Open Haus: VPN Path Finder

Whenever Katelyn O’Shaughnessy checks into a hotel, room size isn’t anywhere near her top concern. As she told the Los Angeles Times in a story about the hotel preferences of Millennials, “You can put me in a closet; as long as there is Wi-Fi, I’ll be happy.” If you were to survey hotel users, you’d probably find many of them share O’Shaughnessy’s perspective. These days, if you’re traveling, whether for work or for business, Wi-Fi is a necessity. And it can’t just be any Wi-Fi. It needs to be high-speed, reliable Wi-Fi that facilitates secure remote access through any mobile device. Unfortunately for travelers, the reality is that many hotels – and other public places that provide network access through hotspots – restrict user access settings by blocking IPsec ports and only allowing Internet access to web browsers. This is a major constraint for road warriors trying to access their corporate networks remotely via a VPN, as they could find themselves unable to establish a connection. To overcome this obstacle, NCP engineering developed VPN Path Finder – a proprietary remote access technology that automatically establishes a connection wherever Internet access is possible, providing the user with anywhere, anytime connectivity. How It Works Path Finder – recently recognized with a patent – is a central feature of the NCP Secure Client Suite. With Path Finder, users achieve highly secure mobile computing in every remote access environment, even across unknown networks like those you might find in a hotel, café, or on a plane or train. Whenever a public network has a firewall setting that blocks native IPsec traffic, Path Finder...

Shellshock Leaves Deep Impact on Network Security

For the last 30 years, a common line of code found in a piece of software has quietly been a dormant security vulnerability – but now, news of the exploit has gone public, sending the network security community into reaction mode. The Shellshock vulnerability can be traced back to Bash, a command shell that is commonly used across the Internet on Linux and UNIX platforms. Bash translates user commands into language a computer can understand and then act upon. In the case of Shellshock, hackers could exploit Bash by issuing arbitrary software commands, potentially allowing them to control systems. In the immediate aftermath of Shellshock’s discovery, security experts claimed the exploit had surpassed last spring’s Heartbleed as the worst software vulnerability of all time. One reason is that Shellshock’s reach could be even greater than the Heartbleed vulnerability, which only affected software using the OpenSSL encryption protocol. Shellshock’s reach could even extend to Internet of Things devices, since their software is built on Bash script. For the last few weeks, website administrators have been making the necessary updates to protect users. Within a week of the vulnerability going public, Amazon, Google and Apple responded with patches and internal server updates. Even so, it will take some time for the fallout from Shellshock to subside. The Year of the Cyberattack Continues This year has not been kind to the network security community. Although the Target breach occurred in 2013, the fallout has continued well into this year. Then came attacks at Neiman Marcus, eBay and, just last month, Home Depot. And, of course, Heartbleed and Shellshock. Even in the last...

The Security Risks of Remote Support Tools

A recent study has come to light which shows that although remote support tools are being increasingly implemented within enterprises, IT decision-makers are uncertain about their safety. They should be, and for good reason. The study, conducted by Bomgar and Ovum, focused on the challenges that enterprises face in providing remote support to employees who are using a wide range of devices, such as smartphones and tablets. According to the research, nearly 25 percent of workers are currently mobile, and as a result, businesses will increase their support for remote workers over the coming 18 months. Despite this, the majority (more than two-thirds) of IT decision-maker respondents were concerned about the associated security risks. Remote support is alluring because it typically runs in web browsers, which makes it easy to install and utilize on many kinds of devices. However, because it is browser-based, all of the vulnerabilities of the browser can compromise the safety of communications with a corporate network. If a user does not log out properly, an attacker can gain total access to a network, with little oversight by IT. Plus, all network communication is transacted via third-party gateways, which exposes an enterprise’s servers to potential threats. Enterprises that are looking for all of the functionality, but none of the safety concerns associated with a remote support tool, should instead consider using an IPsec VPN gateway with a remote desktop component and a possibility to check server certificates at the VPN gateway. By using such a solution, an enterprise could have its staff access and control networked computers and devices through a highly secure and encrypted tunnel....

