Mobile devices and PCs are often the last thing
administrators think of when beefing up defenses. An NCC Group survey last year
showed that remote-client security updates are executed with less than
one-fourth the frequency of on-site workstations, and that one-sixth of remote
clients maintain no security at all.

Here
are the potential security holes and issues inherent when laptops log in to
your network—and a way to protect your users.

Remote laptop
risks

A
wireless laptop offers a wide assortment of treasures to a potential intruder:

  • IDs, passwords, and
    other access information for penetrating your wireless network and
    specific targets
  • A gateway to your
    company’s servers
  • A gateway to company e-mail
  • A gateway to the
    database if the laptop is used by roving salespeople or marketing
    representatives
  • Lots of personal
    information, such as credit card info, PIN numbers, and the user’s home
    address
  • The ability to spy on a
    telecommuter

Wireless laptops are company property that require access to an already enticing
intruder target, and they’re in the hands of employees with varying information
requirements and attention spans. That’s where a personal firewall can help.

How a personal
firewall works

A
personal firewall does for a single computer what a network firewall does for a
family of servers: It inspects inbound packets, scanning for forged IP
addresses and suspicious repetition (to detect DoS attacks, etc.). Beyond the
protocol level, some firewalls can also examine the contents of packets to spot
illegitimate use of cookies, questionable Active X content, and virus-bearing e-mail
attachments.

When choosing a
personal firewall, carefully evaluate what each firewall will and will not do. Some (but not all) personal firewalls can prevent someone from accessing your network via your client laptop’s ad hoc mode.

Once
a personal firewall is installed on your remote user’s laptop, make it a policy
that the firewall remain in place. If you can, take it one step further and
install the firewall as part of the ghost image placed on all of your company’s remote
laptops at the time of deployment or when upgrades occur.

Personal firewall
choices

If
your company’s laptops are running Windows XP, there’s a firewall built in. You
can enable it with these simple steps:

  1. Go to Start | Control Panel | Network And
    Internet Connections | Network Connections.
  2. Single-click
    on the connection category that you wish to protect (Dial-Up or LAN, High
    Speed Internet, etc.).
  3. From
    the Task Pane on the left, navigate to Network Tasks | Change Settings Of This
    Connection | Properties | Advanced.
  4. Choose
    Internet Connection Firewall.
  5. Check
    the box next to Protect My Computer And Network By Limiting Or Preventing
    Access To This Computer From The Internet.

You
can obtain further details on the strengths and limitations of XP’s firewall by
clicking
here
.

If
you’re not working with XP, here are links to popular personal firewalls:

  • Symantec/Norton
  • McAfee
    Security
  • ZoneAlarm
  • BlackICE
  • Tiny Personal Firewall
  • You
    can’t go wrong with any of these—unless you fail to put one in place!