Locking Down the Remote User

By Jerry Iwanski

Tue, May 15, 2007CIO Canada Companies are still grappling with the issue of securing their users in the field. One response is simply to restrict access. But a combination of smart-card technology and public key infrastructure may provide a more productive alternative.

Technology innovation has made remote computing an integral part of our everyday work life. There are, however, many hurdles that stand in the way of progress. The latest varieties of malware, spyware and viruses impact access to enterprise networks. International travelers feel at risk when traveling, as they face the threat of laptop theft and the inconvenience of less-than-reliable broadband connectivity. The list goes on.

Whatever the cause for concern, businesses are increasingly pressured to find effective ways to "lock down" their remote users. While some approach the challenge by scaling back usage or restricting remote user access, the reality is that this is nothing more than a one-step-forward, two-steps-back approach.

Getting to Know You
A key element in meeting the remote access challenge is creating a rock-solid identity and access model. That has been an elusive target for many enterprises. We've seen a number of strategies for authenticating and authorizing users applied to improving VPN security, each of which has its own pros and cons. Some organizations are working with multi-password and other challenge response schemes, such as one-time passwords in an effort to lock down VPN access. The major complaint with these approaches is user acceptance. The number sequences are often difficult to read and enter. For schemes where the password is changed every minute, users often run out of time before they can complete the sequence.

 
Related Links
 
Seven Things the CIO Should Know About Telecommuting

Telecommuters Need to Develop Special Skills

Financial Questions for Telecommuters and Managers
 

IT managers have tried to address these issues by issuing "soft" tokens on laptops or desktops that automatically generate and/or submit a password. This creates another kind of security issue, however, if the laptop is lost or stolen, or someone copies software from those machines to plan an attack.

Issuing fobs or tokens for user identification can leave organizations vulnerable to man-in-the-middle attacks. Hackers can intercept the password entry from the fob and appear to connect legitimately to the system.

A highly effective solution is one that combines sophisticated identity management and strong encryption with entitlement-based communication and access to system resources. It is generally acknowledged that the most effective way to do this is through the PKI model, a powerful security scheme that employs a combination of cryptographic keys and is well suited for two-factor authentication implementations. PKI is effective because it uses two mathematically related keys—one public, one private. The public key is used to generate a digital certificate of identity that can be published and distributed. The private key remains secret.

remote user
Loading...
Security MarketSpace
Practical Approaches for Securing Web Applications
Enterprises understand the importance of securing web applications to protect critical corporate and customer data. What many don't understand, is how to implement a robust process for integrating security and risk management throughout the web application software development lifecycle. Learn more »
Smart techniques for application security: whitebox + blackbox security testing.
An Executive's Guide to Web Application Security
Since so many Web sites contain vulnerabilities, hackers can leverage a relatively simple exploit to gain access to a wealth of sensitive information, such as credit card data, social security numbers and health records. It's more important than ever to examine your Web application security, assess your vulnerability and take action to protect your business. Learn more »
Web Application Vulnerabilities
Security managers may work for midsize or large organizations; they may operate from anywhere on the globe. But inevitably, they share a common goal: to better manage the risks associated with their business infrastructure. Increasingly, Web application security plays a significant role in achieving that goal. Learn more »
Lower the Cost and Complexity of a Mobile Workforce through Automation
 Lower the Cost and Complexity of a Mobile Workforce Learn more »
Retooling IT for a Mobile Workforce
Check out this research note from IDC for guidance. Learn more »
Today's Risky Data Environment
This paper explains how an IT and security service provider can provide a practical, manageable and reliable solution. Learn more »
Business Continuity - Are You Always Open for Business?
This Oracle business brief explains how mid-sized can improve performance by creating an IT infrastructure that makes working faster, easier and more effective. Learn more »
 
SPONSORED LINKS
 

Making Consumer Two-Factor Authentication Simple and Cost-Effective

Mining the Cloud to Ease the Enterprise Compliance Burden

Solve Five Key IT Security Challenges with Cloud-Based Authentication

White Paper: Managed Security for a Not-So-Secure World

Secure Email and Web-Based Communication from Evolving Attacks

WagerWorks Takes Fraudsters Out of the Game using iovation

White Paper: A Security Blueprint Delivered From within the Network

Return on Information: Google Enterprise Search pays you back

Cut Costs & Green Your IT Operations with PC Power Management

White Paper: 4 Customer Service Myths

White Paper: Improve Agility with Operational Responsiveness

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

White Paper: Next Generation Remote Infrastructure Management

Seven Design Requirements for Web 2.0 Threat Protection

Increase UPS efficiency without sacrificing protection.

Learn how advanced forecasting tools can deliver significant business results for global corporations.

Lower IT Costs with Oracle Database 11g Release 2

White Paper: Visibility and the New Normal of Mobile Work

Taking the Service Desk to the Next Level

Learn about The Information Technology Infrastructure Library.

Return on Information: Google Enterprise Search pays you back. Get the facts.

VMware. The source for Business Infrastructure Virtualization.

ShoreTel tells businesses to untangle from competitors' complexity and turn to its brilliantly simple UC solution

Top Five CIO Challenges

Authentication as a Service by Forrester Research

Cloud-Based Authentication for Next-Generation Extranets

Mobile Security: The Essential Ingredient for Today's Enterprise

IDC White Paper: CCM for IT Compliance and Risk Management

Keeping Your Members Safe from Online Scams and Predators

Learn about the growing threat of insider data theft.

Upgrading to VMware vSphere with vWire

Maximizing website Return on Information with high-quality search

See how AT&T can help protect your network.

Webcast: Unleashing the Power of Customer Data

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

The Total Economic Impact of Network Security Intrusion Prevention

Generation Remote Infrastructure Management - Changing the Paradigm

Cloud-Based Email Management: Opinion Shifts In Favor

eBook: How Can You Make Your People Productive Anywhere?

Achieving Business Agility with Application Grid

Ready to virtualize tier one applications? Check your virtualization maturity.

Seven Ways ITIL Can Help You in an Economic Downturn

Tips for successful virtualization management.

AT&T Synaptic Storage as a Service. Expand on demand

Trend Micro ranked #1 against real-world malware. Read more.

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Streamline IT Costs. Boost Performance with WAN Optimization.

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords