VPN Haus

Open Haus: Wi-Fi and Seamless Roaming for Mobile Workers

Posted: 24th February 2015 by VPN Haus in VPN, Wi-Fi
Tags: Open Haus, seamless roaming, Wi-Fi networks

When you hear the term “mobile worker,” what image comes to mind? Is it the employee who is constantly taking his laptop into different corners of the office, working from their desk, conference rooms and couches? Or is it the “road warrior” executive who works from airports, trains, cafés, hotels and anywhere else she can find a Wi-Fi or 3G/4G connection?

Whatever you picture, the fact is that mobility is now a key expectation of many employees. Those who work from laptops, tablets and other mobile devices need to be certain that the technology they depend on is able to follow them from place to place, without any service interruption.

As an example, remote workers often use a VPN to securely connect to their corporate network, no matter their location. But what happens if their network connection changes? Imagine an employee who works on her laptop while commuting by train, but constantly loses her Wi-Fi connection as she travels. You’d think that every time the network connection switches between Wi-Fi and 4G, she would need to log into her VPN. The employee would get frustrated and not be nearly as productive.

To avoid this scenario and others that impede mobile working, NCP engineering developed two key additions to its Remote Access VPN solution – Wi-Fi roaming and seamless roaming. With these features, the VPN tunnel connection is constantly maintained without disrupting the user’s computing session, even if their network connection changes.

Here’s how these two features enhance NCP engineering’s Remote Access VPN solution:

Wi-Fi Roaming

Say a remote worker moves within the range of several wireless access points using the same SSID. Without Wi-Fi roaming, the user would have to set up a new data connection and log into the gateway, again and again, to maintain the VPN connection.

But with NCP’s VPN Clients managing the network connection, the system roams access points within a company network as the user changes locations and IP addresses, and automatically chooses the strongest access point available. The applications that communicate via a tunnel do not even “notice” the access point roaming process, allowing for continuous, uninterrupted, secure remote access.

Seamless Roaming

Seamless roaming is the logical advancement from Wi-Fi roaming, in that it facilitates transitions when a user moves between different networks, not just within the same Wi-Fi area. With seamless roaming, the VPN client automatically selects the optimal connection medium, and then as devices move between Ethernet LAN, Wireless LAN (Wi-Fi) or cellular connections (3G and 4G), the user does not have to do any additional work to maintain the VPN connection.

This feature enables the user’s device to remain “always on,” without any disruption to the applications of the mobile telework station. It also enables the client to automatically change the communication medium during a session and to dynamically redirect the VPN tunnel, without the user noticing. This will be a very important feature in connected cars as they become more prominent.

Technology to Support Mobility

As workplaces become increasingly flexible and dispersed, technology to minimize interruptions to productivity must become more agile than ever before. With Wi-Fi and seamless roaming integrated into a company’s remote access solution, workers won’t have to choose between mobility and productivity.

<Open Haus is a monthly series that explores the key features of NCP’s Remote Access VPN>

Want to learn more about securing M2M communications? Download our whitepaper “Managing Secure Communications in M2M Environments” to find out more.

Secure M2M Communication

In Managing Secure Communications in M2M Environments, we cover:

– How to choose a connection method that’s right for your application.
– How to configure end devices so they can perform authentication steps.
– How to manage VPN configurations and updates without human interaction.

Download Now

How to Manage Secure Communications in M2M Environments

Posted: 18th February 2015 by VPN Haus in Endpoint Management, Rethink Remote Access
Tags: m2m communications, secure remote access

NCP Webinar

For all the talk of the Internet of Things (IoT) and machine-to-machine (M2M) communications making our lives easier, there always seems to be a cautionary tale involving security of these devices around every corner.

Take self-driving cars – something it seems like almost everyone would want. That is, until last summer, when the cybersecurity community raised a red flag around connected cars, and the possibility that hackers could tap into a vehicle’s network and disrupt its operating system.

The same concerns have followed connected televisions. As of a year ago, smart TVs had taken over about one-third of the flat-screen television market. Then, just last week, news outlets picked up on the possibility that Samsung’s smart televisions could effectively “eavesdrop” on conversations, and that the company could then pass that information along to third parties.

Although these specific examples are recent, questions about network security in M2M communications and the IoT are not new. ZDNet flagged the issue back in January 2013, in an article that posited security concerns could prevent M2M from reaching its full potential.

Although M2M communications have actually been common for decades, they have never before been quite as widespread as they are now, and they now communicate over the open, public Internet, versus being confined to limited, secure networks. As NetIQ’s Ian Yip told ZDNet, in many cases security is an afterthought – it is something that is a “retrofit” to M2M.

This is a mistake. Security needs to be considered from the very beginning. M2M security is already difficult enough, as human beings aren’t even part of the communications process.

And as the Internet of Things becomes a part of our everyday lives, already infiltrating the workplace, enterprises and network security professionals are left with the challenge of protecting the remote communications between millions of devices in M2M environments. How many millions? By 2017, M2M market volume is expected to reach 470 million modules, according to IDATE.

To manage these devices, network administrators must put reliable remote access solutions in place, especially for business-critical systems. Failure to do so could lead to lost revenue, upset customers or users, and high restoration costs. And in the case of systems that involve sensitive information, secure networks could be a requirement to reach compliance with HIPAA, PCI or SOX.

The road to reaching secure M2M communications is a long one. Administrators have to consider which connection methods are the right fit for their applications, how to configure end devices so they can perform authentication steps, and how to manage VPN configurations and updates without human interaction.

But once they get there, network administrators will help unlock a whole, secure world of IoT and M2M communications – with reduced risk of a security breach.

To learn more, join NCP engineering and Julian Weinberger, CISSP, Director of Systems Engineering, for the webinar, “Managing Secure Communications in M2M Environments,” Tuesday, February 24, 2015 at 2 p.m. EST. Attendees will also receive a free copy of our white paper on the same topic:

Secure M2M Communication

In Managing Secure Communications in M2M Environments, we cover:

Download Now

Europe: More than Just ‘Stumbling Forward’ to Improved Cybersecurity

Posted: 11th February 2015 by VPN Haus in Industry Commentary, IT policy
Tags: government IT, remote access security

Image via Creative Commons/Xavier Hape (CC BY 2.0)

Two years ago almost to the day, months before cyberattacks entered the world’s collective consciousness, the European Union took the bold step of publishing an ambitious cybersecurity strategy. The strategy aims to outline the best path forward for identifying and responding to emerging digital threats.

Orchestrators of the plan, “An Open, Safe and Secure Cyberspace,” believed that it would be a central step towards creating an environment in which the digital economy could thrive, having so far been largely isolated from attacks but known to be vulnerable. As the European Commission’s Catherine Ashton said, “For cyberspace to remain open and free, the same norms, principles and values that the EU upholds offline, should also apply online.”

Since its inception in 2013, the EU’s Cybersecurity Strategy has focused on five pillars, namely:

Achieving cyber resilience
Reducing cyber crime
Building cyber defense policies
Deploying new cybersecurity technologies
Creating a central international cybersecurity policy.

Even in this short period of time, significant strides have been made towards adoption. The NIS Directive has been a cornerstone piece of legislation resulting from the plan. It requires EU member states to adopt a national strategy that “sets out concrete policy and regulatory measures to maintain a level of network and information security.” The Directive also requires private entities to disclose major cyberattacks.

As Defense One points out, this amount of progress is no small feat, as institutions within the EU generally “stumble forward” because of the fragmentation that is inherent to the union. In the case of the Cybersecurity Strategy, three separate EU institutions – the Directorate General for Home Affairs, the European Council and European External Action Service, and the Directorate General for Economic Affairs – have been required to work in tandem for the initiative to be successful.

Unfortunately, even as the Cybersecurity Strategy has come together, questions remain among the government organizations that are ultimately impacted by the Strategy’s mandates. With regards to the NIS Directive, which will likely require compliance by 2017, three in five organizations say they have received either little or no clear guidance on the legislation, and one-third say they don’t understand the impact of the legislation. That’s according to a study by security firm FireEye.

The EU’s efforts continue to be a work in progress. That being said, it’s arguably more legislative progress in support of cybersecurity than has been seen in the United States. Across the pond, although the White House’s recent budget proposal has encouraged more funding to bolster cybersecurity, most U.S. federal agencies still aren’t doing enough. The Brookings Institute has described federal efforts as “abysmal.” Specifically, Brookings found that fewer than half of all U.S. federal agency strategic plans mention cybersecurity.

This is notable, because the public sector has an opportunity to show the private sector how network security should be done. Private organizations need to have some sort of model to follow, as they wade into what may be the unfamiliar waters of cybersecurity.

One of the lessons network administrators will quickly learn, particularly as they secure remote access for their employees, is how valuable it is to manage a VPN network from a single point of administration. As an organization scales, the network needs to keep up with the growth, without sacrificing security or efficiency, no matter how many new users or endpoints are added.

As network administrators adopt best practices like these, they not only protect themselves, but they help build the “open, safe and secure cyberspace” envisioned by initiatives like the EU Cybersecurity Strategy.

Want to learn more about securing M2M communications? Join us for our webinar “Managing Secure Communications in M2M Environments,” 2 p.m. EST, Tuesday, February 24, or download our new whitepaper:

Secure M2M Communication

In Managing Secure Communications in M2M Environments, we cover:

Download Now

White House Turns Attention to Cybersecurity

Posted: 5th February 2015 by VPN Haus in HIPAA, IT policy
Tags: Defense-in-depth, government IT, HIPAA

Cyberattackers and hackers operate in the shadows, lurking away from where conventional law enforcement can easily identify and investigate them. They prefer secrecy and anonymity.

But they may not have that luxury any longer – not since the federal government and the White House, specifically, have escalated their focus on cybersecurity.

First, President Barack Obama addressed the issue during his State of the Union address earlier this month, declaring, “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.”

To back up his comments, the president also submitted a budget proposal that allocates funding toward combating cyberattacks. In the initial proposal, the president called for cybersecurity spending to increase by 10 percent to $14 billion – all in an effort to improve detection of and response to the kinds of massive attacks that have plagued both the public and private sector over the last year.

Specifically, the budget proposal calls for:

Improved data sharing
Increased monitoring and diagnostics of federal computer networks
More widespread deployment of the EINSTEIN intrusion detection and prevention system
Government-wide testing and incident-response training
New teams of engineers and technology consultants

In the White House’s explanation of these budget items, it said, “Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity.”

The cybersecurity community has largely lauded the budget and the government’s increased attention to the issue, and some have pointed out additional ways the public sector could help. Tony Cole, vice president at security firm FireEye, told U.S. News and World Report that he is in favor of a federal data breach notification standard, which he says would “raise awareness about the issue at companies by making it a bigger part of company policy.”

What Cole is suggesting seems similar to the existing government mandates around the HIPAA Act. If healthcare providers suffer a data breach affecting 500 or more patients, they are required to disclose the incident to the Department of Health and Human Services, which tracks breaches on its site. Providers are also required to pay fines, ranging from $100 per violation up to $50,000 when the incident is due to “willful neglect” and is not corrected.

Would such a system work outside of the healthcare industry? At the very least, it would be an additional incentive for private sector technology administrators to get their network security houses in order.

Cole also said he thinks businesses need to allocate more of their own resources toward network security. And he’s right. Technology administrators are more likely to successfully defend their networks when they deploy a suite of different solutions, ranging from VPNs with central management capabilities to firewalls and other intrusion-detection systems. In a defense-in-depth model such as this, where all platforms work together as fail-safes, the chances of a successful attack are far less likely.

