Visit www.barracudasecurity.com

Legend

Location Of Theft in AQUA BLUE
URL Of Linked Article In STEEL BLUE or GREEN
Full Content Of Article In BLACK
Theft Description In Body Of Article in RED

Monday, March 15, 2004

UNITED KINGDOM ARTICLE ON WAN SECURITY ISSUES ZDNet UK - Special Reports - WAN lockdown
WAN lockdown


Rupert Goodwins


You might think your company network is secure, but care needs to be taken to ensure that all computers - including those used by employees at home and on the move - are equally secure.


Among the estimated half-million computers infected with the Blaster worm by the end of August, many tens of thousands were behind corporate firewalls specifically configured to prevent that class of attack. The vulnerability was the WAN -- remote users connected via VPN to a LAN, tunnelling in to the protected network as trusted nodes.


WANs are the proof that if you cast your net wide enough, you'll catch something nasty. The industry is realising that while networks confined to company premises can be controlled using the normal mix of security procedures, a different management policy is required to secure any system where remote users have access to corporate resources. While the classic model of WAN nodes connected over VPN treats them as members of whatever local network they connect to, it ignores the reality that the same computers have another life when not connected, one where they can be very vulnerable indeed.


However, this will not stop the basic problem that to be productive, a remote user must have some form of privileged access to the corporate network and that any attack software running on their PC will acquire those privileges. You must ensure that all remote PCs that connect to the work WAN have up-to-date virus scanning, a properly configured personal firewall, and that strong policies exist to encourage the users to act responsibly. Remote management is essential, and some form of encryption of data local to the user should be considered: PCs can be stolen, and laptops lost. If a computer has corporate information on it, it's part of the WAN even when not connected and must be managed.

No comments: