Dear Readers,

I received a very informative comment from AA about the issue of security and remote working. AA gets into the more technical aspects of securing your data than I could so I thought I’d post his comment in a more prominent place for everyone’s benefit. Thanks so much, AA! Check out his blog at http://www.kalifasi.blogspot.com. FYI, the blog is in Greek but there is a translator button.

59

When accessing services of your business intranet remotely, the primary problem might be the “eavesdroppers”.

This means either someone who can pick the conversation between your laptop’s wireless card and the cafe’s Access Point off the air (and this can be done fairly easily today), or someone who can tap the communications, between your laptop and the computer it is connected at the workplace, on some point further down the line.(A bit more difficult but still possible)

These links can be made more secure either through a so called Virtual Private Network or for individual services via the so called SSH Tunneling.

In either solution, you create an encrypted link between the two communicating computers. The eavesdropper can still intercept your traffic but they would not make any sense out of it. On top of this you can use the so called “Certificates” to ensure that either end is indeed who it claims to be. (”The person connecting to my server right now is indeed my worker” and “The server i am connecting to right now is indeed the server of my company”)

The VPN requires a bit more work to be set-up but usually this is already available in businesses that require remote access for their workers. It is also less difficult to set it up at the client’s end (that is your laptop sitting at the cafe :-D )

If VPN is not available and all you want to do is (for example) check your email securely, then you can set-up a secure tunnel with SSH. This might be a bit counter-intuitive to get, at first, because you will be setting up a connection to your local computer which is then forwarded (by SSH) to the other communicating computer. But once you get this concept, setting up tunnels towards any service will be easy.
(A short tutorial available from here:
http://www.no-junkmail.com/Secure-Tunnel.html)…If your laptop is a linux machine then SSH is (most probably) built in and you can use it right away.

Apart from these actual dangers, remote users are always exposed to the common dangers of everyday browsing…like spoofing sites trying to get your credentials, scam emails, etc.
In this case, a good idea is to have a well written informative document (no more than 3-5 pages maximum, otherwise no one is going to read it :-/ ) to pass it to your workers letting them know what it is they are doing and what are the dangers they might be facing. This can be part of an overall security policy of the company

On the other hand, servers at the company’s end will also be exposed to a number of dangers and threats from the outside world. A well thought security policy can also help there.

Advertisements