People want to be able to work from anywhere, whether it be from home, a hotel room, a client's office, or the beach. Of course, they also want access to resources identical to those they use sitting at the desk in their office. How do you provide this access securely, protecting the highly valuable and confidential information that resides on an internal corporate network?
The most cost-effective solution available today is a remote access virtual private network (VPN), which is why they are gaining popularity in record numbers. A VPN solves the problem of how to protect sensitive information as it travels across a public network, but it opens numerous new security issues. This article discusses these issues and how to mitigate the risk they introduce through the use of personal firewalls.
Monitoring the Back Doors
What issues arise when you enable your employees with remote network access? The all-encompassing issue is that, for every employee with remote access, you open one more back door into your network. A back door is a system outside the physically secured premises of the corporation that is not subject to systematic auditing and administrative control. So, if you are a large enterprise with thousands of users connecting through remote access, you have just opened several thousand back doors. Passing through this back door, which is generally wide open, can give an unauthorized user complete access to your internal network.
Remote access users connecting through cable modem/DSL connections should cause the most concern for security personnel. Systems directly connected to these always-on networks are ripe for picking from would-be hackers and script kiddies continuously scanning network subnets. I have a cable modem and, in the span of one hour, I was scanned repeatedly, including probes for SNMP, FTP, WhatsUp, DNS, SubSeven, NetBus, OS fingerprint, RPC, Telnet, and Land Attack.
A VPN solution that employs two-factor authentication, such as digital certificates or SecurID, is still vulnerable. VPN authentication is used to create the tunnel, but once everything is connected, any person with access to the system can access the internal resources at the other end of the tunnel, whether it is a single host or the entire network. Application controls and intrusion detection are the only potential layers of security left between a compromised laptop and a compromised network.
All systems connecting to the corporate network through remote access should be considered a component of the internal network, and corporate security policies should reflect this. Ideally, a remote access policy should be developed that defines who can have remote access (Can all employees? Is it limited to IT personnel?), what means they can use to connect (Can they use cable modem/DSL, dial-up, or something else?), and what additional security measures must be taken on a system used for remote access (Does this include firewalls and antivirus measures?).
Ideally, because these remote access systems are directly facing the Internet, they should be appropriately hardened, should run a minimum amount of services, and should not enable high-risk activities such as file and print sharing. Of course, we do not live in an ideal world, so we know that the system will not be hardened to the level that it should; users will install rogue applications, such as ftp servers, pcAnywhere, and ICQ; and users will enable file and print sharing. We cannot completely control the end user, so the popular approach today is to try the next best thing: Install a firewall on the system and block this access from the outside world.