Did You Leave the Back Door to Your Business Open? Remote Access and Network Security

In these days of frequent business travel, working from home, and outsourcing work to independent contractors, you probably have some sort of remote access to your business networks. If your network is not properly secured and you do not implement appropriate remote access controls, you could discover that you have left the back door to your business open and allowed the wrong people to walk in.

Remote network access can be a wonderful thing. No matter where you are, you can log onto your network and access all the information stored there. It gives a great sense of freedom to know that by installing some remote access software and having access to the internet, you can manage your business at any time from any place. Remote network access also gives you the freedom to provide telecommuters and independent contractors access to your business information, enabling them to work for you from a remote location. Doing this is probably both efficient and economical for your business.

Stop for a moment, and think about the number of people who have remote access to your network:

" Employees using laptops and other devices when traveling

" Employees using home computers

" People in branch offices or retail locations

" Sales representatives

" Telecommuting employees

" Independent contractors to whom you outsource work

" Suppliers or vendors

" Business partners

" Customers or clients

To be sure, you almost certainly grant some groups of people only limited access to your network or access to only certain data. But, let's face it, you could be opening hundreds or even thousands of doors to your business.

Now consider that many of your most valuable company assets are probably stored on your network:

" Product information

" Legal and financial information

" Competitive analysis

" Customer profiles and sales history

" Research and development data

" Employee data

Inadequate remote access security can leave your business and the personal information of hundreds of individuals and companies at risk.

Every person who has remote access to your network has the ability to open the door to your business using some device. Whether that device is a home computer accessing your network through a phone line, cable or DSL, the device can be used to open a door. If you don't know how secure the device and the connection are, you are essentially leaving that door to your business unlocked. Once you leave a door unlocked, you no longer have control of who walks in or of what they can see or take without adequate security.

Consider the possibilities:

" An employee's child downloads a game to her home computer without realizing spyware has also been installed. When your employee downloads a file on your new product to that same home computer, your competitive advantage could be gone.

" You, the chief executive of your company, often work from home early in the morning. To save time, you tell your computer to "remember" your log-on and password. Your house is robbed and your home computer is stolen. The thief has full access to both your personal information and your business.

" The head of R&D for your company regularly takes a company laptop home in order to work on weekends. Without his knowledge, his son has downloaded a game, complete with a worm. When the head of R&D logs on to work, he introduces the worm and all those critical research files disappear.

How do you protect your business? You protect your business by closing and locking all of the doors. You establish policies and procedures about use of company equipment and about remote access to files. You build security for your network, and you build additional security for sensitive data. You restrict access by employees to certain websites from company equipment, and you prohibit placement of cookies and spyware on your system or your equipment. Then you layer the protection provided by your security system. Finally, you engage IT people to constantly monitor and update the security of your network.

The bottom line is this: Remote Access can open a back door to your network, putting your business at risk. You can, however, give people remote access to business data they need, and, at the same time, protect your business and your business data.

Copyright (c) 2007 Thomas Burns

Thomas Burns, founder and CEO of Intelligent Networks Services (INS) has been an industry expert in computer network and technology for over 20 years. Under his careful supervision, INS has become a leading, full service IT support company servicing small to mid-sized businesses in Silicon Valley. INS's goal is to save their client's money by focusing on preventative maintenance and intelligent network designs. For more information go to: [http://www.intelligentns.com/subscribe] and receive your complimentary network evaluation.

Remote Email Access

The advancement of wireless technology has brought the world together, with easy and convenient access to information, whenever we need and wherever we are. Remote Email Access is one example of the flexibility provided by the remote access technology. Remote Email Access gives the user the ability to access, receive and send emails wherever he or she is located.

There are two approaches to Remote Email Access, depending on how conveniently and frequently you can access the computer. In case you have a computer at your disposal than the POP approach best works, but if you are dependent on a cyber caf�, than you may prefer web access instead.

POP stands for post office protocol and is the way real email systems work. To access your mail using POP, you need to access a POP server that verifies your username and password before granting you access to your emails. Once the mail is downloaded on your system, it is deleted from the POP server. You can access these mails even when you are offline. To access your mails through POP, you would use email client software such as Eudora, Pegasus or Outlook, or the email component of a web browser suite such as Outlook Express or Netscape Messenger.

