Security considerations for laptops and visitors

* Wirelessly connected laptops and visitors raise security issues for companies

[My friend and colleague Robert L. Gezelter has contributed an interesting article on the security and accessibility implications of pervasive workplace Internet access. The following is his text with minor editorial changes. - M.E. Kabay]

Over the last decade, laptop computers and network technology have become almost universal in workplaces. Many or most of the employees toting laptops are not field personnel; indeed, most of them rarely leave their office buildings. So why are companies spending extra money to pay for laptops?

In a recent speech, Intel Chief Financial Officer Andy Bryant stated that issuing employees laptops instead of desktops was a reasoned business decision based upon costs of business operations, not on employee convenience. His staff found that meetings were pausing, or failing to reach answers, because of the absence of information normally available on employees’ personal computers. Bringing laptop computers to the meetings closed the information gap.

The next logical step has been to access the corporate network using wired Ethernet or wireless LAN connections, bringing additional information into the decision-making process.

However, this scenario raises major security issues.

Protected facilities with wired connections for each machine, where everybody has the same access to the corporate network are the simplest - and admittedly, the least interesting - example.

More illuminating is the common situation where the network is wireless, the attendees are a diverse group, and the access to the corporate network is different for different classes of attendees. Some meeting attendees will be outsiders with no access to their hosts’ intranet, yet requiring access to their home company intranets. Sometimes outsiders may be friendly - for example, members of the project team from other participating companies. In other situations, the outsiders may be less than friendly - for example, customer technical and managerial representatives, government regulators or inspectors.

We need to provide secure access to appropriate information for both employees and visitors. We can do so by implementing a hierarchical security system. The solution is to treat network access as a digital dial tone available to residents and visitors but with security restrictions enforced after the users have connected to the first layer of the network services.

Wi-Fi security has a place in the security spectrum, but that place is as a coarse screen to keep random interlopers at arms length. As for wall jacks linking to wired LANs, the most cost-effective security uses VPN technologies to provide secure access to authorized personnel and the ability to deal with the full nuances of the security environment within the corporate intranet. Everyone else just gets access to the external Internet.

[MK: Even there, visitors’ use of corporate Internet access should still be controlled by firewalls using egress filtering to ensure that visitors are not making the host facility liable for damages or criminal prosecution by engaging in acts such as denial-of-service attacks or downloads of child pornography.]

Robert Gezelter, CDP, software consultant, guest lecturer and technical facilitator has more than 25 years of international consulting experience in private and public sectors. Gezelter is a frequent speaker at technical conferences worldwide such as HPETS (formerly DECUS) and a member of the IEEE Computer Society's Distinguished Visitor Program. In March, he will be speaking more elaborately on these issues at two Central Florida IEEE Computer Society chapter meetings (in Tampa on Wednesday, March 24 and in Orlando on Thursday, March 25). He has written for Network World, Open Systems Today, Digital Systems Journal, Digital News, and Hardcopy. He is also a contributor to the_Computer Security Handbook, 4th Edition_. Reach him via e-mail or his Web site.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Now read: Getting grounded in IoT