Answer page: Secure telecommuting quiz

1. Answer: c. 36,000
In a statement, the VA said it believes the PC contains data on about 5,000 patients who received care at a Philadelphia medical center, and about 11,000 who were treated at a facility in Pittsburgh. The VA is investigating the possibility that the machine also has data on another 20, 0000 patients from its Pittsburgh facility. The data on the PC is believed to include Social Security numbers, names, addresses, dates of birth, insurance information, dates of military service and medical claim information.

To learn about the most recent Veteran's affair incident read our news article: VA desktop PC stolen, 36,000 could be at risk.
























































2. Answer: b. Store data on the client
It might seem that the best approach for telecommuters with sensitive data is to protect their laptops or remote desktops, but the best practice is in fact the opposite. Keep the data off the laptop, in the data center, hermetically sealed and safely behind your corporate firewalls. Allow remote access, but only by VPN, and always keep the data from being stored on the client.

To receive tactics for secure telecommuting read our Web Security Advisor tip: Telecommuting security: Protecting sensitive data inside and out
























































3. Answer: False
Keep all customer and sensitive data on hardened database servers inside your firewall. Leave nothing in DMZs or other areas exposed directly to the Internet. Prohibit the downloading of data to portable devices or the sending of it outside the company as an email attachment. In addition to written policies, technical controls that block USB ports, for example, can be set up. Besides physically carrying data out the door, it can also be sent through firewall "doors" attached to email, or posted on malicious Web sites.

To receive tactics for secure telecommuting read our Web Security Advisor tip: Telecommuting security: Protecting sensitive data inside and out
























































4. Answer: a. XAUTH
The mutual authentication methods supported by IKE are a good fit for site-to-site VPNs, but IKE does not support asymmetric user authentication methods like passwords, challenge/response exchanges and two-factor tokens, which are commonly used for remote access. To overcome this, many vendors implement non-standard enhancements like Extended Authentication (XAUTH).

To learn how to facilitate remote access read, Understanding IPsec identity and authentication options, from the VPNs and remote access lesson of our Identity and Access Management Security School.
























































5. Answer: PSK
Given this collection of ID Types and standard/extended Authentication Methods, how can you make the best choices for your own VPN? There are many factors to consider, including the number and type of endpoints involved, existing credentials and authentication databases (if any), interoperability needs, corporate security policies, and risk tolerance. PSKs are the easiest VPN credentials to generate -- and the easiest to compromise. PSKs, like passwords, are vulnerable to social engineering, and valid ID and PSK values are easy to share with those who should not have them. PSKs that are too short or simple are relatively easy to guess, and tools like ikecrack can automate this attack. Clearly, authenticating every user with the same PSK is a high-risk scenario. Authenticating a single gateway pair with a very long, random PSK known only to one admin presents less risk. If you must use PSKs, avoid disclosing associated IDs with Aggressive Mode.

To learn about choosing a secure authentication mode for your remote access VPN read, Understanding IPsec identity and authentication options, from the VPNs and remote access lesson of our Identity and Access Management Security School.

This was first published in August 2006

Dig deeper on Secure Remote Access

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close