An alternative way to access mails is to use a web browser such as MS Internet Explorer, Netscape Navigator or Opera to visit a web site, than you need to sign in with a user id and password, and then read your mail online. The biggest advantage of web access is that you can check your mails through any computer that has a web browser installed. The only disadvantage is that you have to be online all the time while checking, receiving or sending mails.

Thus, you can use either of the two options according to your convenience and access and exchange your mails with your boss, friends or relatives, wherever you are.

Remote Access provides detailed information about remote access, remote PC access, secure remote access, remote internet access and more. Remote Access is the sister site of FTP Site Hosting.

Out of band remote control of devices, MDM and AMT what the future holds

Out of Band communication has arrived, as bandwidth has become commoditised. Device management is important. This article will cover two emerging technologies MDM and AMT and what the future holds for device management. Both technologies are developing rapidly, MDM in the mobile device market and AMT for the Intel based desktop PC?s on the LAN.

Mobile device management or MDM is now a familiar term describing solutions and technologies which enable the remote management of our growing estate of mobile devices including laptops, PDA?s, smart phones and tablets. MDM secures and monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises.

The growing popularity of these devices due to the commoditization of wireless internet access, their ever growing powerful operating systems and accessibility by the majority, make them an essential tool to own for enterprise today. These devices are no longer used for the sole purposes of personal information management, while the applications are now endless.? More businesses than ever before are facing the challenge of how to fully provision, manage and secure mobile devices in their corporate environments. Desktops and all these mobile devices are uniting and require a single platform to manage, both personal and corporate.

The cost of owning a Mobile device is high given its uses within an enterprise, as they are very mobile and thus vulnerable to being lost, stolen or damaged. However, the advantages of having a mobile device with its endless applications at your fingertips outweigh the cost. Thus given the potential, it is agreeable that having a mobile device management solution is essential for the effective implementation and execution of a mobility strategy. The most common issue is that of compliance relating to corporate data on mobile devices, be it personal devices or company issued. The intent of MDM is to optimize the functionality and security when using mobile devices while minimizing cost and downtime.

Most mobile device management solutions would offer a variation on the following functions:

Management of software

Ability to remotely assign software to the device, this is useful for when updates or patches are needed, and distribution of applications.

Management of Assets

The ability to group or categorise and generate inventory of managed devices.

Management of configuration

The ability to change the settings within the group of devices, OTA (Over The Air) settings like WPA keys deployed to all devices.

Security management

There are various forms of security offered for mobile devices such as, password policy enforcement, remote locking of the device as well as the ability to remotely wipe all data on the device.

Back up and restoration

The ability to store a backup of files or folders from the device in the unfortunate event of the device being damaged, or becoming inoperative for one or other reason. Allowing restoration at some point.

Measuring performance and diagnostics

Reporting and alerting concerning your devices performance with regards to battery life, memory and network information

Before you put a MDM solution in place consider the following:

Be realistic in your chosen policy and get management buy in.
a.?????? This is accomplished through supporting multiple device platforms and allowing personal devices alongside corporate devices, and agreeing with management a reasonable enforceable policy. Put in place a multi-platform inventory and reporting tool from the beginning.
a.?????? You should have a MDM tool that is able to quantify the mobile devices within the business, this way you ensure control of mobile devices. You would be able to identify which devices should be in use or the devices that should not be in use. Enforce security precaution within the business
a.??????Physical security is still important
b.????? Password/PIN when powering the device on, mirroring corporate password policy.
c.?????? Enable local encryption.
d.????? Allow remote wiping if the need occurs.
e.??????Make Bluetooth hidden as a security measure. Plan for a single console multi-platform MDM solution
a.?????? Look for a MDM platform that can manage various devices alongside one another. In the long term this will be beneficial as it will reduce set-up costs, improve functionality and efficiency, and create a singular viewpoint into the devices and data for maintenance and security.
b.????? Be sure that the reporting/inventory tool combines both your existing solution and your new multi-platform MDM solution.?Avoid manual processes to access information on your mobile devices. Rely on your reporting and inventory tool for this. It will be more effective in the long run and is scalable.
c.?????? Consider a cloud based solution, it is as effective and more economical and will have global reach of all your devices including your wintel platform. Ensure that there is a backup and recovery service available, that is either compliment or included in the platform. You can choose to limit the transfer of data, or prepare for the bills, especially for roaming users. Ensure security is also covered, there are many MDM vendors that have forgotten the essential security rational which should be the focus of MDM.? Elements like DLP, AV and all the other security controls should be standard and not retrospectively bolted onto MDM at a later stage.? So, words of warning pick your vendor carefully and be weary of flash in the pan start-ups. Increase mobile device security by installing firewall, anti-virus and intrusion prevention tools, ideally part of the same solution.

