Remote user security checklist

At some point in time, odds are you've had remote users connecting to your network. Telecommuting has several proven productivity and environmental benefits, but it doesn't come without its drawbacks -- mostly in the form of information security risks. What happens if your remote users' computers have viruses or they transmit sensitive e-mails and instant messages over an unsecured wireless link? How about when systems that aren't properly protected can connect directly to your network -- thus offering a direct inbound link to anyone wanting to get inside and poke around maliciously.

Arguably, lots of bad things can happen. Unauthorized information access can take place, information leakage can occur, and there's always a possibility that malware can seep in through your otherwise hardened network border.

Before you create any new policies or lock down your remote systems, it's very beneficial to determine which remote access vulnerabilities currently exist in your environment. Doing that not only finds missing patches, but it also digs in deeper to find misconfigurations, unnecessary shares, null session connections and other exploitable vulnerabilities you would not otherwise be able to dig up easily. I suggest you use a vulnerability assessment tool such as Tenable Network Security's NeWT, GFI Software Ltd.'s LANguard Network Security Scanner (my favorite low-cost scanner), Qualys Inc.'s QualysGuard (my favorite scanner overall).

Use one (or more) of these tools on your internally supported images for laptops and desktops and, if it makes sense, test remo

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows desktop security tips How Windows 7 stands up to security tests Securing sensitive data on Windows-based laptops Gathering and documenting your Windows desktop security policies Windows desktop security standards documentation best practices Desktop security preparation for a new wave of Windows apps Four Internet Explorer 8 group policy security settings The state of enterprise security and emerging threats in 2009 Why should Windows shops use Microsoft Baseline Security Analyzer? A first look at Windows 7 security enhancements Using Sysinternals tools in security management scenarios Windows Mobile device management Mobile Device Manager joins Windows domains to mobile devices Citrix aims to dazzle with self-service portal, iPhone client Windows desktop endpoint security challenges podcast series Windows Mobile security tips for the on-the-go pro Security tools that can boost Windows mobile security Windows mobile security: Get it locked down Endpoint security quiz Endpoint security Step-by-step guide: Laptop hacking Step 2: How to crack a laptop Windows passwords and permissions management Windows desktop endpoint security challenges podcast series How to strike a balance between Windows security and business needs Build secure computer password policies Reduce resistance to creating strong computer passwords Unauthenticated vs. authenticated security testing Step 1: Know your hardware Step 2: Configure the drives Step 3: Edit the local policy Top client security tips of 2006 Password security FAQs

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary key-value pair  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

te systems owned by your users as well. If the latter is not an option for political or resource limitation reasons, you could easily document instructions for your remote users to do it themselves. Consider having them install and run the Microsoft Baseline Security Analyzer (MBSA) on their systems and sharing the reports with you. You could even automate this via login scripts and/or Group Policy in Windows. Remember, there are reasons your organization's assets must be protected.

Once you've determined where your weaknesses exist and have addressed the issues, use the following checklist of common and not-so-common security safeguards to be sure you've got your remote systems locked down:

For systems configured to use 802.11-based wireless (or ones that may be used as such in the future), don't forget the following safeguards:

These relatively simple and mostly free remote access safeguards, combined with a reasonable information security awareness program, will go a long way toward securing your offsite computers and protecting those things you cannot afford to lose.

About the author: Kevin Beaver is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 17 years of experience in IT and specializes in performing information security assessments. Beaver has written five books, including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver @ principlelogic.com.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.