• United States
by Steve Taylor and Joanie Wexler

Securing remote and mobile users

Mar 02, 20043 mins
NetworkingRemote AccessSecurity

* Getting your arms around remote-access security

These days, users have numerous remote-access connection options. Many of these methods involve touching the public Internet, which is fraught with viruses and hackers trolling around for an opportunity to conduct misdeeds.

Protecting against Internet infections and mischief involves making complex policy decisions about user access rights. Aside from basics like who users are and what department they work for, you might also want to grant or deny access based on what type of access connection is being used, whether users’ anti-virus software is up to date, whether a personal firewall is running on the client device, and other factors.

Just figuring out, organizationally, how to set policies for user access is a discipline in itself. Then, executing the policy in large organizations can be a Herculean task.

From the execution perspective, services from Fiberlink Communications and a deal Cisco struck with several anti-virus companies last year offer salvos against the perils of remote access.

Cisco and licensing partners Network Associates, Symantec and Trend Micro, for example, are outfitting Cisco routers to enforce access privileges when a remote computer attempts to connect to a network.  Devices running Cisco Trust Agent software that are checked by the router and deemed to have outdated anti-virus software, for example, can be denied access. The capabilities are due mid-year.

For its part, Fiberlink provides a conceptually similar function, but on a broader scale and in the form of a service.

The company ties together antivirus, personal firewall, VPN and access policies, which have typically been independent tasks. Let’s say a remote user shuts off his anti-virus software, but doing so violates policy.  In a Fiberlink-controlled scenario, if the anti-virus software isn’t live, this condition triggers the user’s VPN access to shut down (or some other action, depending on the rules set). 

Similarly, a company might want to create a rule that goes something like: “Any user accessing the network via Wi-Fi can’t access Oracle Financials.” Fiberlink’s service patrols that for you.

To do its job, Fiberlink runs a gateway that sits between applications at an enterprise and the Internet. User devices run Fiberlink client software (called Extend360). The Fiberlink gateways “stand guard” to check that everything about a client attempting to access your network is in compliance with your rules.

As an analogy, think of TSA officials at airport security checkpoints frisking you for nail files and other items that violate FAA policy. Note, though, that Fiberlink customers tell us that the Fiberlink system is a lot more accurate and efficient.