Q&A on Employee Provisioning with Joerg Hirschmann: Part 3

This is the third and final entry in our Q&A series on questions related to employee provisioning and VPNs. Last week, we addressed how provisioning can benefit an organizations’ overall security postures as well as the de-provisioning tactics necessary to mitigate security risks during employee transitions.  Question: Certain scenarios, such as short-term business partnerships, will require adaptable provisioning. How can VPN technology enable temporary and secure remote access? What are other solutions companies can use to incorporate flexibility into their workforce? Joerg Hirschmann: VPN solutions offer different access points for various types of remote access users. In general, employees will require deeper access to corporate network resources than external partners will need. For that reason, companies should deploy VPN clients to their entire workforce, depending on the necessary access requirements, whereas external partners should access the relevant applications through client-less SSL VPNs, if possible. This will allow external partners to avoid the process of deploying software and licenses. Organizations can also achieve temporary access, whether it be on-demand or limited hourly access,  by implementing a Remote Authentication Dial-In User Service (RADIUS) server. With this approach, general access limitations can be set automatically, whereas on-demand access will have to be enabled–as well as disabled–manually by an administrator. Again, process quality is important. If you have any questions that you would like answered on VPNs, remote access, network security and the like, send them to editor@vpnhaus.com.  Joerg Hirschmann is CTO at NCP...

NCP engineering Adds Windows 8 Compatibility to New Version of IPsec VPN Entry and Juniper Clients

As new mobile devices and operating systems (OS) are released, mobile workers need to know that their secure remote access solutions are equipped to support them. Given the headaches associated with OS upgrades, such as transitioning to Windows 8, any way to alleviate concerns and mitigate financial burdens is music to the ears of enterprises and end users alike. Recognizing this, NCP has released a new version of the Entry and Juniper Editions of its IPsec VPN client software. Version 9.31 is now fully compatible with Windows 8 (32-/64-bit). By supporting Windows 8, the VPN clients help to maximize enterprises’ remote access investments when upgrading from an older OS such as Windows XP, Windows Vista or Windows 7. So what exactly is different about the new software? The way that users configure the mobile access point from which they access the Internet, for one. Up to this point, users were required to manually tweak the Access Point Name (APN) settings of their mobile devices whenever they switched out SIM cards from one mobile network operator to the next. With the new NCP Secure Clients, however, a new feature has been introduced that eliminates this tedious task by automatically prompting the driver to search for, and configure, the APN via the NetID of the SIM card. This new capability, in conjunction with pre-existing public key infrastructure (PKI), one-time password and token/certificate support, a dynamic firewall, an Internet dialer/connector and seamless roaming functionality, makes for powerful IPsec VPN software. With more of today’s workforce becoming mobilized, the Entry and Juniper editions of the NCP Secure Client ensure that secure remote access...

Q&A on Employee Provisioning with Joerg Hirschmann: Part 2

This is part two in a series of questions related to employee provisioning and VPNs. Earlier this week, we addressed how enterprises can ensure that their provisioning processes benefit their overall security postures.  Question: Provisioning’s security holes become particularly apparent when remote mobile access users leave a company and enterprises try to apply a one-size-fits-all de-provisioning approach. In today’s mobile, global, 24-hour business world, what de-provisioning tactics are necessary to mitigate security risks during employee transitions? Joerg Hirschmann: The best de-provisioning approach will be one that does not rely on a singular component to keep up with an organization’s changing needs. For instance, a provisioning process should go beyond the ordinary capability of disabling an account; instead, an organization should use the scalable method of PKI (certificate based authentication), which offers an additional option to withdraw remote access permission by revoking the user’s certificate. Similar offerings are available through One-Time-Password tools, which can also disable specific tokens, for example. At the end of the day, the quality of the automated process will dictate how effective provisioning and de-provisioning will be. Stay tuned for more on employee provisioning and VPNs next week. If you have any questions that you would like answered, as related to VPNs, remote access, network security and the like, send them to editor@vpnhaus.com.  Joerg Hirschmann is CTO at NCP...

Q&A on Employee Provisioning with Joerg Hirschmann: Part 1

Today’s post kicks off a Q&A series with Joerg Hirschmann, CTO at NCP engineering GmbH. These questions and answers, which we will post over the next few weeks, are related to employee provisioning and VPNs. Question: While user provisioning can enable efficient employee on-boarding, poor provisioning can result in expensive and irrevocable data leaks. How can enterprises make sure their provisioning is a benefit, not a detriment, to their overall security postures?  Joerg Hirschmann: VPN user provisioning should be as automated as much as possible to rule out manual flaws, which are often caused by workload, unplanned absences, etc.  However, if not designed properly, even the best automated processes can allow security leaks to disrupt the corporate networks. Normally, the provisioning process does not originate from the IT department; rather, it is initiated by HR once the decision is made to sign on/off staff or to provide access for external partners (temporary or permanent). Processes will have to be defined accordingly so that these kinds of personnel decisions will find their way into relative data records, which are then processed by IT. Therefore, a remote access solution must provide relevant interfaces to get synchronized with the appropriate databases. The more time this information needs to be delivered to the relevant system, the bigger the security risks are going to be. It goes without saying that the processes defined need to be thoroughly tested and approved. Stay tuned for more on employee provisioning and VPNs this week. If you have any questions that you would like answered, send them to editor@vpnhaus.com.  Joerg Hirschmann is CTO at NCP...

Meet NCP engineering’s Patrick Oliver Graf at RSA 2013

The RSA Conference is right around the corner and this year, Patrick Oliver Graf, NCP’s General Manager of the Americas, will be on-site for two days, brushing elbows with other pioneers in the information security industry. With nearly two decades of technology sector experience, including extensive practice in networking security, Patrick will be available to discuss how NCP is at the forefront of mitigating security risks due to faulty or unsecure remote access connections. For instance, Patrick can explain how NCP is answering to the demands of today’s mobile workforce with�the integration of its�Secure Enterprise VPN Server with Apple iOS devices, in addition to its IPsec clients for Android platforms. Patrick is also available to comment on how NCP’s Secure Enterprise Management (SEM) system simplifies�the complexities of�large scale VPN rollouts, securing its nomination year after year for renowned industry awards. If you are attending RSA 2013, February 25-March 1 in San Fransisco�and are�interested in meeting with Patrick at the conference, please contact sales@ncp-e.com to connect for scheduling. For more information about RSA 2013, see here. For�more information about NCP, visit us on LinkedIn, Twitter, or...