You do all you can to support your users and protect them when they are on the enterprise network. You have to send them out into the world sometime, though. Are your clients aware of the risks they face when they use unfamiliar networks?
Redmond Magazine cites a recent study that evaluates the safety of the Internet connectivity provided by hotels. The results of the Cornell University investigation are not that surprising:
"[H]otels in the U.S. are generally ill-prepared to protect their guests from network security issues," concluded the study, titled "Hotel Network Security: A Study of Computer Networks in U.S. Hotels."
One thing that makes the study interesting is that the university's School of Hotel Administration had some pretty savvy technologists involved in their evaluation. They considered issues like network topology and infrastructure and offered some practical suggestions for addressing security shortcomings.
The researchers recommend that for maximum security hotels should set up Virtual Local Area Networks (VLANs). "If one were to set up VLANs on all ports in the hotel — that is, to make every single room its own VLAN — the chances for Address Resolution Protocol spoofing and other hacks are minimized," the report concluded.
The researchers at Cornell should be commended for drawing attention to this problem. Hotels have to realize that slapping up a couple of open WiFi access points is not going to cut the mustard anymore. Paying customers deserve better protection. Until the day they get the message, though, it is up to us to make sure that mobile workers have everything they need to compute safely. Here are some thoughts on reducing the risk to your users:
- Not everyone needs to be mobile. It used to be that portable computers were out of reach for most people due to a higher price point. Now that they are more affordable, some managers wonder why they shouldn't have everyone on a laptop. Mobile computing is not a right. If there is no business need for a user to work from off-site, keep them on a desktop tied to your enterprise network.
- Make sure that any Web services you run are secure and don't employ more than you need. Make sure VPNs and SSL security is employed.
- Your users should not be logging in to administrator accounts. I used to set my mobile users up as local admins, in case they needed to install a driver or something when they were away. These days, the risk is too great to allow that kind of freedom.
- Knowledge is power. Train your mobile users in safe computing principles and explain the security tools that you're using. A well-informed staff is the best defense for your network.
TechRepublic's User Support newsletter, delivered Tuesday and Friday, features blogs, tips, and white papers designed for IT support pros. Automatically sign up today!