Rethink Remote Access Planning: Joerg Gerschuetz's Advice
von VPNHaus | 09.11.2009 |Rethink Remote Access
We are now starting with the next installment of our how to rethink remote access series, focusing on planning. We spoke with networking, security and remote access specialist, Joerg Gerschuetz. Joerg is a Senior Systems Architect at Siemens IT Solutions and Services.
I believe the human factor can never be removed from any technology, not only remote access! Working in the remote access business for more than 10 years now, I always encounter users who are:
- wittingly or unwittingly able to overcome all the implemented measures
- incapable of finding that single button they were presented in the UI and trained a dozen times to hit
And I want to stress another very important aspect: we are only thinking about the remote access user being the "biggest pain." But what about the other side of the fence? There is the human factor, too... and I think the pain here is as big as on the simple user´s side!
Just a few examples:
1) The best user interface, the best physical firewall, the best remote access protocols - they are all designed and coded by humans, and therefore prone to errors! There is no error-free source code, there is no error-free hardware. With all these solutions we always have possible security issues due to these intrinsic errors!
2) The best remote access overall environment is always designed and implemented by humans, and therefore prone to errors! There is no error-free implementation, because of different interpretations/understandings of the same topic, not reading/understanding documentation or using technology not the way it was intended/designed to just to achieve cheap or fast solutions! ... or simply because of its complexity: Nobody can be a specialist with all jigsaw pieces necessary to get the picture complete, and even if we team up, there are still the interfaces and connections between the single pieces!
3) And as a final thought - there are always administrative errors, again wittingly or unwittingly. With the best firewall in place and a well settled documentation of its rule-set... I suppose there is nearly always a discrepancy between this documentation and the implemented rule-set. With the best processes in place you will always find "cadavers" in your remote access user´s database.
From my perspective there is an apprehensive tendency in absolute believe in technology and neglect of the fact, that this technology is man-made and in some (most?) cases so complex that it is not possible any more to overlook all its attributes, features and interfaces and their interaction!