Readers’ Poll – Remote Access Frustrations

To help better shape our content, we at VPN Haus would love to get to know you – and your interests — better. This week, we’d like to learn about what causes you frustration when working remotely. We invite you to participate and enjoy the weekend!

Q&A with Swen Baumann, product manager at NCP engineering

We recently spoke to NCP engineering’s Swen Baumann about split tunneling and its role in IPv6, and how to best deploy it when working remotely. 

VPN Haus: How is split tunneling impacted by IPv6 dual-stack networking?

Swen: The main thing to remember is, split tunneling needs to be specifically configured. For instance, in a “dual-stacked” world – which implements both IPv4 and IPv6 stacks — you will have to configure either both or just only one, depending on which stacks you plan to use. Once you’ve completed this configuration, split tunneling will be processed — no matter if the traffic is IPv4 or IPv6. Simply put, to enable split tunneling on IPv6, you only need to configure the stack – but otherwise it should run smoothly.

VPN Haus: How does split tunneling differ from inverse split tunneling?

Swen: I know it’s stating the obvious, but it’s inverse. Here’s what that means. With conventional split tunneling you configure some networks that are to be processed within the tunnel, which means there are others not be taken into the tunnel. With inverse split tunneling it is just the other way round. You configure those networks that are not be processed through the tunnel and all the rest will be taken into the tunnel. In other words, split tunneling becomes the rule — not the exception.

VPN Haus: In cases of split tunneling for the home office, do you recommend the corporate VPN be set as the default gateway to first route all traffic, dropping those requests deemed unnecessary to secure?

Swen: Usually yes. But ultimately, it depends on the security policies of the company. Generally, the recommended approach is to direct all of the traffic into the corporate tunnel, so that all of the company’s security protocols can apply to the traffic and fulfill the organization’s security needs.

What We’re Reading, Week of 6/18

Computerworld– Remote access technologies in a BYOD era
FierceTelecom– World IPv6 Launch results: What effect did the event have on the Internet?
GigaOM– BYOD wave sparks big security concerns
CNBC- The Great Shrinking Office

IPv6 Day 2012 – The Aftermath

Now that we’ve had a few weeks to consider the aftermath of IPv6 Day 2012, we wanted to look into what the industry is saying are the key takeaways – so far – from this year’s event, in which thousands of organizations switched over to IPv6 – permanently. After all, IPv4 website addresses are essentially exhausted, while IPv6 has more than 340 trillion addresses, according to the Internet Society. This, the organization points out, is an IPv4 address for every star in the universe. Mind-boggling, right? Here’s what else people are saying:

IPv6 traffic didn’t spike on World IPv6 Day, but did see a gradual and significant increase starting two weeks before the actual day, 6 June, according to Arbor Networks. Internet Protocol version 6 traffic grew from 0.06 per cent to 0.15 per cent in that period, it said…The increased levels of IPv6 traffic has been steady since the event, Arbor added. “This shows that hopefully many of the newly enabled IPv6 services are here to stay – another important milestone on the road to ubiquitous IPv6 adoption.” – Adam Bender, ComputerWorld

While the commitment to always-on v6 was a big one, some experts predicted that we wouldn’t see a big jump in traffic rates during this year’s World IPv6 Launch. The reason for this was that many of the providers who are committing to v6 had already turned up their networks ahead of the launch and would be running the day of the event. However, Owen DeLong, IPv6 evangelist for Hurricane Electric, predicted a small spike in traffic would occur on June 6, followed by a leveling off and gradual move upward in traffic rates. He forecast that v6 traffic rates would “at least double if not quadruple again, possibly more, in the next year.” – Samantha Bookman, FierceTelecom

What are your predictions for IPv6 moving forward? Also, you can download your own copy of the World IPv6 infographic at www.worldipv6launch.org/infographic.

Why Identification and Authentication Matter, Part 2

By Joe Schembri 

Last week, I provided a quick summary of identification and authentication. Continuing with this, today I’ll dive into why these factors are so critical for remote access solutions.

Why Identification and Authentication Are Important to Secure Remote Access Connections

With remote access, users are not under LAN administrative control, which exposes the network to increased security risks. By providing remote access, the internal network can be more vulnerable to security breaches. Since remote access is mainly dependent on the public Internet, identification and authentication are critical to properly secure internal networks against threats such as unauthorized access by verifying all users who attempt to access secured data.

Strengthening Security with User ID/Password Combinations

Although user ID/password combinations aren’t the strongest type of identification and authentication, they are the most common. If a company must use this as a security strategy, here are a few tips to improve security:

• Limit the number of allowed login attempts before locking the user out of the system.
• Enforce strong passwords, requiring at least eight characters with a combination of letters, numbers, and special characters. Remember, longer passwords take more time to crack so the more characters the better.
• Require users to change their password periodically — 90 days may suffice for regular users but administrators should be more frequent such as 30 days.
• Prohibit the use of names and words found in a dictionary as passwords.

Ease of Use Promotes Compliance

Allowing users to connect remotely has been around for some time now because it can provide a host of benefits in our increasingly mobile workforce. However, companies should always make sure to provide adequate security to protect data and systems. In addition, every effort should be made to make security provisions as easy to use and maintain as possible since users tend to circumvent measures that are too burdensome or difficult.

Joe Schembri has over 10 years of IT and IT security experience and currently works with Villanova University’s online cyber security training programs, including the CISSP training prep program.