Developing a Comprehensive Remote Access Security Framework: Network Health and Trust

The need for a comprehensive remote access security framework cannot be emphasized enough. Those looking for proof of this concept need look no further than the recent Adobe hacking, and the chilling implications it has on network security. Our previous two posts in this series have discussed why the proliferation of mobile devices has made corporate networks more susceptible to malicious attacks, how unknown users and/or devices pose a serious threat to network security, and how establishing endpoint identities and roles can help protect against breaches. But what if cyber criminals could create superficial identities and roles that pass as legitimate? The unfortunate truth is, this scenario is a very real possibility. The most common method cyber criminals use to gain network access is spoofing endpoints’ Media Access Control (MAC) addresses. A MAC address is a device’s unique hardware number. When employees connect to their networks, a correspondence table relates their IP address to their computer’s physical MAC address. As previously explained, devices can be linked in a relationship registry to user identities based on a particular user/device combination. Once that’s done, a policy can be implemented that will grant or deny network access based on those combinations. Ideally, this process will screen out users that attempt to access the network with invalid credentials. But when a MAC address has been spoofed, another layer of defense is needed. Though there are several ways to detect a false MAC address, one of the best bets is to simply build a protocol right into an IPsec VPN client. This would allow the client to establish a secure, encrypted connection with the...

Vehicle VPNs, Part Two: Business World Implications

In recent years, remote access security has become a major focus of IT departments in businesses small and large. The rapid growth in the use of smartphones and tablet computers, the bring-your-own-device (BYOD) trend and an increasing number of companies allowing employees to work from home have all but assured this. VPNs, as such, have become widely popular as a means of securing those data tunnels between end devices and internal corporate networks. But now, there’s another endpoint that requires the attention of IT managers: cars. Actually, to be more specific, “connected cars.” In a previous blog post, we discussed the continuing evolution of connected cars and how vehicle VPNs can help prevent critical security breaches. The vulnerabilities we covered focused on travel safety and machine-to-machine (M2M) concerns in people’s homes. Today, we’ll take a look at the more business-oriented issues at play and their implications on the corporate world. The Basics of Remote Access Let’s start with the same basic principle that applies to remote access everywhere: a corporate network is only as secure as the device and communications channel used to access it. VPNs have long been used to secure communications between laptops and private company networks across many industries. In most cases, employees were using company-issued laptops. In the last five years, however, we’ve seen a paradigm shift where more and more people are using personal laptops as well as smartphones and tablet computers to work from outside the office. BYOD certainly created a few headaches for IT departments when it came to security, but the benefits were too substantial to ignore — flexibility, improved access...

Do You Plan to Use the Per App VPN Feature in iOS 7?

Despite the rise of the bring-your-own-device (BYOD) movement in recent years, Apple’s popular iPhone and iPad haven’t really been geared toward making the lives of enterprise IT administrators any easier. However, with several new business-centric features now included in the upcoming iOS 7 release, that could all be about to change. Apple is billing the new iPhone 5S as the “most secure mobile phone ever.” Whether that proves true or not remains to be seen, but so far, the iOS 7 updates are a bit more interesting. Chief among them is the new per app VPN feature. According to Apple’s website, “Apps can now be configured to automatically connect to VPN when they are launched. Per app VPN gives IT granular control over corporate network access. It ensures that data transmitted by managed apps travels through VPN — and that other data, like an employee’s personal Web browsing activity, does not.” With reports that 76 percent of enterprises are now formally supporting BYOD, IT administrators are sure to welcome such granular control. Not only does such a feature have the potential to improve data security, but it could also make company-wide app rollouts significantly easier and lighten the traffic load on corporate networks. But, perhaps the most important thing to remember is that enterprises cannot afford to become complacent when it comes to remote access policies and best practices. As mobile device manufacturers and application developers work to make their products more enterprise-friendly, they are ultimately designing them for convenient use by consumers. IT teams must remain vigilant when it comes to managing these devices and how they connect...