alphaspirit - Fotolia
When users are able to access a local area or wide area network using the same physical connection used to access the Internet or other public networks, security issues can occur if you don't know what information is going through and across your VPN. Take split tunneling. If users are permitted to edit the VPN configuration, they could use split tunneling to access external websites directly instead of going through a secure VPN tunnel, perhaps as a means to speed up Internet access. In this scenario, employees have created potential network vulnerabilities.
Preconfiguring VPN clients and applying parameter locks that a user cannot change enables enterprises to require full tunneling. This eliminates the threat of split tunneling by requiring that all traffic be funneled through the VPN and firewall, thus ensuring that whenever employees connect to the network, they're unable to access forbidden or unsecure sources.
When network administrators preconfigure their VPNs with the highest security settings, the benefits are immediate. Since all network traffic funnels through the secure VPN tunnel, the threat of malicious attacks are minimized and hackers won't be able to snoop on data in transit.
Centrally locking parameters reduces the complexity of configuration possibilities by only showing settings that are relevant for a user's work environment. Also, when parameters are set up to prevent a user from changing them, misconfigurations and undesired connection setups are avoided. But, preconfiguration and locked parameters produce another benefit as well -- greater productivity and more efficient deployment of IT resources. Network administrators won't be taken away from their other critical tasks to fix a VPN configuration.
Risk posed by end devices can also be limited by network location awareness that enables computers to automatically recognize secure and unsecure networks and change security settings accordingly, such as firewall rules. To provide further security, network administrators can centrally set parameter locks to prevent users from bypassing the security policy, such as deactivating, deleting or changing firewall filter rules. With location awareness, even security-sensitive locations like public hotspots can serve as access points to the company network.
Protecting against threats requires a firm defense
To stay on the offensive against threats to network security and secure remote access, IT departments must see the value of taking a defense-first approach. Preconfiguring and locking VPN client parameters are simple preventative measures that minimize the threat of malicious attackers, proving that for network administrators, at least, the best defense is really just a good defense.
How to prevent VPN security risks for remote employees
What to consider when choosing a VPN traffic monitoring tool
Six steps to securing your VPN implementation
Is a VPN the most secure remote access method?
Dig Deeper on Network Security Monitoring
Related Q&A from Julian Weinberger
How should cybersecurity-enforcement efforts adapt as digital assistant devices become more pervasive in business enterprise networking to safeguard ... Continue Reading
Public hotspot security needs to be carefully considered by IT departments and traveling professionals to prevent breaches of sensitive corporate ... Continue Reading
VPN evolution has seen a shift in connectivity -- from point-to-point to sophisticated, multipoint connectivity systems. Continue Reading