Nmedia - Fotolia

Manage Learn to apply best practices and optimize your operations.

Preventing VPN security risks for mobile employees

Expert Kevin Beaver offers VPN security best practices, including how to prevent risks and secure VPN access for mobile employees.

A recent study of healthcare organizations' networks revealed 33% of malicious traffic was passed through or transmitted from VPN applications and devices. Can you explain the best ways to prevent VPN security risks, as well as the best ways to secure VPN access for our mobile users?

If I were a criminal hacker, I'd certainly try to launch malware attacks and similar exploits over virtual private network (VPN) communication channels. The sessions are encrypted, and thus, there's not an easy way to inspect this traffic. Furthermore, it's usually assumed that any VPN connections and traffic are trusted. After all, who else would it be besides the legitimate user, anyway? (If we only lived in such an ideal world!)

The real challenge with truly securing VPN connections involves two things:

1. Network admins and security managers need to get past the traditional mindset that VPN automatically equals secure.

2. Enterprises must secure the actual endpoint to prevent injections, exploitations or other compromises of the device itself.

Mobile users -- from clerks to executives -- are going to do whatever they can to get their work done and accomplish their personal tasks (and then some) on their mobile devices. It's up to you to set them up for success by working with management to establish reasonable mobile policies and enforce the policies with mobile device management, antimalware, a personal firewall/host-based intrusion prevention system and encryption technologies. Then you must ensure everyone is educated about what is expected, along with the ramifications of non-compliance. I honestly believe the formula is as simple as that.

Once your endpoints are secured, you can look to shore up any deficiencies in your VPN environment (namely, lack of system monitoring and event correlation, which will provide the insight you need to see the questionable things that are taking place) and you will end up with a reasonably secure remote access system that's resilient to malicious infections.

Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your questions now via email! (All questions are anonymous.)

Next Steps

Do split-tunneling features introduce VPN security risks?

Best practices to maintain VPN security

This was last published in October 2014

Dig Deeper on Secure remote access