Life in the Fast Lane: Security for Cable Modem, DSL, and Other Remote User Internet Connections
by Ken Cutler - CISSP, CISA, Vice President, Curriculum Development & Professional Services, MIS Training Institute; Principal Consultant, Ken Cutler & Associates - Monday, 6 October 2003.
Security Safeguards

Organizations should develop and communicate clear policies promoted through aggressive security awareness programs that will alert remote users to the pitfalls of Internet access. Key safeguards include:
  • Minimizing the use of network file shares
  • Encouraging the use of personal software firewalls (ZoneLabs ZoneAlarm, Norton Internet Security, GTA Gnat Box Light)
  • Application content filtering (including adbots and mobile code agents)
  • Blocking random security scans and encrypted connections using virtual private networks (VPNs) or secure shell (SSH)
If an inexpensive consumer grade Internet router/gateway/firewall device (D-Link, Linksys, Netgear, SMC) is used for sharing Internet connections, the user/small office should carefully review the provided firewall features, including current firmware upgrades, to ensure that sufficient content screening is available. If not, either the addition of software firewalls in each workstation or the use of more robust (and more expensive) personal firewall appliances such as Cisco PIX 5xx Series, Sonic Systems SonicWall, and Watchguard SOHO should be considered. Only personal firewalls certified by a recognized independent testing laboratory like TrueSecure Labs and equipped with centralized firewall administration services should be seriously considered for corporate or government remote user applications.

Security Vulnerability Testing

All remote user systems should be periodically tested for vulnerabilities and for the effectiveness of applied safeguards. This objective can be achieved through a combination of user self audits using free public testing services ( , ) and centralized enterprise remote vulnerability testing tools (e.g. ISS Internet Scanner, NAI/PGP CyberCop Scanner, and NGSS Typhon). Any serious vulnerabilities detected during these procedures should be promptly reviewed and corrected as necessary.

While modern Internet connection services are a boon to telecommuting and other off-premises applications, it is critical that they are safely deployed and maintained through prudent protection and security testing practices.

Reprinted with permission from MIS Training Institute's TransMISsion Online. For a complete list of information security seminars and conferences available from MIS, go to:


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th