With the arrival of affordable broadband Internet connections and standards based Virtual Private Networks (VPNs), communications links can be done quickly, cheaply, and safely across the world. VPNs can be used to connect mobile users using dial-up Internet connections, link two LANs together via the Internet, allow remote offices and users to securely access internal TCP/IP applications running on the corporate intranet and enable secure access to the corporate extranet for vendors, partners, and customers.
VPNs are generally perceived to be 100% impervious. However, the vast majority of existing VPN solutions on the market today do not make allowances for the fact that remote workers may themselves be on a small family network. This means the network activities of other family members could inadvertently leave the VPN tunnel open to unwelcome visitors.
To stay safe, SonicWALL recommends businesses should make sure their VPN solutions meet the following criteria:
- Isolate the telecommuter connection - where the teleworker unit is on a shared network at home it should not be possible for the VPN tunnel to be accessible to anyone else on the home network
- Enforce network protection at the telecommuter site - companies should consider giving teleworkers security levels at home that comply with the basic minimum corporate standards thereby enforcing a multi-layered defense mechanism that incorporates firewall, anti-virus, content filtering and authentication
- Scale the telecommuting network infrastructure - the majority of enterprises will require VPN connections with many different users so it is important that the solution should be scalable to allow security measures to be deployed rapidly via a web browser
- Manage telecommuting security policies - any solution must be capable of being managed remotely by the company’s service professionals so that the VPN links remain in full control of the organisation at all times
- Perform stateful inspection - where malicious attacks are detected at the application layer rather than at operating system level
- Comply with standards - IPSec, ICSA certification and PKI
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.