Securing Wireless, Remote and Mobile Computing - Quick Fixes
by Ian Kilpatrick - Chairman of Wick Hill Group - Friday, 30 June 2006.
The rapid growth of wireless, remote and mobile computing is creating a significant increase in the risks that organisations face. All the indications are that this growth will continue, and indeed accelerate. It is clearly time to review what actions are required to manage access risks from these forms of computing. Fortunately, there are some quick fixes that are available.

In an ideal world, the starting point would be risk assessment and management. This is a fundamental component of any wireless and mobile deployment. It will ensure that security is factored in at the beginning of a project and that everyone involved is aware of the risks. All security policies should be reviewed to make sure that they reflect current realities.

However, in many cases, the move from inside to outside the computer network perimeter has not been accompanied by either risk assessment and management, or by the education of the management, staff and users involved.

In an environment with ongoing mobile computer access, attempting to “backfill” security is going to be difficult and subject to active or passive resistance from users – and much more expensive than getting it right in the first place. A bite at a time is the best approach in this situation, and there are some quick fixes that will make it an easier case to sell to all involved.

Passwords and authentication

Static passwords are woefully inadequate for remote and mobile computer users, with huge identity theft risks (particularly for wireless). The answer is to deploy strong two- factor authentication. Companies such as VASCO provide low-cost, token-based solutions that can be easily deployed for remote users.

SSL VPNs

Consider using encrypted secure sockets layer (SSL) VPNs, alongside or instead of IPsec VPNs, as SSL can provide lower cost, easier to manage connections for large numbers of remote users. This is a growing area and there are a wide range of solutions from WatchGuard, Citrix, AEP, etc.

Regular Updating

Make sure that users regularly update anti-virus and firewall software. Failure to do so, alongside password and unauthorised software related issues, makes up the majority of remote help desk problems for organisations.

Wireless

Ensure that all traffic is over VPNs and is encrypted. Don’t use Wired Equivalent Privacy (WEP) for encryption because it is poor, insecure and weak. Use WPA or WPA2 (also known as 802.11i) and ensure that users always operate with it switched on - the default is with it switched off.

If you have remote wireless LANs, ensure that the service set ID (SSID) is changed from the default and is secured. Don’t change it to something blindingly obvious like your company name (or “control tower”, as seen by startled laptop users at a US airport).

Implement media access control (MAC) filtering. A MAC address is a physical address, so if you restrict access to devices whose address you have authorised, you can eliminate many ID theft issues. Another variation of this is device authentication, where the device authenticates itself to the network. Solutions are available from companies such as Phoenix Technologies, etc.

Also ensure your users have a wireless firewall/VPN to protect them and to manage encrypted VPNs from the wireless device. Companies such as WatchGuard and Check Point provide centrally manageable solutions in this area.

Bear in mind that many cheaper remote firewalls are incapable of dealing with application level attacks. A key requirement for remote firewalls, wireless or static, is to be able to deal with current and future threats, which include packet and, increasingly, application level attacks. All of these measures should greatly improve your mobile computing security with the minimum of fuss and resistance from staff.

Spotlight

Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //