VPN Haus

What We’re Reading, Week of 3/8

vpnhaus — Fri, 12 Mar 2010 16:45:34 +0000

Gartner Blog…
Lawrence Orans Guest Post: NAC Panel at RSA Conference
Lawrence Orans shares some highlights from a panel outlining the best practices for NAC that he moderated at the RSA Conference. Session attendees asked questions about choosing EAP methods, handling exceptions (non-802.1X-capable endpoints) and troubleshooting failed authentications. Lawrence says his main takeaway from the session is that the industry still needs to step up and provide solutions that ease the deployment and the manageability of 802.1X.

Network Security Blog…
The Network Security Podcast, Episode 188
This week’s Network Security podcast discusses the latest security news and gives a recap of the RSA Conference, including Martin McKeay’s panel on disclosure.

eSecurity Planet…
Top Ten WiFi Security Threats
This contributed article from Lisa Phifer looks at the top ten threats when using WiFi. They include data interception, denial of service, rogue APs, wireless intruders, misconfigured APs, ad hocs and soft APs, misbehaving clients, endpoint attacks, evil twin APs and wireless phishing. To stay protected, make sure to route all hotspot traffic, even public, through a trusted, authenticated VPN gateway.

The Ashimmy Blog…
If the Security Industry Cannot Give You 100% Protection, Is It a FAIL?
This post discusses a recent Robert McMillan article that says, despite billions of dollars in security spending, it’s still surprisingly hard to keep corporate networks safe. Alan says security is about managing risk; although you can never eliminate the risk, you can make it less likely to occur. Good security is about having process and procedures in place, including incident response. It’s important to be able to handle an incident when it occurs, in addition to trying to prevent it.

More doctors are embracing Smartphones, but are they secure?

vpnhaus — Thu, 11 Mar 2010 14:03:15 +0000

Nearly 64 percent of healthcare professionals are using Smartphones and more than 100,000 physicians are actively using medical applications as reference guides and platforms to input patient data. Ddoctors can enter lab results and prescribe medication via an ePrescibing application. As more doctors and healthcare professionals use handheld devices for functions like this, it is important for hospital IT departments to secure and manage these devices. According to MedPage Today, smartphones have gained huge popularity among these healthcare professionals because of the functionality and ease of use. As smartphones prove to be the preferred device, hospitals need to rethink their network’s current infrastructure and support a variety of devices, rather than just a hospital authorized device.

What We’re Reading, Week of 3/1

vpnhaus — Fri, 05 Mar 2010 20:19:46 +0000

Tech News World…
Does VPN Make Sense for a Small Biz?
Jack Germain discusses how enterprises use virtual private networks to send and receive sensitive info over the Web. Smaller businesses often don’t have the IT resources needed to set up and maintain a VPN and some pricing models on VPN products ignore the needs of SMBs. This article offers 10 steps to follow that help ensure your CRM implementation is a success from the planning stages to post-deployment improvements.

Computerworld…
Does your Laptop’s Wi-Fi Really Make it More Vulnerable to Thieves?
Eric Lai says that many newer laptops have a set time—sometimes up to 30 minutes, before they go into sleep mode. This window of opportunity helps thieves at offices or shopping mall parking lots looking for corporate laptops to steal immediately after work. WiFi can add risk to using a laptop, but users can play it safe by keeping their laptop set to go to sleep on lid closure, making sure they uncheck the Internet Connection Sharing box in Windows and are careful about fiddling with the Power Manager features in their laptops.

SearchSecurity.com…
RSA Conference 2010: News, Interviews and Updates
The RSA Conference is a valuable resource in staying educated on the latest advances, threats and emerging trends in the information security industry. Couldn’t attend the conference this year? Check out Mike Mimoso’s wrap up coverage—great recaps!

What We’re Reading, Week of 2/22

vpnhaus — Fri, 26 Feb 2010 18:44:36 +0000

SearchEnterprise.com…
Cloud VPN Services Can Take the Bite Out of SSL VPN Gateway Expenses
Jessica Scarpati says that while the cloud is a big leap for network engineers, cloud VPN services are popping up and may be a fit for enterprises that can’t afford or can’t properly maintain an expensive global remote access infrastructure. End users traveling overseas and trying to gain access to the enterprise’s SSL VPN gateway at corporate headquarters are frustrated with an inconsistent VPN. Organizations will need a VPN they can rely on and eventually may turn to a cloud VPN service.

Insecure about Security…
What Will be Hot at RSA 2010?
Jon Oltisk discusses his predictions for what the hot topics at this year’s RSA Conference will be. Network security will be a major topic, especially since ESG’s research indicates that this is the biggest security priority for most large organizations. Endpoint security, identity management, cloud security, data security, and cybersecurity will also be focused on.

Securosis…
RSAC 2010 Guide: Network Security
Mike Rothman put together a guide for what we can expect to see from network security at next week’s RSA Conference. The four main areas of interest for network security include application awareness, the ability of devices to decode and protect against application layer attacks. Speeds and feeds, which may come down to who has the biggest and fastest box. Many organizations’ perimeter networks are messes so they will be looking at consolidation and integration. With the understanding that some classes of attacks cannot be detected in advance, forensics and full packet capture gear will also be high profile at this year’s show.

Will you be at RSA next week?

vpnhaus — Fri, 26 Feb 2010 04:34:14 +0000

Can’t believe the RSA Conference is just a week away! As you may already know, NCP will be exhibiting at the show again this year, and we’ve been quite busy preparing for it. This year we are holding a panel session on network access technology and doing technical demonstrations of our enterprise VPN management solution. Below is some information on what we’ll be doing at the show.

Our panel session on is taking place on Wednesday, March 3 @ 10:40 a.m. in the green room 130. It will be moderated by Dr. Bruno Quint, founder and managing director CORISECIO GmbH, and sitting on the panel will be NCPs Jörg Hirschmann, CTO, Rainer Enders, senior systems engineer and Rene Poot, senior solution specialist. They will be discussing hot topics such as, IPsec vs. SSL VPN—which one is the right one?, mobile users and remote access and the do’s and don’ts of network architecture.

If you can’t make the panel session, swing by NCPs booth (#1541)—our technical guys will be around giving demonstrations of the NCP Secure Enterprise Management System and showing how companies are rethinking remote access.

If you’re at the show, be sure to stop and say hello.

What We’re Reading, Week of 2/15

vpnhaus — Fri, 19 Feb 2010 19:47:00 +0000

Network Security Blog…
Responsible Disclosure Panel at RSA 2010
Martin McKeay will be participating in a panel at this year’s RSA Conference, taking place in San Francisco, CA. The panel of industry experts will discuss exactly what responsible disclosure means to them and what responsibilities they owe each other. For a preview of what’s in store for the panel, check out this podcast where the experts they lay out the basis for their stance on responsible disclosure. If you are planning to attend RSA this year, make sure to stop by NCPs panel session on today’s remote access challenges and network technologies on Wednesday, March 3 at 10:40 a.m. PT in Green Room 130.

Security Uncorked…
Hosting a NAC and Endpoint Security Session at RSA 2010
Also at RSA this year, Jennifer Jabbusch will be hosting a peer-to-peer session on Network Access Control (NAC) and endpoint security. The discussion will focus on world case studies, an exploration of technical roadblocks and a dive into vendor-specific solutions.

NY Times Personal Tech…
Safe Travels for You and Your Data
In this article, Riva Richmond offers some tips for keeping your data protected while you are on the road. Before using a computer in a cybercafé or hotel, ask what security measures are in use and if they reset their computers after each user so unauthorized programs are removed. She suggesting backing up your data, especially personal and business documents since laptop theft at airports is so common. There are also risks when using public Wi-Fi so Riva stresses the importance of using a firewall as well as a secure VPN.

eWeek.com…
How to Implement Secure, PCI-Compliant Access Controls
Dave Olander, President and CEO at Xceedium, discusses the six attributes that next-generation access control systems need in order to meet both the letter and the spirit of the PCI DSS. They are: right-size permissions based on a zero trust model, implement fine-grained enforcement, integrate audit capabilities to validate controls, automate all the requirements from access to audit, deploy an identity-aware infrastructure, and create backward and forward compatibility.

VPN is hot again (thanks google!)

vpnhaus — Thu, 18 Feb 2010 16:07:20 +0000

A few weeks back, Google instituted an emergency update to its corporate VPN, which led to many questions whether the network was compromised—Google states “no”, however, timing suggests otherwise. All of the discussions, questions and disorder got us thinking… if Google had to issue an ‘emergency VPN update’, perhaps the rest of corporate America should be rethinking their remote access to prevent any similar occurrences from happening.

In the case of Google, simple passwords could have been used to access the network, however, if two factor authentication and network access control (NAC)—or as we like to call a ‘pat-down’—were in place this simulation would have been much harder to pull off—even if phishing grabbed some passwords. Forrester analyst, Chenxi Wang made some interesting observations on her blog—her initial analysis was that the attackers gained access to Google’s server via its corporate VPN, from a Microsoft browser vulnerability that was exploited. Some employees’ desktops were compromised, and the attacker used these compromised desktops via Google’s VPN to get to some of the servers. Google ‘clarified’ this later, stating that the method of access, at some point, may have involved VPN, but does not agree with the characterization that “the compromised client used their corporate VPN to gain access to the servers”.

Touching on the fact that the victim’s machine was running IE 6, an outdated browser, Chenxi suggests that the machine may not have been a corporate managed machine. If this is indeed the case, Google’s should be rethinking their remote access policies, and enable employees to use personal devices that are secured and managed. This idea is similar to former Forrester analyst, Natalie Lambert’s concept of BYOPC (Bring your own PC)— employees are going to use whatever device they can to access the network, and probably break many security policies while doing it. Instead of restricting machines that are able to access the network and taking a chance and running to in a situation that Google had on their hands, companies can support a variety of devices, whether it be Windows 7, Windows Vista (32/64 Bit), Linux, Mac, Symbian, Windows Mobile etc. AND secure them. It seems that Google’s technology was restricting employees’ practices because the system could not handle it, which by and large caused an emergency update to the entire corporate VPN infrastructure.

