Mobile devices are often the last thing administrators think of when beefing up defenses. An NCC Group survey last year showed that remote-client security updates are executed with less than one-fourth the frequency of on-site workstations, and that one-sixth of remote clients maintain no security at all.
Here are the potential security holes and issues inherent when laptops log in to your network -- and a way to protect your users.
Remote laptop risksA wireless laptop offers a wide assortment of treasures to a potential intruder:
- IDs, passwords, and other access information for penetrating your wireless network and specific targets
- A gateway to your company's servers
- A gateway to company e-mail
- A gateway to the database if the laptop is used by roving salespeople or marketing representatives
- Lots of personal information, such as credit card info, PIN, and the user's home address
- The ability to spy on a telecommuter
Wireless laptops are company property that require access to an already enticing
intruder target, and they're in the hands of employees with varying information
requirements and attention spans. That's where a personal firewall can help.
A personal firewall does for a single computer what a network firewall does for a family of servers: It inspects inbound packets, scanning for forged IP addresses and suspicious repetition (to detect DoS attacks, etc.). Beyond the protocol level, some firewalls can also examine the contents of packets to spot illegitimate use of cookies, questionable Active X content, and virus-bearing e-mail attachments.
When choosing a personal firewall, carefully evaluate what each firewall will and will not do. Some (but not all) personal firewalls can prevent someone from accessing your network via your client laptop's ad hoc mode.
Once a personal firewall is installed on your remote user's laptop, make it a policy that the firewall remain in place. If you can, take it one step further and install the firewall as part of the ghost image placed on all of your company's remote laptops at the time of deployment or when upgrades occur.
Personal firewall choicesIf your company's laptops are running Windows XP, there's a firewall built in. You can enable it with these simple steps:
- Go to Start | Control Panel | Network And Internet Connections | Network Connections.
- Single-click on the connection category that you wish to protect (Dial-Up or LAN, High Speed Internet, etc.).
- From the Task Pane on the left, navigate to Network Tasks | Change Settings Of This Connection | Properties | Advanced.
- Choose Internet Connection Firewall.
- Check the box next to Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet.
You can obtain further details on the strengths and limitations of XP's firewall by clicking here.
If you're not working with XP, here are links to popular personal firewalls:
You can't go wrong with any of these -- unless you fail to put one in place!
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2004 TechRepublic, Inc.
7%
3%
