Consider this: If you or an employee is using free Wi-Fi in some local café, in a matter of seconds a hacker can manipulate your machine into a "man-in-the-middle" scenario, where the device is now a conduit that sends data right to the bad guy. Once a device is compromised, login credentials (corporate mail server, bank accounts, LinkedIn.com, Facebook.com, etc.) can be harvested by using SSL Stripping.
Unfortunately, unless trained to detect such intrusions, end users don't notice anything unusual happening on their devices. To prevent hackers from entering corporate networks via open access hotspots, the following cautionary steps can be taken:
* Use multifactor authentication on VPN connections. Both Google and Facebook support this.
* When working off-site, use a "no split" connection for VPN access. This configuration forces all traffic headed to the Internet to go over the VPN and out to the Internet from there. "No Split" basically means Internet traffic is not split off from the VPN traffic to the office. This strategy also reduces the possibility of a man-in-the-middle situation.
No-split, however, has an obvious downside: it increases traffic volumes on the corporate Internet connection. For this reason, it should be reserved for use in highly public areas such as airports or when working on sensitive corporate documents. At home, a regular VPN is usually fine especially if users are engaged in a lot of personal Web browsing and not connecting to servers that host confidential information. Obviously it's a practice of balancing risk scenario where the end user needs to consider the environment they are in before deciding to make a VPN connection.
To enforce the use of no-split VPNs, server administrators should ensure that their sensitive servers cannot reach the Internet. Generally, they are blocked at the Internet router. Scheduled access can be granted for updates then blocked again once the updates are complete.
* If public Wi-Fi access is necessary, refrain from conducting any financial activities or visiting sites where you need to enter login information. Instead use a cellular connection for bank transactions when it is absolutely necessary. Pick up a mobile hot spot device from your cellular provider if you need to access protected resources where only public Wi-Fi is available.
Beyond these infrastructure tweaks, here are some additional security tips that bear repeating:
* Use common sense - don't stick USB keys into your computer that you find on the ground.
* Tablets and smart phones controlled by the company should have a lock code, and they should be configured to allow remote wiping.
* When lost or stolen equipment is reported, VPN appliances should be configured to send the IT department notification if device traffic continues.
* Some VPN clients can be configured to auto-connect with "no-split" as soon as the PC is turned on. This strategy is a second level security step for users who tend to forget about best security practices.
Ongoing analysis will also help expose malicious activity. Administrators should send flows created by VPN connections to a NetFlow/IPFIX analyzer. Enterprise-level flow collection appliances scour the flows for odd behavior signatures such as:
* Host reputation lookups: Hosts communicating with other hosts with poor Internet reputations
* Observation of TCP flags to uncover various types of network scans
* Comparing current to archived baseline behaviors
* Calculating flow ratios as well as byte/packet counts to unique destinations.
The Internet of Things (IoT) is everywhere and its use is growing fast. IoT is used by local governments to build smart cities. It’s used to build smart businesses. And, consumers are benefitting as it’s built into smart homes and smart...
The number of security incidents involving mobile devices has increased over the past year, but companies are not protecting their mobile assets as well as they do other systems. One in three organizations admitted to suffering a compromise due to a...
Digitally transforming enterprises are now able to seamlessly integrate a myriad of service providers and business partners globally through diverse private interconnections. Equinix’s Global Interconnection Index volume 2 (GXI2)...
Digital transformation and cloud security have led to a dramatic shift in how enterprises manage their applications and infrastructure. These two trends have developed into business necessities and have also changed the relationship between the...
Slack has given large business customers control over the keys used to encrypt and decrypt data created in its team collaboration application. The enterprise key management (EKM) feature was initially unveiled at the company’s...
Rapid digitalisation has resulted in a surge in both the number of endpoints and the means by which cybercriminals can infiltrate enterprise networks. Around the globe, the total financial damage due to cybercrimes is predicted to reach $8 trillion...
Mobile employees, distributed enterprises, and the move to the cloud are all forces that are driving organisations to transform their networks. But what about the arrival of 5G? Are you prepared for how that will affect your network? The growth...
For all the criticism that Amazon Web Services has received for allegedly stripmining open source software for corporate gain, the company that should perhaps scream loudest is no defenseless startup. It’s Google. At a recent AWS Summit,...