Mobility and Security Trends

According to a survey done by IDC, in next 3 years around 70% of the task

force worldwide will be working remotely. Traffic congestion, increased cost of

travel, slowdown and lots more are making work from home or mobile working a

major trend. Subsequent to growth of this trend, threat to corporate networks is

also increasing. Today if a single machine with the authentication to access the

data center is hijacked, take it for granted that the whole corporate network is

hijacked. And now the attacker doesn't even need to be in the perimeter of the

enterprise to do so.

Just to mind the seriousness of this problem, recall how many times you have

accessed an unsecure network at a coffee shop or at your neighbour with the same

laptop or smart phone which you connect to your office VPN? We all must have

done this a couple of times. Or if you have ever lost a laptop or a smart phone,

remember how many passwords and usernames of your organization's critical

services were saved in your email? Now if you think that your Windows password

is going to protect all this crucial data from the prying eyes, think again. A

simple Live OS which can boot from a CD or a USB can let a hacker open and read

your password files with ease. Well to make it tougher, most of the password

protected document files can also be easily cracked by using some every easily

available off the shelf tool.

Going back to my example of using insecure hotspots, well, if you are

connecting to AP which you don't know or don't trust, and sending data over the

network, rember, these can very easily be read by anyone connected to the same

network. They can even do eavesdropping to capture your corporate VPN login ID

and password and can then connect to your corporate network very easily. So by

doing all these small mistakes we are not only making ourselves vulnerable but

also making our organizations vulnerable.

You must be thinking by now, should I stop promoting working remotely or

working from home? I am sure that's not a very good idea. What to do then? If

you just take care of two very simple things, a majority of such problems can be

easily tackled. These two suggestions will only work well if you already have

the basic security settings such as a OS firewall, an anti virus, a spam filter,

etc. The two other things which all the mobile users of an enterprise should do,

and the companies should have in their mandate are; everyone should have an

encrypted hard drive, to make sure nobody can read the content in the drive by

bypassing the Windows authentication, and secondly, nobody should access any

unwanted network for getting the VPN connection. Both the issues can be easily

resolved by either deploying proper policies or by educating the users. The user

should be educated about the possible consequences of using a rogue hotspot, and

if required ADS based polices can also be pushed to the mobile devices to

permanently disable the access to unsecure APs.

On the other hand, if you own a laptop with Windows Vista Professional and

upward, then you can use the Windows feature called Bitlocker to encrypt your

drive. This features uses the hardware security functionality called the TPA and

can encrypt your hard drive. This software works directly on the chipset level

and as a result it is very secure.

If you don't have a Vista Professional loaded machines, don't get

disheartened. There are many open source applications which can encrypt your

hard drive. One such free application for Windows is truecrypt and you can find

it at http://www.true crypt.org/.



Not only for hard drives but also for the communications such as email,
corporate IM, VoIP etc, only encrypted data streams should be used.

To end all these thoughts, the final verdict is: if we want to see a future

of working from home and working mobile, you have to be alert about the common

security threats and rely more and more on encryption whenever it is about your

crucial corporate data.