 Do
You Know Where Those Laptops Have Been?
The
rise of mobile devices and public wireless web access has
increased workers' productivity exponentially. But there's a
dark side to the trend: the increased security risks that
come with linking to unprotected public networks.
Dirty Deeds
The chain of events that leads to a security breach often
begins innocently enough, when a mobile worker finds a
convenient wireless network at an airport or bookstore. The
trouble doesn't start until the worker's laptop picks up a
virus, worm, remote control application or other malicious
code while attached to the public connection. As soon as the
worker returns to the office and plugs into his or her
corporate network, the intruder can spread and replicate
itself, leaving the enterprise vulnerable to damage, data
loss and outright theft. Typical security measures, which
are aimed at keeping unauthorized users out of the network,
do nothing to prevent such a scenario from occurring.
"A username and password aren't enough anymore," says Kevin
Hallmark, a security specialist. "Companies need to make
sure every device accessing the network is clean and
uncompromised."
Hallmark recommends installing antivirus and firewall
programs on all laptops and desktops as the first line of
defense. However, he cautions that companies should not let
their employees stop there. Because many mobile users turn
their computers' security features off when they're on the
road, or never enable them at all, an enterprise's network
administrator must take additional measures to enforce
compliance with the company's security policy. The most
efficient way to do this is through network admission
control (NAC), a new industry initiative sponsored by Cisco
Systems and supported by a range of security software
manufacturers, including Computer Associates, IBM, McAfee,
Symantec and Trend Micro.
Clean Up Your Act
NAC prevents network contamination -- and forces users to
maintain up-to-date security -- by denying access to any
device it recognizes as compromised or lacking sufficient
protection. A NAC software solution sits behind a network
access device, such as a VPN concentrator or wireless access
point, and inspects all computers requesting authorization.
If a user tries to log on from a machine that's carrying a
virus, worm or intrusion signature, or one without current
signature files, the NAC software refuses access and opens a
browser window with an error message that tells the user why
he or she was denied. (In some cases, the user may be
admitted to a quarantined area of the network or allowed
restricted access to resources.) The user then receives
instructions for cleaning the machine and updating patches
and virus signature files. Because NAC handles these
situations automatically, it saves the network administrator
the effort of checking every laptop and desktop that
accesses the network to make sure that security protection
is turned on and up-to-date, as well as the work of
regularly pushing new patches and signature files out to
users.
Currently, the only NAC solution on the market is Cisco
Security Agent, which is included in CiscoWorks Management
Center for Cisco Security Agents and is part of the
CiscoWorks VPN/Security Management Solution. It can be
combined with Cisco Clean Access for even more stringent
authorization and protection. To keep the solution working
properly, network administrators must ensure that their
authorization servers are updated with the latest virus and
worm information at all times. This process is made easier
by manufacturers supporting NAC, who bundle their software
products with Cisco Trust Agent, an application that
provides automatic updates to the authentication server.
By combining NAC technology with traditional security tools,
you can create an integrated solution that will keep your
company's networks safe from threats both at home and
abroad..
by Vanessa Gonzales |
