Security concerns arise for home workers allowed to VPN into company networks
I was recently brought in by a company who had a security breach due to a home user who was allowed to create a VPN tunnel back to the home office. This was done by creating an end point to end point connection from the users home wlan router which has a vpn option on it to the home office vpn router. Normally this would not be an issue but the user set up different ssid's for home and work, the only ssid that had any type of WEP on it was the one used for the company laptop. The other ssid's created for home users and children did not have a WEP settings created.
The home user thought that since the laptop was secure to the wlan router and it was one a secure connection back to the home office over a vpn all was good. But they did not think that other users could gain access to the company network off other ssid's. The problem was fixed for this company by myself and offering a new security plan and hardware recommendation. We recommended that the company invest in the Cisco 800 series router for remote users with wlan options. These router can be set up by the IT staff and sent out so that the user at home cannot make changes but will still have wlan services at home for the company laptop.
I know that most companies will just do a vpn from the laptop and be done with it, but we were working with what the company already had as an IT policy and they wanted to keep it some what the same. This brings up a good question, should companies outlaw this practice that caused the problem to insure a secure security policy?
Larry Chaffin is the CEO/chairman and founder of Pluto Networks, a consulting company specializing in VoIP, WLAN and security. Pluto is a channel partner for Cisco, Qualys, Riverbed, Guardianedge, TriGeo and Linksys.
Larry is an accomplished author; co-authoring Managing Cisco Secure Networks, Skype Me, Practical VOIP Security, Configuring Check Point NGX VPN-1/Firewall-1, Configuring Juniper Networks NetScreen & SSG Firewalls, Essential Computer Security: Everyone's Guide to Email, Internet, and Wireless Security, How to Cheat at Microsoft Vista Administration, Microsoft Vista for IT Security Professionals, Asterisk Hacking, 2008 VoIP and Video Conferencing, Infosecurity 2008 Threat Analysis and author of Building a VOIP Network with Nortel's MS5100, along with co-authoring/ghost writing eleven other technology books for VIOP, WLAN, security and optical technologies.
Larry has more than 29 vendor certifications from companies such as Nortel, Cisco Avaya, Juniper, PMI, isc2, Microsoft, IBM, VMware and HP. Larry has been a principal architect around the world in 22 countries for many Fortune 100 companies designing VoIP, security, wireless and optical networks. Larry is currently working on a follow up to Building a VoIP network with Nortel's MCS 5100 Book as well as new books on Cisco Telepresence Networks, Practical VoIP case studies and WAN Acceleration with Riverbed.
|
|