There are a large number of vendors selling MDM Solutions including on-premise and cloud-based solutions.? Both solutions having their pros and cons, the cloud-based solution is more appealing due to its favourable capex/opex.

The enterprise should carefully consider their requirements, and research the various vendors and solutions to find the one most suited to them as a company. As each Vendor claims to have a Mobile Device Management Solution, they all provide some different features, yet some features might be more prominent with one solution than another, and vice versa. The key is to understand your own requirements and work with those to achieve the most effective solution.

For example:

If your enterprise has limited security and management requirements, and profound control is not accepted by employees using personal devices. It?s probably best to choose a Vendor with a solution that supports a lightweight management approach. If your enterprise requires strict security and compliance requirements, then choose a vendor with a solution that supports a heavyweight approach to security and management of the devices.

The effective solution for one enterprise may not be the best solution for another.?

AMT or Active Management Technology is a management and security solution from Intel. It is an out of band remote management technology. It uses a dedicated communication channel which is part of an Intel AMT enabled chipset, thus making use of a hardware based platform.? It works independently of the platform processor and operating system.

This technology allows for ease of desktop and notebook security, maintenance, monitoring, repairing and updating all remotely. This is achieved through its independence of the processor and operating system so remote management applications can access AMT even when the device is turned off.

Out of band management, including rebooting PC?s, remote BIOS updates, access to event logs and asset information as well as sending of alert messages. Its main defence feature is through blocking outside threats, preventing infected PC?s from spreading viruses to other networked PC?s. It sends alert messaging when the firewall or anti-virus software has been disabled. It also automatically updates the antivirus software. AMT provides authentication and encryption; these features can be activated only by authorised management consoles. Another advantage of AMT being hardware is that this feature can?t be removed by users. If a desktop on the network has been corrupted in some or other way, it can be rebooted from files on another system on the network.AMT is a powerful tool for remote and out of band management of PC?s using the hardware, however, it is limited to Desktops that have the Intel hardware only. AMT is purely a desktop management technology and is not suited to server technology yet. In due time, it may move to server management. AMT does not possess the features to replace service processors for server management. There is no out of band network access as AMT works over the main production network. It is thus unsuitable for administering servers in datacentres with management networks. It has great features for client PC management but the downfall is that it does not offer any virtual hardware or features like support power, temperature and fan speed monitoring to name a few. AMT is an advanced piece of technology and enables development of powerful management tools, however due to its unlimited permissions it could leave room for potential security downfalls.

Technologies for management and securing ones devices both mobile and desktop PC?s are quickly emerging and vital for compliance, as the market adapts and rapidly evolves. A management and security solution has become a necessity for all enterprises or anyone owning a personal computing device of any sort. The increasing complexity of these devices makes it a prerequisite, even if it is solely for the purpose of ease of management and compliance.

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=242485732454577"; fjs.parentNode.insertBefore(js, fjs);}(document, 'script', 'facebook-jssdk'));

Ricky M Magalhaes is an International Information Security business specialist, author and consultant, working with a myriad of high profile organizations. He has been consulting in the information security field for over thirteen years and continues to promote information security best practice, strategic security and creative ways to achieve compliance to many top international entities. He has trained government agencies and other governmental entities on various information security disciplines and has speaks at national and international conferences on behalf of companies software and security vendors.

Click here for Ricky M. Magalhaes's section.

View the original article here