/
VPNs take center stage
VPN service providers
Trimble Navigation finds VPNs useful for remote access
Face-off: Build your own VPN or outsource?
Tips for getting remote workers secure
Archive of Network World features
Subscribe to our VPN e-mail newsletters
While this ever-expanding army of telecommuters may be doubling their work efficiency and slicing their drive time, they also may be opening thousands of opportunities for hackers, competitors and thieves to easily slip right into the heart of the company network. "By and large, telecommuting security is not taken as seriously as it ought to be," says Ken VanWyk, corporate vice president and chief technology officer of Para-Protect, a security consulting and service firm in Alexandria, Va. "It creates a major backdoor that most companies are not aware of. I'm not saying the sky is falling, but you seriously need to pay attention to these things," he says. VanWyk and other security experts say most companies feel safe hiding behind a network firewall. Employees may be dialing into the system, but that firewall will keep any unwanted, prying eyes out. Wrong. Other network administrators still think they're safe if they wall their network with a firewall and give employees a VPN so they can safely dial in through an encrypted tunnel. Wrong again. "If I compromise your home computer, I can follow you right into the network," says Tim Belcher, chief technology officer of RipTech, a security consulting and service provider also in Alexandria. "Working from home is great, but from a security standpoint, it's a significant threat because most security software that companies are employing doesn't protect the home computer.... All someone has to do is hack into a home computer and follow them through an authorized connection." Security experts and industry analysts agree that corporate firewalls help keep intruders at bay and VPNs safely encase information as it flows between the main office and the home office. The trouble lies in the ability of an intruder to ride through that tunnel piggybacking on an entrusted user. "The encrypted tunnel is safe. That link is fine," says Sammy Migues, chief scientist at Infrastructure Defense in Alexandria. "That doesn't mean [the home] computer itself is safe. It has a lot of vulnerabilities.... Once I get onto that home computer, it's almost a certainty that I could execute their VPN client software remotely. If you have to type a password, I could remotely log your key strokes or view your screen and then I would see everything you're seeing." To get in to your home computer, hackers need to probe IP addresses. Analysts warn that the hacker's job gets easier if the home user has a constant live connection, such as a DSL line, which often has a static IP address. A dial-up connection generally has a different IP address with each connection and while that can also be hacked into, it's certainly more difficult. The solution to the problem of vulnerable home PCs is to install a personal firewall on the home computer which will help keep intruders out of that desktop, as well as out of the corporate network. "Statistics show that IP addresses used by dial-up services get scanned [by potential hackers] basically every day," Migues says. "If you got a DSL connection [midweek], I'd bet that you'd be scanned two or three times by the end of the weekend." As the number of telecommuters continues to increase at Econometrics, a marketing data warehouse in Chicago, securing those off-site links will be a top priority, according to Brian McGuire, chief technology officer. "I guess there's been a little part of me saying that nobody was listening in, but that's not good since it appears that there probably is [someone listening]," McGuire says. "We know the problem is coming. We know we're going to have to tighten up our security."
Related links
There are plenty of options if you want to outsource your VPN. Trimble Navigation finds VPNs useful for remote access
Employees find joy in setting up a VPN. Face-off: Build your own VPN or outsource?
Indus River Networks' Dave Zwicker and Concentric Network's Mark Fisher face off. Archive of Network World features Subscribe to our VPN e-mail newsletter
VPN vulnerability
Personal firewalls for remote users are recommended to protect the network from hack attacks.
 
|
|||
 | |||
|
By Sharon Gaudin
Network World, 08/14/00
If you're extending a VPN to your remote workers, you need to keep in mind that those direct and sometimes always-on links into your corporate network are a prime target for hackers.
VPNs take center stage
VPN service providers
Trimble Navigation finds VPNs useful for remote access
Face-off: Build your own VPN or outsource?
Tips for getting remote workers secure
Archive of Network World features
Subscribe to our VPN e-mail newsletters
While this ever-expanding army of telecommuters may be doubling their work efficiency and slicing their drive time, they also may be opening thousands of opportunities for hackers, competitors and thieves to easily slip right into the heart of the company network. "By and large, telecommuting security is not taken as seriously as it ought to be," says Ken VanWyk, corporate vice president and chief technology officer of Para-Protect, a security consulting and service firm in Alexandria, Va. "It creates a major backdoor that most companies are not aware of. I'm not saying the sky is falling, but you seriously need to pay attention to these things," he says. VanWyk and other security experts say most companies feel safe hiding behind a network firewall. Employees may be dialing into the system, but that firewall will keep any unwanted, prying eyes out. Wrong. Other network administrators still think they're safe if they wall their network with a firewall and give employees a VPN so they can safely dial in through an encrypted tunnel. Wrong again. "If I compromise your home computer, I can follow you right into the network," says Tim Belcher, chief technology officer of RipTech, a security consulting and service provider also in Alexandria. "Working from home is great, but from a security standpoint, it's a significant threat because most security software that companies are employing doesn't protect the home computer.... All someone has to do is hack into a home computer and follow them through an authorized connection." Security experts and industry analysts agree that corporate firewalls help keep intruders at bay and VPNs safely encase information as it flows between the main office and the home office. The trouble lies in the ability of an intruder to ride through that tunnel piggybacking on an entrusted user. "The encrypted tunnel is safe. That link is fine," says Sammy Migues, chief scientist at Infrastructure Defense in Alexandria. "That doesn't mean [the home] computer itself is safe. It has a lot of vulnerabilities.... Once I get onto that home computer, it's almost a certainty that I could execute their VPN client software remotely. If you have to type a password, I could remotely log your key strokes or view your screen and then I would see everything you're seeing." To get in to your home computer, hackers need to probe IP addresses. Analysts warn that the hacker's job gets easier if the home user has a constant live connection, such as a DSL line, which often has a static IP address. A dial-up connection generally has a different IP address with each connection and while that can also be hacked into, it's certainly more difficult. The solution to the problem of vulnerable home PCs is to install a personal firewall on the home computer which will help keep intruders out of that desktop, as well as out of the corporate network. "Statistics show that IP addresses used by dial-up services get scanned [by potential hackers] basically every day," Migues says. "If you got a DSL connection [midweek], I'd bet that you'd be scanned two or three times by the end of the weekend." As the number of telecommuters continues to increase at Econometrics, a marketing data warehouse in Chicago, securing those off-site links will be a top priority, according to Brian McGuire, chief technology officer. "I guess there's been a little part of me saying that nobody was listening in, but that's not good since it appears that there probably is [someone listening]," McGuire says. "We know the problem is coming. We know we're going to have to tighten up our security."
|
Contact Features Writer Sharon Gaudin
Other recent articles by Gaudin
VPNs take center stage
Virtual private networks merge IP technology with encryption to offer significant cost savings on WAN traffic.
There are plenty of options if you want to outsource your VPN. Trimble Navigation finds VPNs useful for remote access
Employees find joy in setting up a VPN. Face-off: Build your own VPN or outsource?
Indus River Networks' Dave Zwicker and Concentric Network's Mark Fisher face off. Archive of Network World features Subscribe to our VPN e-mail newsletter
