Guarding against malware infection from remote users

Also, specify in your policy that the corporation reserves the right to search the computers of any VPN users across the network, again, regardless of whether the system is owned by the employee or the corporation. Employ a warning banner to launch during the VPN login that requires users to click "OK", acknowledging that their personal systems could be searched remotely when an incident occurs. Enlisting permission from the system owner -- the employee, allows your incident-response team to legally conduct the analysis required to address the problem. Without this policy and warning banner, you have no business searching an employee-owned machine. Alternatively, you can create a policy that limits VPN access to only corporate-owned computers. Of course, your company will need to purchase machines for all telecommuters, so make sure the budget can adequately afford you going that route.

Fortunately, many VPN gateways now offer the capacity to interrogate the client to ensure the host system is running an active AV tool with up-to-date signatures and a personal firewall. Activate these capabilities if your infrastructure supports them; Users wanting access to the corporate playground, first must prove they won't infect the other kiddies. Also, make sure your VPN gateway passes all traffic through a firewall that performs comprehensive filtering -- only allowing access to absolutely required services and only to those servers that each remote user needs. Furthermore, consider deploying network-monitoring tools, including network-based intrusion-detection and intrusion-prevention systems, on network segments associated with the VPN and filtering devices -- this will enable you to detect and thwart attacks early.

About the author
Ed Skoudis, CISSP, is cofounder of Intelguardians Network Intelligence, a security consulting firm, and author of Malware: Fighting Malicious Code (Prentice Hall, 2003).

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Threat Monitor,   NAC and Endpoint Security Management,   Secure Remote Access,   Enterprise Network Security,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threat Monitor Cut down on calls to help desk with cybersecurity awareness training How to detect software tampering How to prevent phishing attacks with social engineering tests An enterprise strategy for Web application security threats How SSL-encrypted Web connections are intercepted How a corporate Twitter policy can combat social network threats Cyberwarfare and the enterprise: Is the threat real? Software security threats and employee awareness training Newest malware threats How to defend against rogue DHCP server malware Secure Remote Access Endpoint protection best practices manual: Combating issues, problems Best Mobile Data Security Products Perimeter defense in the era of the perimeterless network Securing the intranet with remote access VPN security What security software should be installed on Internet café computers? Information security book excerpts and reviews Diverse mobile devices changing security paradigm Cisco warns of security appliance flaws How to configure NAP for Windows Server 2008 Can home PCs provide a way for viruses and spyware to enter a corporate LAN? RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary authentication  (SearchSecurity.com) RADIUS  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.