There’s a great podcast featuring a friend of NCP engineering, Lisa Phifer, vice president of Core Competence, that outlines a few good steps network administrators can take to help protect the network from threats caused by traveling employees accessing it from unsecured public hotspots. While Lisa offers great technical advice on VPN and personal firewall settings, and hotspot danger warning signs, she makes two poor assumptions.
First, Lisa assumes the network administrator can educate each and every traveling employee, or user, on these best practices. Secondly, she assumes the users will choose safety over convenience. Let’s face it, the average user isn’t technical, doesn’t want to be bothered and simply wants Internet / network access.
We’ve seen this situation many times and continue to recommend combining user education with a remote access technology that takes the user completely out of the picture. With an ‘intelligent’ remote access solution, network administrators can provision VPN clients, centrally manage each personal firewall and enforce policy all from the admin side. All the user sees is his or her device turning on, finding the hotspot and connecting to the Internet through the secure network.
What is equally important to in this situation is endpoint security, beyond simply the VPN. An infected device that is connected to the network will cause just as much harm as a clean device that has fallen prey to a man-in-the-middle attack. Before users are granted a VPN connection, a full sweep or ‘pat-down’ of the device should take place. This pat down checks the device and make sure anti-spyware, anti-virus and anti-malware software are up-to-date. If something is lax then the user is instructed how to remedy the issue and asked to re-establish a connection.
If network administrators add these tips to those gleaned from Lisa’s podcast, the network will be safe and the company’s employees will be able to access the Internet and network safely from anywhere they happen to be.