Archive for February, 2012

We recently introduced Joe the CIO as he navigated the world of remote access. Now Joe is on another adventure, this time tackling complex remote access issues in the cloud. As a network administrator of a large company, Joe has to tend to various remote access VPN tasks, a growing data center, and rising labor costs. Additionally, his company’s new operating system must  be implemented, adding to the complexity of his workload. Check out this video to find out how Joe handles all of these demands with remote access out of the cloud.

By Nicholas Greene

Earlier this week, I wrote about the importance of using VPNs at trade shows. Building on that, I wanted to expand on VPN implementations. Firstly, like anything else, VPN implementations aren’t perfect. A VPN tends to leave more traffic exposed than WEP, WPA, and WPA2, so preventing data leakage before launching the tunnel can be an exercise in futility. Roaming between IP subnets can break through your tunnels, and VPNs tend to be more than a little picky when it comes to how networks are laid out. Thankfully, all of those concerns are quite simple to address.

First up, don’t connect to a network that isn’t encrypted in some fashion. At Black Hat or Interop, this shouldn’t be a problem- their access points are encrypted by default. Second, if you’re enterprise, combine your VPN solution with endpoint security. As mobility is concerned; again, it shouldn’t be an issue with the larger tech conferences. Most of them are likely to implement subnet roaming capabilities into their access points- they’re designed to be VPN friendly.

Finally, don’t assume a VPN implementation means you’re completely protected- unencrypted data is just one of the many threats facing users at these events.  Setting up a dummy network with an SSID that appears valid is one of the most common attack methods at Black Hat. Even though organizers have implemented security to counteract this method, that doesn’t mean you shouldn’t still be on guard.

If all else fails, it might be worth looking into setting up your own dedicated Wi-Fi, and running the VPN through that. At the end of the day, network security can only go so far. Though the right VPN/endpoint security implementation is a great tool for protecting your data, you’ve got to do your part, too. Don’t assume that, simply because you have a secure network, you’re protected from theft- that is, after all, what the thieves are counting on.





By Nicholas Greene

With RSA 2012 kicking off next week, then Interop and BlackHat just around the corner after that – we are officially in trade show season. Of course, every show brings with it the challenge of connecting to its official Wi-Fi connection to plug back into corporate headquarters to do everything from email to sending documents and beyond. And as most of us know, this could invite a barrage of security vulnerabilities.

Of course, at IT conferences like Interop and Black Hat, you’ll find yourself with a better class of wireless network– it’s more or less a given that their Wi-Fi connections will be more secure than those at many other trade shows, as the organizers know enough to take an active role in securing the data of attendees. But the real risks come in when, for example, connecting via a hotel or a café near the show – or worse, a rogue unsecured network that tricks users into signing on with a strangely “official sounding” name.

So how will you stay safe this trade show season? In short, VPNs are the key. A VPN will give you all the security you’d get from a private network, and places it into a public arena; opening the requisite ports for easier connectivity, keeping your activities anonymous from others on the network, and encrypting any data you send between yourself and the server.

Unlike with unsecure (and even secure) wireless networks, no known exploits currently exist that are capable of subverting the security on most of the well-designed Virtual Private Networks. While it’s certainly true that a user connected to a VPN can interact with other systems on the network as though they were local, the users of those systems should generally be trustworthy, if you’ve implemented a proper VPN solution.

If you’re connecting to a corporate network, there’s a good chance that the company will already have some sort of VPN solution in place- all that’s left in such a situation is to set it up to run on your own system, and you’ll be golden. Generally, this is as simple as installing the client software for whatever solution you’re running- your company should provide it for you before you leave for the show.

If you’re not an enterprise attendee, or your company doesn’t yet have a VPN solution implemented, it might be worth looking into getting one- NCP has several VPN clients available– for enterprise users, the centrally managed solution’s ideal.

More on VPNs and trade show security next time.

What We’re Reading, Week of 2/13

Posted: February 17, 2012 in Highlights

PCWorld, How to Choose a Router for Your Business
Infosecurity, Safe Authentication for Remote Sys-Admin Tasks
MedCity News, Tips for Securing Healthcare Data on Mobile Devices
Security Week, Why the Cybersecurity Act of 2012 Needs to Be More Robust