Organizations should develop and communicate clear policies promoted through aggressive security awareness programs that will alert remote users to the pitfalls of Internet access. Key safeguards include:
- Minimizing the use of network file shares
- Encouraging the use of personal software firewalls (ZoneLabs ZoneAlarm, Norton Internet Security, GTA Gnat Box Light)
- Application content filtering (including adbots and mobile code agents)
- Blocking random security scans and encrypted connections using virtual private networks (VPNs) or secure shell (SSH)
Security Vulnerability Testing
All remote user systems should be periodically tested for vulnerabilities and for the effectiveness of applied safeguards. This objective can be achieved through a combination of user self audits using free public testing services (http://www.grc.com , http://security2.norton.com/us/home.asp ) and centralized enterprise remote vulnerability testing tools (e.g. ISS Internet Scanner, NAI/PGP CyberCop Scanner, and NGSS Typhon). Any serious vulnerabilities detected during these procedures should be promptly reviewed and corrected as necessary.
While modern Internet connection services are a boon to telecommuting and other off-premises applications, it is critical that they are safely deployed and maintained through prudent protection and security testing practices.
Reprinted with permission from MIS Training Institute's TransMISsion Online. For a complete list of information security seminars and conferences available from MIS, go to: www.misti.com.