowingly become infected earlier in the morning via an unprotected Internet connection at home, then was brought in and connected to the university network. Once inside that network, it took just about an hour for the worm to make its way from one system to the next.
Proactive Protection Practices
The implementation of best practices provides defense in-depth to protect the corporate network against threats associated with remote and mobile workers. For example, all laptops that are used outside the corporate firewall and network perimeter should be outfitted with antivirus software that is properly configured and regularly updated. In the case of the infected university, up-to-date antivirus software would have identified Blaster as it attempted to download its main payload onto the professor¡¯s laptop, then notified the user and quarantined or deleted the offending code.
Desktop firewall software is also key to protecting the laptops of mobile and remote workers. The desktop firewall is similar to the corporate perimeter firewall in that it filters incoming and outgoing Internet traffic, blocking various ports according to firewall rules. A firewall on the university professor¡¯s laptop would have enabled that user to close the port through which Blaster was entering?in this case, port 135.
Of course, corporate laptops must keep certain ports open at all times. Port 135, for example, is typically used by DCOM, a component of Microsoft Windows; closing that port would prevent specified corporate IT maintenance tasks from being performed on the laptop. In that event, intrusion detection software provides the desired protection. Intrusion detection software scans the traffic going through open ports and identifies malicious code. Consequently, as soon as the Blaster worm tried to exploit the buffer overrun vulnerability in DCOM that it targeted as it entered the laptop, intrusion detection software would identify the code as malicious and block it immediately.
VPNs offer another security control for mobile and remote workers. A VPN creates a secure tunnel through which data can travel from the laptop to the corporate network, and back again. A properly configured VPN checks to make sure the remote node is in compliance with the company¡¯s policy before granting a connection. A typical corporate security policy likely requires that up-to-date antivirus and other security controls are implemented on remote and mobile systems. Returning to the example of the university, with a VPN in place, the unprotected and infected laptop would have been prevented from accessing the university network because of its non-compliance with the institution¡¯s security policy.
Two of the most frequently overlooked security controls for mobile and remote workers are file system encryption and system configuration. Laptop users should take advantage of the encryption capabilities included in Windows systems; by simply encrypting sensitive files, users can prevent them from being read by unauthorized users such as hackers.
Additionally, to further reduce the vulnerability of remote and mobile workers to Internet threats, unneeded services should be turned off. Exploits are being created faster than ever before, giving users little time to react to security events. By making sure that only needed services are installed and turned on, remote and mobile workers can greatly mitigate their risk of attack.
Finally, because laptops are, by nature, mobile systems, physical security is always a concern. While it¡¯s nearly impossible to prevent a laptop from being lost or stolen, it is easy to lock out unauthorized users by using power up passwords. While this best practice will not deter very sophisticated thieves from removing the hard drive from a stolen laptop and attaching it to another system, it will preclude access to laptop data by many others.
Balancing Risk and Benefit
In today¡¯s mobile computing world, it is no longer enough to protect the corporate network only at the perimeter. Remote and mobile workers extend corporate boundaries beyond the traditional local network to homes, coffee shops, airports, hotels, and countless other sites across the world.
To safeguard corporate assets without inhibiting the productivity gains of a mobile workforce, organizations and their employees must lock down laptops using security controls that protect at multiple entry points. By following best practices, corporations can ensure that their remote and mobile workers continue to represent a powerful organizational benefit rather than a worrisome security risk.
As Director of Product Management at Symantec Corporation, Brian Foster oversees the development of enterprise client and host-based security solutions. In his role, Foster is also responsible for identifying new opportunities for securing corporate end-points.