Information Security

Defending the digital infrastructure

iSTOCK/GETTY IMAGES

Manage Learn to apply best practices and optimize your operations.

Home office security: Seven ways to secure remote employees

Fred Avolio outlines seven strategies enterprises should use to ensure their remote employees participate in good home office security.

"You've got mail" never sounded worse than in September. For many of us, every download brought a new email carrying the Swen worm (aka Gibe and Worm.Automat).

Guarding against viruses and worms is old hat for enterprises. They've configured corporate email servers to reject messages with executable attachments, and have gateway AV scanners for detecting malicious code passing over the wire. But how do you extend that protection to home-based workers and road warriors?

Your remote users connect from home PCs, laptops, and public terminals to get email. They have high-speed Internet connections and small networks shared with other family members. They're easy targets.

To protect home and remote workers, I suggest these seven essential practices.

1. Antivirus. Set up the AV software to check for and automatically install weekly updates. Require users to manually check for updates when they hear about a new virus or worm. It's a simple and effective way to prevent infections.

2. Vendor Updates. This may sound crazy to some, but enable your PC to periodically check for and automatically install critical updates. Best practices may say never install a patch without testing it, but automatically deploying critical patches -- especially for mundane desktop apps -- is a no-brainer since you'll end up doing it anyway.

3. Firewalls. If the AV app doesn't stop a worm, a PC firewall should raise a stink when a program other than your e-mail client or Web browser attempts an outbound connection. In most cases, it will prevent the worm from spreading. There's a number of good software firewalls -- some free, such as Zone Labs' ZoneAlarm. To protect multiple systems, consider mandating small office/home office (SOHO) hardware firewalls. These devices won't stop another Swen from spreading, but will prevent the exploitation of services such as the recent Microsoft RPCSS buffer overrun.

4. VPNs. VPNs or other confidential-connection schemes protect against eavesdropping and connection hijacking. With a VPN, you can allow remote users to securely access resources on the inside of your enterprise network. With some VPNs, you can ensure that only policy-compliant systems connect.

5. Configuration Management. Speaking of policy compliance, all the security products in the world won't make a bit of difference if a user disables or modifies his machine's safeguards. And users -- despite security policies -- install unauthorized software, change system controls and disable security solutions for any number of reasons, mostly to improve their machine's performance. Some enterprises won't permit remote connection if a system doesn't have the proper configuration and security protections. One such solution is Sygate's SSE, which ensures a user's machine is compliant and also facilitates updates.

6. Filter Attachments. If your corporate email gateway doesn't strip attachments, set it to do so. Users rarely have a legitimate business need for receiving non-Office attachments, such as .exe. Users who actually need these file types can get the sender to Zip them or ask their email admin to manually forward them. Filtering will prevent dangerous scripts from landing in your users' inboxes.

7. User Education and Awareness. This is absolutely essential. AV may not catch a new virus, patches don't always take, and firewalls may fail open. In such circumstances, you want your users to think before they download and open that attachment from their Hotmail account. Ultimately, users are your biggest weakness and your last line of defense. Give them the knowledge to act appropriately.

No security measure is a guarantee against malware infection, but these seven steps will help mitigate the risk to your remote users.

About the author:
Fred Avolio is president and founder of Avolio Consulting, a Maryland-based computer and network security consulting firm.

Article 10 of 15
This was last published in November 2003

Dig Deeper on Network Access Control technologies

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I think this article addresses something that is often overlooked in the enterprise - home office security. The company I work for certainly implements the first four approaches, but has recently started to act a bit more lax towards configuration management. I think that part of the reason is due to increased educational efforts and user awareness, with users becoming more tech savvy. But that also brings an additional concern in that many users are starting to install unauthorized software, change system controls and disable security solutions to get their work done more efficiently, especially at home where the security risk is potentially more real.
Cancel

Get More Information Security

Access to all of our back issues View All

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close