Mobile devices and PCs are often the last thing
administrators think of when beefing up defenses. An NCC Group survey last year
showed that remote-client security updates are executed with less than
one-fourth the frequency of on-site workstations, and that one-sixth of remote
clients maintain no security at all.
Here
are the potential security holes and issues inherent when laptops log in to
your network—and a way to protect your users.
Remote laptop
risks
A
wireless laptop offers a wide assortment of treasures to a potential intruder:
- IDs, passwords, and
other access information for penetrating your wireless network and
specific targets - A gateway to your
company’s servers - A gateway to company e-mail
- A gateway to the
database if the laptop is used by roving salespeople or marketing
representatives - Lots of personal
information, such as credit card info, PIN numbers, and the user’s home
address - The ability to spy on a
telecommuter
Wireless laptops are company property that require access to an already enticing
intruder target, and they’re in the hands of employees with varying information
requirements and attention spans. That’s where a personal firewall can help.
How a personal
firewall works
A
personal firewall does for a single computer what a network firewall does for a
family of servers: It inspects inbound packets, scanning for forged IP
addresses and suspicious repetition (to detect DoS attacks, etc.). Beyond the
protocol level, some firewalls can also examine the contents of packets to spot
illegitimate use of cookies, questionable Active X content, and virus-bearing e-mail
attachments.
When choosing a
personal firewall, carefully evaluate what each firewall will and will not do. Some (but not all) personal firewalls can prevent someone from accessing your network via your client laptop’s ad hoc mode.
Once
a personal firewall is installed on your remote user’s laptop, make it a policy
that the firewall remain in place. If you can, take it one step further and
install the firewall as part of the ghost image placed on all of your company’s remote
laptops at the time of deployment or when upgrades occur.
Personal firewall
choices
If
your company’s laptops are running Windows XP, there’s a firewall built in. You
can enable it with these simple steps:
- Go to Start | Control Panel | Network And
Internet Connections | Network Connections. - Single-click
on the connection category that you wish to protect (Dial-Up or LAN, High
Speed Internet, etc.). - From
the Task Pane on the left, navigate to Network Tasks | Change Settings Of This
Connection | Properties | Advanced. - Choose
Internet Connection Firewall. - Check
the box next to Protect My Computer And Network By Limiting Or Preventing
Access To This Computer From The Internet.
You
can obtain further details on the strengths and limitations of XP’s firewall by
clicking
here.
If
you’re not working with XP, here are links to popular personal firewalls:
Security
You
can’t go wrong with any of these—unless you fail to put one in place!
Daily Tech Insider Newsletter
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
Delivered Weekdays
