The U.S. Postal Service recently suspended teleworking after a reported breach, yet I think there's an argument to be made that VPN connections are by and large very secure. In the event of an internal network breach, in what scenarios would there be a legitimate case to disallow VPN use for a period of time?
I believe VPN and related remote access technologies are great for connecting teleworkers. That said, secure VPN access is usually not the problem in these types of breaches. Instead, it's the broad lack of visibility and control that network and security admins and analysts have related to their networks.
For example, organizations with networks that fall victim to these attacks often have a shortcoming in one of three areas:
- Knowing what information (and users) are where
- Understanding the risks
- Doing something about it
If they weren't forced to, many organizations would go indefinitely without ever performing an information risk assessment. You can't secure what you don't acknowledge. It's easier to ignore the underlying basic security principles than to seek them out because once you've uncovered the issues, you have to do something about them or you'll be called out on your oversights by a savvy incident responder or lawyer. The "doing something about it" part involves people not having the proper technologies to prevent or at least detect such breaches, including:
- Proactive network alerting/monitoring
- Security information and event management
- Enterprise-wide password enforcement
- Proper advanced malware detection
- Network access control
- Data loss prevention
You can have all the security policies, procedures and standards you want around secure VPN access and teleworkers. However, unless and until you have a means to enforce everything through these types of technical controls, you're going to remain at risk.
Government agencies such as the USPS should be familiar with the concept of "trust but verify", but obviously they're losing the battle.
Just do the best you can; the more insight and information the better. Otherwise, you're blindly trusting that all is well on the network and it's often not.
Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)
Get pointed advice on encouraging safe teleworker wireless LAN use
Dig Deeper on Secure remote access
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading