Encryption: The Key to Network Security

Posted: 4th December 2013 by VPN Haus in Industry Commentary, VPN
Tags: , , , , , ,
0

In the network security industry, we see firsthand how encryption prevents a wide range of security breaches, protects corporate networks and safeguards sensitive, personal information and communications. As hackers are constantly on the prowl for new methods and attack vectors, and even governments are now monitoring networks, encrypting data has never been more necessary. Despite this increasingly apparent fact, many organizations have been slow to adopt encryption in all of their network communication mediums. The newly released Encrypt the Web report by the Electronic Frontier Foundation (EFF) illustrates that even large, well-known enterprises are susceptible to lapses in properly securing network communications.

Only four out of eighteen enterprises surveyed by the EFF received perfect scores in all five of its encryption best practices categories, which shows that there is still significant progress that needs to be made in securing network communications. A range of other organizations, including such prominent names as Yahoo!, Facebook and Twitter, recognize that securing their data is important, and they are currently planning to encrypt communications between their data centers over the next year, to make sure that sensitive information, such as personal and financial data, is safe at all times. Other businesses should follow their lead.

“They understand their customers want privacy and security, and are willing to deploy additional measures to ensure crypto is in place against a wide variety of attack vectors,” according to Kurt Opsahl, a senior staff attorney with the EFF. “This helps their customers feel more secure about their data.”

Beyond implementing protocols such as HTTPS and STARTTLS to secure communications over the web, as the EFF’s report recommends, enterprises must secure remote access to their networks on all fronts, including utilizing VPNs to safeguard connections to corporate networks. These robust technologies create a highly secure encrypted tunnel that gives employees access to a network without the possibility of information being intercepted. Cutting-edge VPNs go a step further, in fact, by supporting emerging encryption standards, such as Elliptic Curve Cryptography (ECC).

Enterprises need to fully embrace encryption now. By embedding it in an organization’s culture and within every information transmission medium, a wide range of attacks can be prevented. The EFF hopes that their report will nudge more enterprises to comprehensively implement encryption, and we hope so, too.

 

 

The Security Risks of Remote Support Tools

Posted: 26th November 2013 by VPN Haus in Certificates, Industry Commentary, IPsec, Mobile, VPN
Tags: , , , , ,
0

A recent study has come to light which shows that although remote support tools are being increasingly implemented within enterprises, IT decision-makers are uncertain about their safety. They should be, and for good reason.

The study, conducted by Bomgar and Ovum, focused on the challenges that enterprises face in providing remote support to employees who are using a wide range of devices, such as smartphones and tablets. Although remote support technology can be useful in certain scenarios, organizations are often unaware of the security risks and unprepared for breaches.

According to the research, nearly 25 percent of workers are currently mobile, and as a result, businesses will increase their support for remote workers over the coming 18 months. Despite this, the majority (more than two-thirds) of IT decision-maker respondents were concerned about the associated security risks.

Remote support is alluring because it typically runs in web browsers, which makes it easy to install and utilize on many kinds of devices. However, because it is browser-based, all of the vulnerabilities of the browser can compromise the safety of communications with a corporate network. If a user does not log out properly, an attacker can gain total access to a network, with little oversight by IT. Plus, all network communication is transacted via third-party gateways, which exposes an enterprise’s servers to potential threats.

Enterprises that are looking for all of the functionality, but none of the safety concerns associated with a remote support tool, should instead consider using an IPsec VPN gateway with a remote desktop component and a possibility to check server certificates at the VPN gateway. By using such a solution, an enterprise could have its staff access and control networked computers and devices through a highly secure and encrypted tunnel. It also would have much more functionality than a remote support tool, because it could be used to secure all communications between employees and the corporate network from any device, anywhere.

“The onus is on IT to not only deliver great support to its increasingly mobile and remote workers, but to ensure that the tools being used to deliver support limit security vulnerabilities created by the mobile worker,” said Adrian Drury, practice leader for consumer impact technology at Ovum. Our thoughts, exactly.

 

Cyber Monday: Why Network Security is the Best Gift of All

Posted: 21st November 2013 by VPN Haus in Uncategorized
0

Each year, as millions of Americans are busy surfing the web to find the best Cyber Monday deals, hackers are preparing to take advantage of enterprises when their network security is at its weakest point. It is crucial, then, for enterprises to secure their networks during this time of year, because breaches can be incredibly damaging to a business.

According to Demetrios Lazarikos, IT threat strategist from RSA, “This time of year is not just an opportunity for retail fraud, but an opportunity to launch attacks that take advantage of business logic vulnerabilities, DDoS [distributed denial-of-service] attacks, and more sophisticated attacks as well.”

Hackers are now increasingly breaching networks with Advanced Persistent Threats (APTs), and the holiday season is an ideal time of year for cyber criminals to use them, along with other methods, to exploit myriad lapses in network security. Due to a combination of higher than average network usage and IT administrators being out of the office, enterprises are often unable to react quickly to attacks during the holidays. In fact, 81 percent of hackers surveyed at a recent DefCon said they’re more active during the winter for those very reasons.

It’s no wonder, then, that according to a new study by the Ponemon Institute, 64 percent of organizations said they see significant increases in attack activity during the holidays. But, it is more surprising to learn that despite the fact that they are vulnerable, more than 70 percent of enterprises are not taking the necessary precautions in anticipation of increased attacks.

To prevent network breaches during the holidays, an enterprise should implement a comprehensive security framework that enables all of their systems to communicate, to rapidly prevent attacks as they occur. As part of such a framework, it is important to utilize a VPN wherever necessary – to provide the highest level of secure remote access to a corporate network, especially with staff working from home, the airport or anywhere in between during the holidays.

For IT departments dealing with skeleton staff levels during the holidays, a VPN with central management capabilities is even more critical, because it requires fewer IT administrators to manage an enterprise’s remote access infrastructure, while providing a real-time holistic view. A network administrator can easily manage compliance for a network of thousands of users and immediately revoke access to a user in case of a breach to protect sensitive information from being compromised.

Enterprises must take extra precautions to safeguard their corporate networks as the end of the year approaches. With a smarter strategy for network security, the holidays can be a more peaceful and joyous time of year for enterprises.

 

Developing a Comprehensive Remote Access Security Framework: Network Health and Trust

Posted: 13th November 2013 by VPN Haus in Endpoint Management, IPsec, IT policy, VPN
Tags: , , , , , , ,
0

The need for a comprehensive remote access security framework cannot be emphasized enough. Those looking for proof of this concept need look no further than the recent Adobe hacking, and the chilling implications it has on network security. Our previous two posts in this series have discussed why the proliferation of mobile devices has made corporate networks more susceptible to malicious attacks, how unknown users and/or devices pose a serious threat to network security, and how establishing endpoint identities and roles can help protect against breaches.

But what if cyber criminals could create superficial identities and roles that pass as legitimate? The unfortunate truth is, this scenario is a very real possibility. The most common method cyber criminals use to gain network access is spoofing endpoints’ Media Access Control (MAC) addresses.

A MAC address is a device’s unique hardware number. When employees connect to their networks, a correspondence table relates their IP address to their computer’s physical MAC address. As previously explained, devices can be linked in a relationship registry to user identities based on a particular user/device combination. Once that’s done, a policy can be implemented that will grant or deny network access based on those combinations. Ideally, this process will screen out users that attempt to access the network with invalid credentials. But when a MAC address has been spoofed, another layer of defense is needed.

Though there are several ways to detect a false MAC address, one of the best bets is to simply build a protocol right into an IPsec VPN client. This would allow the client to establish a secure, encrypted connection with the target network and submit device health information. For example, the client would indicate if a MAC address is legitimate, or if it there are signs that it has been tampered with and may be spoofed. Only when credentials for the user and device match the pre-set criteria will network access be granted.

It’s worth noting that a suitable security framework for policy-based network access control is under development in the form of Trusted Network Connect (TNC) by the Trusted Computing Group (TCG). The TNC has specified a protocol, Interface for Metadata Access Points (IF-MAP) that allows the devices to publish or consume security-relevant metadata to/from the Metadata Access Point (MAP) Server. This approach truly incorporates one of the main aspects of a comprehensive remote access security framework: trust-level establishment. Trust level establishment is, at its simplest, conducted by evaluating the access elements such as those previously discussed.

