Security Mistake #3: Leaving Critical Servers Accessible from the Internet

The problem, then, is most VPN clients, especially those that are web-based, don't do any kind of security check. Those that do, often only perform an initial, limited test when the end-user is first connected. This test normally checks for confirmation that firewall or anti-virus software is installed. What happens if a user is connected to the VPN and the virus scanner is suddenly disabled?

Another security area companies often compromise is leaving critical servers accessible from the Internet. This can be in the form of a web portal, Citrix or Terminal Server, web-based e-mail, or an external website for third parties. Each of these applications creates a hole in a company's firewall to a server running software that can have remote exploits. Microsoft, Apache, SQL and SAP have all had their share of vulnerabilities. Even a large business that gives access to proprietary information through a database connection still creates a potential problem. In other words, the most secure vault isn't going to help you if the door is left open.

The goal of VPN deployment should be something that's easy and secure enough for everyone to use, including outside vendors, remote users, and IT administrators. With PositivePRO, the VPN is put behind a firewall, users then execute off-site authentication to the VPN and complete a full security lockdown. All of this takes place before they can begin communicating with the corporate server(s).