Securing remote access points

Hackers love poorly configured remote access points, and why shouldn't they? Many times it can be an open door into a network without having to fuss with firewalls and intrusion detection/prevention systems [IDS/IPS] at the Internet border. The fact is, most networks have remote access points, and most of those access points don't employ decent security. Access points most often come in the form of dialup modem banks and VPN concentrators, and it doesn't take much to discover the phone number or IP address.

Most remote access points require only a static userID and password to log on to the network. If your remote access point doesn't require strong authentication you should probably count on the fact that somewhere out there an employee or vendor has setup a remote connection to your network with a saved userID and password. This means your network is available to anyone who opens that connection, including your employee's neighbor whose computer was used to check e-mail a month ago, and that vendor's employee who quit last week and took all his clients' remote access passwords with him.

Guide to Network Security
This guide introduces you to the main components in whole network security. You'll find articles, tutorials, tips, tools, white papers and more to pump up your network security quickly.

Products of the Year 2004: Network security devices and tools
Tip: When it comes to enterprise networks, security is our top concern. Find out which new security devices and tools can make your life easier.

To remedy this problem, it is best to implement some type of strong authentication, requiring a userID and a single-use password or biometric. RSA Security is one of the largest suppliers of remote access keychain tokens, which generate a single-use passcode every 60 seconds. Your vendors could be required to call your operations department to obtain a passcode for remote access, thus adding another layer of security when dealing with outsiders. By implementing a strong authentication system, saved passwords will no longer be an issue for remote connections.

Additionally, most remote access points don't inspect the remote computer for viruses or hacking software, and they usually don't watch the network traffic coming from such computers. If a user with a virus-infected PC or a hacker were to remotely log on to your network with such software, your network could be on the receiving end of a server compromise or a virus outbreak. To help prevent malicious activity from entering your network from a remote access point, it is best to have an IDS or IPS sitting inline between your remote access point and your internal network. Such a system should be capable of catching network-based attacks from hackers or hybrid viruses. Some systems will even prevent users from connecting to your network if their antivirus software is not up-to-date. It is also best if you can limit the ports allowed into your internal network.

By giving some attention to the authentication process and the traffic coming from remote users, you will greatly reduce the risk of your remote access points being a source of unwelcome company.

About the author
Vernon Haberstetzer, president of security seminar and consulting company i.e.security, has seven years of in-the-trenches security experience in healthcare and retail environments.

This tip originally appeared on our sister site, SearchSecurity.com.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT VPN security VPN security: Hiding in plain sight, using network encryption OpenVPN: Simplified, IPsec-like open source security IPsec VPNs for secure remote access IPsec and SSL VPNs: Solving remote access problems SSL VPN use fueled by security needs 10 remote access tips in 10 minutes A five-point strategy for secure remote access IPsec vs. SSL Authentication tops list of teleworking concerns Network Security Securing the new network architecture: Security for distributed, dynamic networks How to configure Windows Server 2008 advanced firewall MMC snap-in Security across network boundaries with Secure Mobile Architecture USB storage devices: Two ways to stop the threat to network security Network security: Using unified threat management (UTM) Network security: Empower users without endangering IT Network analysis -- Enhancing security assessments VPN security: Hiding in plain sight, using network encryption OSI: Securing the Stack, Layer 8 -- Social engineering and security policy Anti-spam protocols help reduce spam Network Security Monitoring Network forensics appliance gets storage boost and 10 GbE support Tracking NetFlow over MPLS helps airline with compliance Securing the new network architecture: Security for distributed, dynamic networks When it comes to data loss prevention, networking should be part of the conversation What is data loss prevention? -- An introduction to DLP What are the best methods for handling rogue access points? Internet monitoring vendor adds throttling, filtering, to its appliance How to interpret test scan results to assess network vulnerability Endpoint security locks down law firm's network Can a broadband network installer compromise your network security? RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.