- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
 |
||||||
 |
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
 |
|
 |
||||||
|
A developer takes her laptop home to get extra work done. Before she starts, she disables her antivirus software, because it scans every file and tends to bog down the compile. The code compiles, she checks her work and is done with it for the evening. She then reads a few e-mails in her personal account and surfs a couple of Web sites. Before logging off for the night, she decides to upload her just-finished code to the office server, so she accesses the corporate LAN remotely via VPN. Unfortunately, she forgets to reactivate her antivirus software, and unbeknownst to her, the laptop has become infected with the Nimda worm. The result is Nimda wreaks havoc across the corporation.
Welcome to Dennis Peasley's nightmare. A scenario much like this one led Peasley, corporate information security officer at Zeeland, Mich., office furniture giant Herman Miller, to roll out a new breed of security tool - remote policy enforcement software - to 900 remote users worldwide.
"If we had remote policy enforcement in place at the time, Nimda never would have gotten into the network," says Peasley, who now uses Zone Labs' Integrity remote policy enforcement tool. "We never would have let the developer in until the firewall and antivirus [signatures] were up to date."
Within the last year or so, remote policy enforcement tools have become available from vendors such as InfoExpress, Sygate Technologies and Zone Labs . The tools consist of client software, which has personal firewall and management pieces, and server software that communicates with the client and integrates with the corporate VPN. The tool checks whether remote VPN users have specific files installed, active and working properly, such as personal firewalls and antivirus programs. If the remote machine doesn't meet corporate security requirements, network access is denied.
Offending users are then redirected to a "quarantine" area on the remote policy enforcement server, from where they are prompted to turn on the firewall, restart the antivirus program or download the latest signatures - whatever is required to come into compliance. Only when the remote machines meet the specified security profile are they granted access to the corporate network.
"When remote users connect to Herman Miller, all they can get to is the Integrity server," Peasley says. "It checks that they have the Integrity client software running and that they have their personal firewall and the latest antivirus [signatures]. It works as a logical [demilitarized zone] in our environment. Once they have all the criteria satisfied for connecting in, then the system lets them log on to the rest of the domain."
Early users say the tools are far better than a VPN alone. "VPN vendors should have had something like this right from the beginning," says Ken Tyminski, chief information security officer at Prudential Financial, in Newark, N.J.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment