Security concerns arise for home workers allowed to VPN into company networks
I was recently brought in by a company who had a security breach due to a home user who was allowed to create a VPN tunnel back to the home office. This was done by creating an end point to end point connection from the users home wlan router which has a vpn option on it to the home office vpn router. Normally this would not be an issue but the user set up different ssid's for home and work, the only ssid that had any type of WEP on it was the one used for the company laptop. The other ssid's created for home users and children did not have a WEP settings created.
The home user thought that since the laptop was secure to the wlan router and it was one a secure connection back to the home office over a vpn all was good. But they did not think that other users could gain access to the company network off other ssid's. The problem was fixed for this company by myself and offering a new security plan and hardware recommendation. We recommended that the company invest in the Cisco 800 series router for remote users with wlan options. These router can be set up by the IT staff and sent out so that the user at home cannot make changes but will still have wlan services at home for the company laptop.
I know that most companies will just do a vpn from the laptop and be done with it, but we were working with what the company already had as an IT policy and they wanted to keep it some what the same. This brings up a good question, should companies outlaw this practice that caused the problem to insure a secure security policy?
Larry Chaffin Ph.D is the Chief Executive Officer/Chairman and founder of Pluto Networks, a Consulting and VAR partner specializing in WAN Acceleration, VoIP, WLAN, Telepresence and Security and a Riverbed reseller. Pluto Networks specializes in the needs of small, large and enterprise companies by always giving them a great ROI on the products they sell. Pluto Networks has a presence in 23 countries around the world enabling all of its consultants to be virtual. Larry was a Judge at Interop for the Best of Interop Awards for 2009 and is looking forward to the 2010 awards in Las Vegas.
Larry has also co-authored all of the books listed below:
Managing Cisco Secure Networks, Skype Me, Practical VOIP Security, Configuring Check Point NGX VPN-1/Firewall-1,Configuring Juniper Networks NetScreen & SSG Firewalls,Essential Computer Security: Everyone's Guide to Email, Internet, and Wireless Security, How to Cheat at Microsoft Vista Administration, Microsoft Vista for IT Security Professionals, Asterisk Hacking, 2008 VoIP and Video Conferencing, Infosecurity 2008 Threat Analysis and author of Building a VOIP Network with Nortel's MS5100, along with co-authoring/ghost writing eleven other technology books for VIOP, WLAN, security and optical technologies. Larry is currently working on a follow up to Building a VoIP network with Nortel's MCS 5100 Book as well as new books on Cisco Telepresence Networks, Practical VoIP case studies and WAN Acceleration with Riverbed.
Larry also has more than 29 vendor certifications and has been working on many others. Larry has been a principal architect around the world in 22 countries for many Fortune 100 companies designing VoIP, security, wireless and optical networks. He has expanded over time also to include application acceleration. Larry is working with worldwide company now out of Asia as a Special Assistant to the CEO and CIO as they go through organizational and network changes, helping them with strategic advice from his years or experience. Pluto Networks is a channel partner of Cisco, ProCurve, LifeSize, Riverbed, Call Copy, Fastsoft and Symantec.
The Leader in Network Knowledge
