Staying Secure at Trade Shows

By Nicholas Greene With RSA 2012 kicking off next week, then Interop and BlackHat just around the corner after that – we are officially in trade show season. Of course, every show brings with it the challenge of connecting to its official Wi-Fi connection to plug back into corporate headquarters to do everything from email to sending documents and beyond. And as most of us know, this could invite a barrage of security vulnerabilities. Of course, at IT conferences like Interop and Black Hat, you’ll find yourself with a better class of wireless network– it’s more or less a given that their Wi-Fi connections will be more secure than those at many other trade shows, as the organizers know enough to take an active role in securing the data of attendees. But the real risks come in when, for example, connecting via a hotel or a café near the show – or worse, a rogue unsecured network that tricks users into signing on with a strangely “official sounding” name. So how will you stay safe this trade show season? In short, VPNs are the key. A VPN will give you all the security you’d get from a private network, and places it into a public arena; opening the requisite ports for easier connectivity, keeping your activities anonymous from others on the network, and encrypting any data you send between yourself and the server. Unlike with unsecure (and even secure) wireless networks, no known exploits currently exist that are capable of subverting the security on most of the well-designed Virtual Private Networks. While it’s certainly true that a user connected...

FDE and VPN: Don't Throw out the Security Baby with the Legacy Bathwater, Part 1

By Cameron Laird In “Die, VPN! We’re all ‘telecommuters’ now–and IT must adjust,” John C. Welch accurately describes much of the changing landscape through which corporate computing is traveling now: Work is as likely to take place outside the office as in; Work in some domains has become as likely to take place on an employee’s device as one owned by the corporation; A large percentage of all work can be done through the Web; and “Endpoint” (in)security is nothing short of horrifying: the data equivalents of bars of gold are regularly walked unescorted through neighborhoods so bad they can’t help but end up in the wrong hands. The situation is unsustainable; what should be done? Welch’s conclusion: adopt full-disk encryption (FDE)–and ditch VPNs. His arguments for FDE have merit. The ones against VPN? Well, I expect to use VPNs for a long time into the future, and you should, too. Here’s why: What is VPN? First, let’s review the basics: information technology (IT) departments are responsible for computing operations. Computers have, in general, the capacity to make general-purpose calculations. This means both that IT is called on to perform a wide, wide range of tasks–everything from routing telephone connections in a call center, to control of machine actions in a steel plant, to running accounting programs in a hair salon–and also that there is inevitably more than one technique to complete each task or fulfill each requirement. Even the simplest analysis of the “remote problem” exhibits these characteristics. Let’s begin with Welch’s starting point: much of the work of the future will be done outside the conventional workplace,...

FDE and VPN: Don’t Throw out the Security Baby with the Legacy Bathwater, Part 1

By Cameron Laird In “Die, VPN! We’re all ‘telecommuters’ now–and IT must adjust,” John C. Welch accurately describes much of the changing landscape through which corporate computing is traveling now: Work is as likely to take place outside the office as in; Work in some domains has become as likely to take place on an employee’s device as one owned by the corporation; A large percentage of all work can be done through the Web; and “Endpoint” (in)security is nothing short of horrifying: the data equivalents of bars of gold are regularly walked unescorted through neighborhoods so bad they can’t help but end up in the wrong hands. The situation is unsustainable; what should be done? Welch’s conclusion: adopt full-disk encryption (FDE)–and ditch VPNs. His arguments for FDE have merit. The ones against VPN? Well, I expect to use VPNs for a long time into the future, and you should, too. Here’s why: What is VPN? First, let’s review the basics: information technology (IT) departments are responsible for computing operations. Computers have, in general, the capacity to make general-purpose calculations. This means both that IT is called on to perform a wide, wide range of tasks–everything from routing telephone connections in a call center, to control of machine actions in a steel plant, to running accounting programs in a hair salon–and also that there is inevitably more than one technique to complete each task or fulfill each requirement. Even the simplest analysis of the “remote problem” exhibits these characteristics. Let’s begin with Welch’s starting point: much of the work of the future will be done outside the conventional workplace,...

Why You Need a VPN that Supports Seamless Roaming

By Sylvia Rosen Imagine, you’re at the train station on your way to an important meeting. While you’re waiting, you’re drafting an urgent email. Just before you hit the send button, your wireless connection is lost – and with it, you lose your VPN connection and the link to your office email. Frustrated, you log back in, crossing your fingers that your email saved. Of course, it didn’t. Twenty minutes – and lots of good ideas — down the drain. Sound familiar? Too many VPN solutions aren’t enabled to handle connection outages or changes, resulting in wasted productivity, and even worse, lost data.  This hassle is eliminated with VPNs that support roaming among different types of networks — allowing users to focus on business instead of worrying about their connection. VPNs with seamless roaming automatically switch to the best available network and ensure that users never have to re-authenticate. Seamless Roaming Seamless roaming enables smooth transitions between networks, making it ideal for traveling professionals who are always on the go. VPNs that enable seamless roaming secure your data, even in the event of a wireless outage or switching between networks, like Wi-Fi and 3G. “If all your traffic goes to the VPN while you are connected to it, then everything is secure; nobody can really attack your machine,” explains Rainer Enders, the CTO Americas for NCP engineering. “When the VPN drops, you go back to regular ‘connecting mode’ through the Internet. If your VPN doesn’t enable seamless roaming, you now have a connecting path that is an insecure tunnel, which is why your connection to your corporate server will...

Safe computing in the mobile age, part 2: What costs dominate?

Editor’s Note: This is a second in a two-part series. Part 1 focused on the mobile landscape. By Cameron Laird To minimize costs of installation is attractive, of course. For most organizations, though, personnel costs across the scope of operations dominate what the IT (information technology) department does: it makes sense to make remote connections as convenient as possible for valuable line workers, and minimize the costs of retraining them. That’s where an IPSec (Internet Protocol Security) VPN shines: IPSec VPN establishes a connection that gives the remote user every appearance that she’s connected within the home LAN (local area network), including access to fileshares, printers, and all office-automation applications. By IPSec encapsulation, all this is possible even when transported by purely HTTP/HTTPS facilities of the sort remote workers increasingly encounter. While SSL vulnerabilities of various sorts and likelihood have been in the news in 2011, the greatest risks with SSL solutions, points out Tom Henderson, Managing Director of Extreme Labs, have to do with key management. Among other precautions, “keys ought to be rotated because as they become aged, someone hacking at them eventually can get the keys …” and penetrate the network. IPSec has longer and considerably more resistant keys. For all these reasons, the appeal of SSL/TLS VPNs as “installation-free” is only superficial; deeper examination shows that IPSec VPNs enjoy crucial advantages in: support of the full range of applications and accesses remote workers require; and robust key management, resistance to “man in the middle” attacks, and secure networking even from the most public and untrusted access...