|
Written by Evan Conway
|
|
Security Mistake #5: Expecting Employees to Never Use Untrusted PCs for Work
Companies assume if they give employees a laptop, set it up with antivirus, firewall, and all the latest patches, that the computer will stay up-to-date for the next several months. The employee is expected to bring their laptop back to work for another update once the previously installed components have expired. Companies also believe that banning users from using home PCs or kiosks will prevent users from exposing the company network to other potential threats by doing activities such as emailing company files to themselves or copying the files to a disk. Again, a VPN that can secure all types of PCs is required if the corporate network is to stay safe and free from viruses. It also makes sense to use a VPN service that provides end user support. Furthermore, end users shouldn't be afraid to ask for help to repair problems when they occur. This is a big task for an overworked IT staff to take on after-hours, let alone for a small business that doesn't have a helpdesk. |
|
Read more...
|
|
|
Written by Evan Conway
|
|
Security Mistake #4: Assuming Citrix & MS Terminal Server Eliminate the Need for Endpoint Security
The assumption that endpoint security is unnecessary when you have a Citrix or Microsoft Terminal Server deployed for remote access is another mistake commonly found in enterprises. Data is transferred, even if only in graphical format, to the end user's insecure PC. Moreover, file sharing and printer sharing are frequently-used capabilities, which also open up additional pipelines for viruses and worms to propagate onto a corporate network. If someone can connect directly into a server, they can run exploits against your server, take guesses at users' corporate passwords, and easily direct a Denial-of-Service attack at the server. Here is a fact: A new Citrix exploit is discovered every few months (including remote overflows and arbitrary command execution vulnerabilities). Source: Open Source Vulnerability Database (www.osvdb.org) |
|
Read more...
|
|
|
Written by Evan Conway
|
|
Security Mistake #3: Leaving Critical Servers Accessible from the Internet
The problem, then, is most VPN clients, especially those that are web-based, don't do any kind of security check. Those that do, often only perform an initial, limited test when the end-user is first connected. This test normally checks for confirmation that firewall or anti-virus software is installed. What happens if a user is connected to the VPN and the virus scanner is suddenly disabled? |
|
Read more...
|
|
|
|