Together, between these improvements at the business level, and the government raising awareness of pervasive threats and the need to combat them, we’ll all be better protected.

Secure M2M Communication

In Managing Secure Communications in M2M Environments, we cover:

Download Now

Two-Factor Authentication Transforms Even ‘123456’ Into a Secure Password

Posted: 28th January 2015 by VPN Haus in 2 Factor Authentication, Rethink Remote Access
Tags: passwords, two-factor authentication

Since 2011, the same two passwords have ranked as the most common (and worst) among users. Care to take a guess as to what they are?

You don’t have to be a savvy hacker to figure them out – “123456” and “password” have again topped the list this year. The good news is the prevalence of these two passwords in particular has fallen quite a bit, from 8.5 percent of all passwords in 2011 to less than 1 percent now.

As a password to an individual’s Facebook or Tumblr account, these are probably adequate. The accounts they’re “protecting” are low-profile, unlikely targets, and hackers wouldn’t really gain much from breaking into them anyway. It’s a different story when a user sets up a work-related email or credit card account – much more likely targets of attackers – using these easy-to-crack passwords.

Instead of using brute force and repeatedly trying passwords, hackers barely have to break a sweat or exert any effort. They can simply type in “1-2-3-4-5-6″ or “p-a-s-s-w-o-r-d” and they’ll be granted entry on their first try. A gold mine of information suddenly materializes right at their fingertips.

At first glance, network administrators appear to have a few different courses of action to prevent these types of weak passwords and shore up their network security. They could try employee education – teaching their workforce best practices when it comes to setting up their credentials. Or they could provide them with tools that both randomly generate secure passwords and then store them securely for easy recall.

The problem with each of these solutions is that they’re really just temporary bandages – they still don’t account completely for the human factor. An employee could still circumvent these processes, either deliberately, for convenience, or accidentally. Then the network administrator is back to square one – the network security vulnerability still exists.

A stronger solution for IT departments is two-factor authentication. By adding another step to the user verification process, beyond requiring just a password, the security of the account suddenly becomes much stronger. This is why nine in 10 global IT managers said they would plan to use one-time passwords (OTP) in 2014 as part of a two-factor authentication strategy to help improve their network security.

So why isn’t every IT department rolling out this seemingly ironclad method of verification across the board? The answer is simple. As is often the case with any issue involving network security, the conflict lies in the balance between convenience, resources and security. Simply, it’s not practical or expedient for every server or file folder to be accessible only through two-factor authentication.

At the same time, selectively protecting only certain files through two-factor authentication could leave an entire network vulnerable. As PC World’s Tony Bradley points out, “It’s like locking every door and window in your house except for one, and hoping a burglar isn’t thorough enough to find the one unlocked entrance.”

Bradley is right. And to elaborate on his point, one of the most glaring “unlocked entrances” a network can have is in its remote access infrastructure. Fortunately, some VPNs come equipped with secure enterprise management capabilities that include support for two-factor authentication and a randomly generated, one-time password sent to a user via SMS.

When faced with this additional hurdle, any hacker hoping to exploit a remote access vulnerability would be even less likely to successfully break into an account, even if a user made the mistake of setting a password to a laughably common one like “123456” or “password.”

Secure M2M Communication

In Managing Secure Communications in M2M Environments, we cover:

Download Now

VPN Haus

Email Subscription

Get NCP’s VPN for Android

Connect With Us

Contributing Member

Want to contribute?

Industry Recognition

Recent Posts

Categories

Blogroll

Archives

Open Haus: Wi-Fi and Seamless Roaming for Mobile Workers

How to Manage Secure Communications in M2M Environments

Europe: More than Just ‘Stumbling Forward’ to Improved Cybersecurity

White House Turns Attention to Cybersecurity

Two-Factor Authentication Transforms Even ‘123456’ Into a Secure Password