Tim Smith, national business manager of security at systems integrator Dimension Data talks about the risks associated with handing out broadband access to staff.
"Quite often the employee will be given a DSL router or a cable modem router...and told to go home and switch it on," Smith said.
"The issue with that is that obviously the Internet is a fairly wild place and you could find yourself in the position where an employee's notebook gets compromised at home if they've got a connection through to the company itself."
Acccording to research by Gartner, home PCs can be the weak link in enterprise network security.
Geoff Johnson, vice president and research director at Gartner, said there are people out there systematically trawling to see what systems they can hack into.
In one of its First Take research papers, Gartner analysts John Girard and John Pescatore highlight that no enterprise, no matter what its size, is immune to attacks by hackers with access to sophisticated methods and tools.
-Concern about employee access to corporate networks via home PCs should heighen that warning," they argue. -PCs continuously connected to an enterprise's network via broadband services are particularly vulnerable to infection by malicious code."
Among the recommendations Gartner suggests, is that enteprise security IT managers develop and implement network integrity practices. This includes addressing vulnerabilities which corporate IT networks face from attacks via employees' home-based PCs.
Gartner's recommendations include:
- Train users to recognise and immediately report suspicious system behaviour.
- Don't allow home PCs and other unmanaged systems to establish a remote node connection to an internal enterprise network.
- Limit access from these systems to remote control via a self-encrypting interface or Web browser that runs 128-bit Secure Sockets Layer.
- Require strong password authentication for remote access, such as a token authentication device.
- Don't assume that port filtering services offered by DSL and cable TV providers will establish the protection necessary for user and branch office systems.
- Unbundle network basic input/output system from the data communications protocol TCP/IP and enable Windows password security.
- Disable Windows file sharing.
A lot of people also think, 'why would people hack into my system', according to John Donovan, managing director at security vendor Symantec Australia.
Donovan said there is the potential for someone to use your computer as a portal into the rest of your business, or to use your system for denial of service attacks.
Likewise with cable connections being 'always on', although you've got an open port for communications 24-hours a day, it also means that someone could be doing a scan of the port using sniffer tools, looking for a way in to your systems.
But Natasha David, senior software analyst at IT market research company IDC believes businesses in Australia are very aware of security at the moment. "Last year we had quite a few high-profile blended threat attacks," David said. "What happens is that people looking to breach networks take a much more military approach."
David said these blended threat attacks took the approach of attacking a business from one angle, then another, creating a diversion before coming in with the real attack. She said there had also been a focus on targeting known vulnerabilities which companies hadn't been patching.
"Security awareness jumped to a high last year when these high-profile attacks occurred," David said. "Only after these blended threat attacks occurred did people really start realising they needed to take more than a single approach [to IT security]."