From conducting an initial screening process to determine legitimate devices and users, to enforcing the policies that are established, to cross referencing against user/device combinations, a comprehensive remote access framework can go a long way in terms of securing corporate networks from malicious attacks. Is it a foolproof system? Certainly not, and cyber criminals will continue to try and discover ways to penetrate whatever defenses IT security professionals establish. But by being proactive, and taking precautionary steps such as those we’ve outlined on VPN Haus, enterprises can at least take steps in the right direction.

Vehicle VPNs, Part Two: Business World Implications

Posted: 4th November 2013 by VPN Haus in Endpoint Management, IPsec, Mobile, SSL, VPN, Wi-Fi
Tags: , , ,
0

In recent years, remote access security has become a major focus of IT departments in businesses small and large. The rapid growth in the use of smartphones and tablet computers, the bring-your-own-device (BYOD) trend and an increasing number of companies allowing employees to work from home have all but assured this. VPNs, as such, have become widely popular as a means of securing those data tunnels between end devices and internal corporate networks.

But now, there’s another endpoint that requires the attention of IT managers: cars. Actually, to be more specific, “connected cars.” In a previous blog post, we discussed the continuing evolution of connected cars and how vehicle VPNs can help prevent critical security breaches. The vulnerabilities we covered focused on travel safety and machine-to-machine (M2M) concerns in people’s homes. Today, we’ll take a look at the more business-oriented issues at play and their implications on the corporate world.

The Basics of Remote Access

Let’s start with the same basic principle that applies to remote access everywhere: a corporate network is only as secure as the device and communications channel used to access it. VPNs have long been used to secure communications between laptops and private company networks across many industries. In most cases, employees were using company-issued laptops. In the last five years, however, we’ve seen a paradigm shift where more and more people are using personal laptops as well as smartphones and tablet computers to work from outside the office.

BYOD certainly created a few headaches for IT departments when it came to security, but the benefits were too substantial to ignore — flexibility, improved access to important resources, rising productivity, etc. So VPN providers have had to keep up with these trends and make sure they could secure each of these connections, whether it’s an employee using a tablet to access company servers from an airport Wi-Fi hotspot or a smartphone using an LTE network anywhere in the world.

The leading VPNs available today can not only secure virtually any device using any connection medium, but maintain secure connections as they traverse from one to the next (i.e., airport Wi-Fi to LTE cellular network to hotel Wi-Fi).

Where VPNs Fit in the Auto Industry

When it comes to the modern automotive industry, all of the major car manufacturers such as Ford, Chrysler, GM, BMW, Mercedes, Volkswagen and Toyota have repeatedly emphasized their intentions to make their vehicles Internet-friendly. In Frankfurt, BMW has already unveiled a sedan equipped with an LTE router for up to eight devices. In 2015, a new Wi-Fi standard (IST-G5) specifically developed for use in vehicles is expected to follow. But what does this mean for the business world in terms of remote access?

Let’s say you’re on a business trip, and you’ve lost your laptop or smartphone. You’re heading to a big meeting, and you need to access an important file on your company’s internal network, but you don’t have an endpoint with a secure connection.  A connected car allows you to access the Internet, but a vehicle VPN enables you to safely and securely access the company network from that car without compromising any sensitive information stored on those servers. You’re able to go to that meeting armed with the data you needed.

This is just one example where vehicle VPNs can make all of the difference in the world. What’s more, with car manufacturers planning to roll out software updates for engine control and car electronics systems via Internet and cloud data centers, VPNs will help prevent hackers from doing damage to your corporate network by first compromising those car systems through other means.

As we previously mentioned, if it’s connected to the Internet, cyber criminals will try to hack it. Using a VPN to secure your car is no different than using one to safeguard the connections initiated from your smartphone or tablet. Any device, as small as an iPhone or as large as an SUV, should be equipped with the best security features before remotely accessing a corporate network.

Older Entries