Do You Know Where Those Laptops Have Been?
The rise of mobile devices and public wireless web access has increased workers’ productivity exponentially. But there’s a dark side to the trend: the increased security risks that come with linking to unprotected public networks.
Dirty Deeds
The chain of events that leads to a security breach often begins innocently enough, when a mobile worker finds a convenient wireless network at an airport or bookstore. The trouble doesn’t start until the worker’s laptop picks up a virus, worm, remote control application or other malicious code while attached to the public connection. As soon as the worker returns to the office and plugs into his or her corporate network, the intruder can spread and replicate itself, leaving the enterprise vulnerable to damage, data loss and outright theft. Typical security measures, which are aimed at keeping unauthorized users out of the network, do nothing to prevent such a scenario from occurring.
“A username and password aren’t enough anymore,” says Kevin Hallmark, a security specialist. “Companies need to make sure every device accessing the network is clean and uncompromised.”
Hallmark recommends installing antivirus and firewall programs on all laptops and desktops as the first line of defense. However, he cautions that companies should not let their employees stop there. Because many mobile users turn their computers’ security features off when they’re on the road, or never enable them at all, an enterprise’s network administrator must take additional measures to enforce compliance with the company’s security policy. The most efficient way to do this is through network admission control (NAC), a new industry initiative sponsored by Cisco Systems and supported by a range of security software manufacturers, including Computer Associates, IBM, McAfee, Symantec and Trend Micro.
Clean Up Your Act
NAC prevents network contamination — and forces users to maintain up-to-date security — by denying access to any device it recognizes as compromised or lacking sufficient protection. A NAC software solution sits behind a network access device, such as a VPN concentrator or wireless access point, and inspects all computers requesting authorization. If a user tries to log on from a machine that’s carrying a virus, worm or intrusion signature, or one without current signature files, the NAC software refuses access and opens a browser window with an error message that tells the user why he or she was denied. (In some cases, the user may be admitted to a quarantined area of the network or allowed restricted access to resources.) The user then receives instructions for cleaning the machine and updating patches and virus signature files. Because NAC handles these situations automatically, it saves the network administrator the effort of checking every laptop and desktop that accesses the network to make sure that security protection is turned on and up-to-date, as well as the work of regularly pushing new patches and signature files out to users.
Currently, the only NAC solution on the market is Cisco Security Agent, which is included in CiscoWorks Management Center for Cisco Security Agents and is part of the CiscoWorks VPN/Security Management Solution. It can be combined with Cisco Clean Access for even more stringent authorization and protection. To keep the solution working properly, network administrators must ensure that their authorization servers are updated with the latest virus and worm information at all times. This process is made easier by manufacturers supporting NAC, who bundle their software products with Cisco Trust Agent, an application that provides automatic updates to the authentication server.
By combining NAC technology with traditional security tools, you can create an integrated solution that will keep your company’s networks safe from threats both at home and abroad..
by Vanessa Gonzales
|