Stay Ahead With Linux Security News

network securitydata protectionuser safety

Effective Mobile User Protection Strategies Against Security Threats

Imagine what it would be like if every user's system was located on your network perimeter and had none of the safeguards your multi-layered security systems provide. Unfortunately, you most likely have such systems: your mobile users. Whether it's your sales force, world-traveling executives or just a user "working from home," these people are separated from all of your inner defenses and are at the mercy of their surroundings. You need a strategy to ensure their systems and their data is as safe on the road as they are in your own borders. . . .. Managing security within the confines of an organization or enterprise is a difficult job. Worms, viruses, spam, malware, port scans and perimeter defense probes are constant threats. Servers and desktop systems require regular patching and monitoring, and IDS signatures and firewall rules are under constant review and tweaking. Thankfully, the desktops and servers sit well protected within the confines of your network. Imagine what it would be like if every user's system was located on your network perimeter and had none of the safeguards your multi-layered security systems provide. Unfortunately, you most likely have such systems: your mobile users. Whether it's your sales force, world-traveling executives or just a user "working from home," these people are separated from all of your inner defenses and are at the mercy of their surroundings. You need a strategy to ensure their systems and their data is as safe on the road as they are in your own borders. A layered defense The best way to safeguard the mobile user is to use the same approach as you would when securing your network: use layers. You have to worry about the physical system security, network security and data security - it just so happens that it's all in one, compact, portable package: convenient for the attackers, not so convenient for those who need to manage those systems. Your first concern is protecting the physical asset, which is most likely a laptop or notebook computer. To do that, you shouldgive Josh Ryder's article on Laptop Security [ref 1] a good read. He has advice on keeping the laptop safe from theft and also on basic security measures, such as BIOS passwords. This step is akin to putting locks on the doors to your buildings. Once you've secured the physical device, you need to switch gears and look at the other areas to secure: network, application/operating system and data. Mobile network security in a connected world Even when your users are mobile, they expect to be able to check e-mail, exchange files and have web access on-the-go. In the past, this would have probably meant dialing into the corporate network remote access service via modem or using a direct ISDN connection. Security was "easy" in those days. Now, most organizations find that it is much more cost effective to let companies like iPass [ref 2] manage the connections - which are usually dial-up, broadband or WLAN Internet hookups - and provide access to corporate systems and data in some other fashion (e.g. SSl/VPN). If you don't have a unified access provider like iPass, users can still take advantage of solutions from services such as Boingo Wireless [ref 3] & T-Mobile [ref 4] and mobile campgrounds in hotels, Starbucks and Borders to make that first connection to the Internet. And that's where the trouble begins: you have a workstation (most likely running a flavor of Microsoft Windows) directly on the Internet, ready to be attacked by every worm, virus and hacker that is plaguing the network address block they were assigned to. Your internal systems are protected by one or more firewalls and that's exactly what is needed here: a personal, mobile firewall. Starting with Windows 2000 and continuing with Windows XP, Microsoft has included a basic firewall with every system that is capable of performing the most important task required of a firewall: keeping the bad packets out. However, there are limitations when using the built-in firewall. Users have to really know what they're doing if they want to do anything beyondblocking all incoming packets. Furthermore, there is no decent GUI to manage the configuration, no built-in reporting tool to examine logs and troubleshoot problems and there is no easy way to deal with users who go back and forth from the road to the office (NOTE: it is easier with XP to create GPO/domain-based rules, but it still is not straightforward). Ideally, the mobile user shouldn't have to know about firewalls at all. They want their mobile experience to be the same as it is on the inside: plug it in and work. Desktop administrators would also prefer that the users not know about the firewall at all, or at least not be able to modify the configurations. There are quite a few personal/desktop firewall products to choose from. Traditional network firewalls employ various methods to allow or deny network access and have strengths and weaknesses in various areas, especially depending on the type of firewall. Desktop/personal firewalls are no different. Here are some elements you should look for: The link for this article located at is no longer available. . Safeguarding mobile users against risks that surpass organizational protections presents a significant challenge. Delve into practical approaches for enhancing their security.. Mobile Security Strategies, Remote User Protection, Data Safety Techniques, Network Access Control. . Anthony Pell

Apr 29, 2004 • Anthony Pell Network Security