Phone Authentication news, updates and regulations. http://www.phoneauthentication.org 2010-03-13T20:28:06+01:00 http://www.phoneauthentication.org http://www.phoneauthentication.org/images/M_images/logo.gif text/html 2008-03-10T07:25:26+01:00 http://www.phoneauthentication.org http://www.phoneauthentication.org/Latest/Never-Expect-Employees-to-Never-Use-Untrusted-PCs-for-Work.html Security Mistake #5: Expecting Employees to Never Use Untrusted PCs for Work Companies assume if they give employees a laptop, set it up with antivirus, firewall, and all the latest patches, that the computer will stay up-to-date for the next several months. The employee is expected to bring their laptop back to work for another update once the previously installed components have expired. Companies also believe that banning users from using home PCs or kiosks will prevent users from exposing the company network to other potential threats by doing activities such as emailing company files to themselves or copying the files to a disk. Again, a VPN that can secure all types of PCs is required if the corporate network is to stay safe and free from viruses. It also makes sense to use a VPN service that provides end user support. Furthermore, end users shouldn't be afraid to ask for help to repair problems when they occur. This is a big task for an overworked IT staff to take on after-hours, let alone for a small business that doesn't have a helpdesk. text/html 2008-03-10T07:24:33+01:00 http://www.phoneauthentication.org http://www.phoneauthentication.org/Latest/Never-Assume-Citrix-and-MS-Terminal-Services-Eliminate-Need-For-Endpoint-Security.html Security Mistake #4: Assuming Citrix MS Terminal Server Eliminate the Need for Endpoint Security The assumption that endpoint security is unnecessary when you have a Citrix or Microsoft Terminal Server deployed for remote access is another mistake commonly found in enterprises. Data is transferred, even if only in graphical format, to the end user's insecure PC. Moreover, file sharing and printer sharing are frequently-used capabilities, which also open up additional pipelines for viruses and worms to propagate onto a corporate network. If someone can connect directly into a server, they can run exploits against your server, take guesses at users' corporate passwords, and easily direct a Denial-of-Service attack at the server. Here is a fact: A new Citrix exploit is discovered every few months (including remote overflows and arbitrary command execution vulnerabilities). Source: Open Source Vulnerability Database (www.osvdb.org) text/html 2008-03-10T07:23:27+01:00 http://www.phoneauthentication.org http://www.phoneauthentication.org/Latest/Leaving-Critical-Servers-Accessible-from-the-Internet.html Security Mistake #3: Leaving Critical Servers Accessible from the Internet The problem, then, is most VPN clients, especially those that are web-based, don't do any kind of security check. Those that do, often only perform an initial, limited test when the end-user is first connected. This test normally checks for confirmation that firewall or anti-virus software is installed. What happens if a user is connected to the VPN and the virus scanner is suddenly disabled? text/html 2008-03-10T07:22:11+01:00 http://www.phoneauthentication.org http://www.phoneauthentication.org/Latest/Ignoring-Spyware-and-Critical-Updates.html Security Mistake #2: Ignoring Spyware and Critical Updates Viruses are a problem in businesses today. For this reason, we have outlined security mistake #2 as a critical point. A firewall is necessary, but because both spyware and operating system Critical Updates are much newer problems, they are the biggest loop holes in VPN security today. Companies ignore these problems, because they normally lack the tools to manage them. text/html 2008-03-10T07:20:41+01:00 http://www.phoneauthentication.org http://www.phoneauthentication.org/Latest/VPN-Security-Mistake-Skipping-Real-Time-Endpoit.html Learn about the most common security mistakes companies make when deploying and managing VPN and endpoint security solutions. Positive Networks, a leader in hosted, managed remote access and endpoint security solutions, has gained invaluable experience implementing thousands of VPNs. As a result, the company's engineers have had the chance to see, and therefore fix, common mistakes made by IT administrators when installing remote access solutions. The goal of this information is to help companies avoid costly errors and offer a hassle-free solution for companies requiring VPN technology. text/html 2008-02-27T19:19:56+01:00 http://www.phoneauthentication.org http://www.phoneauthentication.org/Latest/Authentication-and-Remote-Access.html Authentication and Remote AccessAn effective remote access deployment always includes both endpoint and network security components, including a wide range of safeguards. Virtual private networks (VPN) must authenticate end users, the system to which end users are connecting and the authentication information itself. The PositivePRO service provides the highest level of authentication security available on the market, with the flexibility to accommodate the specific security needs of each customer.