Manage Learn to apply best practices and optimize your operations.

Managing remote workers: Musts for setting up a secure home network

Is it the enterprise's responsibility to ensure that remote workers' home networks are secure? And, if so, how should they do it? Get expert advice from Nick Lewis.

What sort of ethical (and perhaps practical) responsibility does an enterprise have to make sure its home/remote workers properly secure their home networks, particularly by properly configuring and updating their home routers? It seems like researchers are always finding new ways to exploit home routers, especially the most common ones, and it can result in vulnerable enterprise clients. What can be done, or is this a losing battle?
An enterprise's ethical and practical responsibilities to make sure its home/remote workers are setting up a secure home network are two different things. Both heavily depend on the specifics of who is supporting the network, providing the equipment and how often the user uses his or her network for work purposes. If a remote user frequently uses equipment provided by the enterprise and supported by the enterprise, ethically, the onus will fall on the enterprise to keep the user secure. Practically, it is difficult to ensure a securely configured network and that the system maintains its secure state given that new vulnerabilities are identified frequently and that managing remote workers is generally difficult.

Many exploits, however, take advantage of those who do not change their home router default passwords, so this should be one of the first things that's addressed if the enterprise is provisioning users' home routers, along with other insecure default settings. Minimally, be sure to securely configure the equipment you provide users and offer guidance or direct them to external resources on how to secure their home network if they are using their own equipment to access the enterprise network.

The bigger question is how to secure the computer that is in use at home and the connection between the computer and the enterprise network. You may want to assume that the local network or any network is hostile, and configure users' computers and remote connections to be resilient to attacks by using a host-based firewall and verifying that connections to your network are secure. Even if securing the home network is a losing battle, the most important points are to configure your computers securely, provide secure remote access to your enterprise network by using a VPN or similar technologies, and educate your users with basic information security skills to help prevent serious security issues.

This was last published in August 2010

Dig Deeper on Secure remote access