A chain is only as strong as its weakest link. It’s a well worn cliche, but it’s an important one to bear in mind when you’re thinking about the security of your corporate network.
That’s because if there’s a single point on your network’s perimeter defense that is weak, then that’s the place from which hackers will choose to launch their attack.
Network administrators put a great deal of effort and resources into promoting security with firewalls, virus scanners and many other measures, while data centers are turned into fortresses and networked PCs in corporate offices are guarded by 24-hour security systems.
In today’s IP-connected world, however, no network is an island. How do you account for teleworkers when planning your network security? An estimated 30 million Americans — some 20 percent of the workforce — work from home at least one day a week, and that number is likely to increase steadily as broadband Internet connections become ubiquitous in the home and wireless access for mobile workers becomes cheaper and simpler.
Yet the security measures in place at most corporate premises are frequently undermined because they are not mirrored in teleworkers’ homes and cars.
The Weakest Link Begins at Home
The fact is that teleworking can present an huge security risk in a corporation’s security fence — teleworkers frequently represent the weakest link. ”Unfortunately, it seems that the security measures taken by teleworkers always lag behind the measures in place in organizations’ offices, so teleworkers are bound to be the Achilles heal,” says Mark Lillycrop, chief analyst and security expert at U.K.-based research house Arcati.
The good news, according to Lillycrop, is that this need not be the case: It is possible to make teleworking acceptably secure, so that the risks it presents are balanced by the advantages. To see what special measures need to be taken it’s first necessary to understand why teleworkers are such a risk.
Viruses and Trojans and Worms… Oh, My
The most significant threat comes from teleworkers inadvertently introducing viruses, Trojans and distributed denial of service (DDoS) worms onto the network. Although office workers can also infect the network, there are several reasons why teleworkers are far more likely than their office bound counterparts to be the cause of such problems.
In the office environment, desktops are closely managed — often centrally — to ensure virus scanners are kept running and up-to-date. E-mail may also be scanned for viruses before entering the corporate network, and measures may also be in place to bar users from high-risk activities like chat, peer-to-peer (P2P) networks and browsing high-risk Web sites.
With teleworkers the situation is very different. A teleworker’s PC will almost certainly differ in specification and installed software from the corporation’s standard desktop PC, and it may not be able to run some security applications that are installed on corporate PCs. Teleworkers may uninstall their virus scanner or replace it with another, less-effective one. And while corporate inventory management software or even company rules can help ensure this does not happen to machines permanently connected the corporate network, this is far harder to do effectively with teleworkers’ machines.
Even if a virus scanner is installed on a teleworker’s PC, the fact that it is remote makes it far harder to ensure that virus signature files are kept current. Unreliable or slow home Internet connections mean that users are often tempted to delay updating their virus definitions — until they have time to spare or until they next come in to work.
Your corporate network is probably protected by a hardware firewall, but it’s unlikely that teleworkers will have anything stronger than a software firewall to protect themselves. Again, there is the risk that a software firewall will be disabled or uninstalled on a remote computer, especially if the computer itself belongs to the teleworker rather than the company.
And even if teleworkers don’t disable virus software or download programs from untrustworthy sites, this does not necessarily hold true for other family members who may have access to the teleworker’s computer or to other computers connected to it on a home LAN sharing the same Internet connection. Networked computers may also be invisible to the corporate network, adding yet another vulnerability.
Mobile Can Mean Trouble
Salespeople and other so-called ”road-warriors” bring another type of vulnerability — the risk of losing a laptop or having it stolen from a hotel room or the trunk of a car. Not only may the laptop contain confidential or valuable corporate data, but it may also provide a simple way for a hacker to gain access to the corporate network and plunder more data. Surprisingly few road warriors have any strong password protection on their laptops because of the inconvenience, and fewer still have any biometric protection.
”Laptops should be regarded as gateways into corporate networks, yet they are routinely left in cars and often there are no security measures on them at all,” Lillycrop said.
Wireless 802.11b or 802.11g access points available at Internet cafes, hotels and fast food outlets, or wireless home networks, are also a security risk. Many teleworkers may configure their systems to take advantage of wireless access without understanding what encryption is required to prevent others eavesdropping on their sessions to break in to the network.
So what can the network administrator do to reduce the risks posed by teleworkers to acceptable levels?