This emergency update caused a connectivity disturbance for more than 24 hours, which affected work flow and productivity. A better VPN management system might have played a significant role for Google.

Follow this discussion on Twitter: @VPNHaus

What We’re Reading, Week of 2/8

vpnhaus — Fri, 12 Feb 2010 20:56:25 +0000

Endpoint Security Info…
Endpoint Security: Playing it Smart
This post discusses that effective security is about playing it smart, which involves seeing what could happen and preventing it. If devices such as iPods, USB sticks, netbooks, smartphones, and cameras, are helping you work better and making your life easier, then you should be using them. The idea is to know what threats they pose and how to prevent them. One way to increase safety is to use a VPN client.

Washington Business Journal Blog…
Technology Delivers New Challenges for Snow Days
In this post, Jennifer Nycz-Conner discusses that in the past if there was a snow day it meant having a day off, but that has changed now that telecommuting is an option. People are expected to work, and be just as productive as they would be in the office. The ability to work remotely is great during emergencies such as snowstorms, especially when you can plan in advance. For anyone who does take advantage of telecommuting, we recommend connecting to your company’s network through a secure VPN.

Insecure about Security…
People May Be the Weakest Link in the Server Virtualization Chain
Jon Oltsik discusses a recent webinar on virtualization he participated in along with Extreme Networks and Microsoft. The 113 audience members were asked two polling questions. The first question was which of the following factors is holding your organization back from using server virtualization more prominently throughout the enterprise? 42% said lack of virtualization skills/knowledge within IT. The second question was, as you move forward with virtualization, which of the following IT groups need to become more educated and involved in the project? 72% said networking group, 52& said server group, and 45% said security/compliance group.

Is a 64-bit ipsec client enough?

vpnhaus — Thu, 11 Feb 2010 22:22:59 +0000

We’ve been seeing a lot of discussion in the forums about Cisco’s IPsec VPN client (welcome to the party—you’re four years late). In 2010, a 64-bit client isn’t enough. Perhaps four years ago this would work, but not today. In today’s mobile world, users are constantly on-the-go and purchasing the latest and best devices—they need more than just a VPN client.

NCPs client was developed with both the user and administrator in mind. When an employee is away on business, they need to connect and remain connected to the network hassle-free. They need to be reassured that their desired device, whether it be a laptop, mobile phone, etc., will work with their VPN client and have access to the appropriate files, email, folders, etc. they need.

Overlapping subnets, roaming across networks and connections dropping shouldn’t be an issue. Users should be able to use important features, such as two-factor authentication, end-point security software and personal firewalls without any IT knowledge or help desk support. It should be a matter of a one-click and get connected. Will a 64-bit IPsec VPN client be enough to meet customers’ remote access needs? No, and we think you’ll agree.

Follow this discussion on Twitter @VPNHaus

What We’re Reading, Week of 2/1

vpnhaus — Fri, 05 Feb 2010 20:34:47 +0000

Chenxi Wang’s Blog…
Ok. There Is More (or Maybe Less) to the VPN Story, Google Says
Chenxi Wang recently posted on the Microsoft vulnerability that led to the Google hack. Google contacted her directly to say that they cannot confirm that the attack came through the VPN. They said that a Google employee’s machine (running Internet Explorer v6) was compromised via the IE vulnerability. The attacker used the compromised machine to somehow gain access to Google’s servers. The method of access, at some point, may have involved VPN, but Google does not agree with the characterization that “the compromised client used their corporate VPN to gain access to the servers.” If Google issued an “emergency VPN update” then perhaps other organizations should be rethinking their remote access.

CIO.com…
Windows 7 Tips: Best Security Features
In this article, Shane O’Neill describes the new security features in Windows 7. From encryption to malware fighters, there are key Windows 7 tools that keep enterprise and home PCs safe and secure. The top six Windows 7 security features that both consumers and enterprise users should know how to use are: Bit Locker to Go, Internet Explorer 8 for safe browsing, Microsoft Security Essentials, AppLocker, more control of UAC and backing up data.

Network Security Blog…
PCI Compliance and “Public Cloud” Don’t Mix
In this post, Martin McKeay makes the argument that PCI compliance and public clouds do not mix. Martin says the primary problem with attaining PCI compliance in the cloud is an issue of visibility, meaning there’s no way to truly review and validate system configuration when your systems are temporary. Cloud service providers will need to look at ways to offer services that take advantage of all of the positive aspects of cloud computing, while allowing for all of the 200+ PCI requirements to be met. Providers will need to look at how they manage the creation and deletion of virtual servers, segregation of resources and collection, and monitoring and retention of log information. Martin concludes that you cannot be ‘PCI Compliant in the Cloud’, but you can use cloud services and be compliant.