News Stay informed about the latest enterprise technology news and product updates.

Flu pandemic planning: Don't forget WAN security and remote access

In a flu pandemic emergency, millions of people could be stuck at home for weeks at a time. Companies must prepare their wide-area networks to support increases in remote workers. When doing this, network engineers mustn't overlook security. And remote access could be a challenge for overburdened home broadband connections.

When preparing the wide-area network to support an enterprise during a flu pandemic emergency, there are two variables that network engineers should not overlook: network security and the last mile of connectivity for employees who may be forced to work remotely.

"Security will be an issue," said Kathy Lynch, senior product manager for managed services provider and global network integrator Virtela Communications. "Hackers will try to take advantage when companies are at a point of stress and IT managers are scrambling and so focused in other areas that it's a time to potentially launch an attack to gather corporate information or credit card information."

At Liquidnet Holdings Inc., a financial services company that enables Internet-based equities trading for asset management firms, IT staff will be monitoring network security consoles more closely during a pandemic to ensure that hackers don't try to take advantage of the chaos.

"During any situation, we always keep a close eye on our IDS [intrusion detection system] and firewalls," said Al Berg, head of security and risk management at Liquidnet. "So it will be closer monitoring of IDS, and even closer monitoring of our DLP [data loss prevention] solution, because people might forget the procedures and the processes they're supposed to be following."

Lynch said Virtela will be taking a similar approach for its clients. "We build in things like advanced event correlation to our security offerings and our SSL VPN platform," she said. "We can look across all our devices and identify unauthorized access attempts or unusual behavior. The IPS [intrusion prevention system] will catch that someone is trying to launch an attack, and it will route all that information back to the SSL VPN to say: "Turn off this end user's port because they are potentially launching an attack."

More on pandemic flu and the WAN
Network disaster planning for pandemic flu: Plan for the worst, get the best results (Podcast)

Network disaster recovery plan for avian flu threat

Network disaster recovery: Pandemic flu planning

Education of users will be critical to maintaining network security during a pandemic event. Many employees will be working from home for the first time, and many of them may not be equipped properly. Users stuck at home may not have corporate laptops available. Having a flexible network access control system in place that can grant varied levels of network access will be critical.

"We educate our users on how to gain access," said Peter Silva, technical marketing manager for F5 Networks. "If I'm coming in from my home computer, obviously you need to maintain your security posture and some policies for these untrusted machines. We go with a pre-login chat which can check such things as antivirus, firewall enablement, malware and client and machine certification. If the device itself maintains a certain security posture and if it abides by whatever guidelines we have for that security posture, then we allow them access to certain resources."

"There might be another path, where I know it's an untrusted machine but I know this is a valid user," Silva continued. "This machine might abide by some minimal requirements to gain access to certain services. We will allow them to access their critical resources, but we might not give them a full tunnel to the network. We'll give them access to Web-based applications so they can enter information into CRM or update a spreadsheet, but not be able to download and save it."

Millions of Americans working from home could overload broadband

Network security is something that enterprises deal with on a daily basis, and network engineers will have a number of products and policies that are tried and true. However, no one really has an idea of what will happen if millions of workers are forced to stay home and work remotely. This massive shift could put stress on the broadband Internet service providers.

"There is a little bit of a heightened [security] concern because so many things will be going on," Liquidnet's Berg said. "But the problem might not end up being attackers. It might be Internet capacity more than anything else. If we have a lot of people working from home and everyone else does as well, the load on the Internet, especially that last mile to people's homes, is going to be a problem."

Berg said this is doubly troubling to Liquidnet, since its customers access Liquidnet's services via the Internet.

"There's only a certain amount of mitigation we can do," he said. "You are pretty much relying on the carriers to have access capacity. The phone network has been engineered to ensure that even on the busiest of days, they can still maintain traffic. There have been plenty of opportunities for the phone companies to test that in real life. I don't think the Internet has ever had a similar event. On 9/11, you had millions of people going online trying to get news. But that was a relatively short period of time compared to what a pandemic might be. In a pandemic, you could be talking about multiple weeks where people would need to telecommute, and I don't think the Internet has been tested to that degree."

There are some steps enterprises can take to mitigate the risks associated with broadband overload. For instance, IT organizations can give employees multiple ways of connecting. Aside from relying on employees' home broadband connections, Ron Maillette -- executive vice president and CIO of Education Corporation of America, the parent company of a collection of for-profit colleges headquartered in Birmingham, Ala. -- has issued laptops with 3G and 4G wireless broadband cards to many employees. Others are equipped with Windows Mobile and BlackBerry smartphones that have tethering capabilities. So if one means of access fails, they have a second way to connect.

Enterprises might also try reducing the amount of data that has to cross the WAN and into remote workers' homes. Several WAN optimization vendors offer solutions to this problem with software-based versions of their data center-based appliances.

Silva, of F5 Networks, said he is skeptical of concerns over homebound workers putting stress on the last mile of the Internet.

"But I do agree that there are certain areas in the country where broadband is limited," he said. "Many people are just using dialup. There are going to be locations which will probably have issues."

Burton Group senior analyst Eric Maiwald said no one knows what to expect. Enterprises won't be the only ones that have to deal with increased absenteeism by homebound employees. The network service providers, the phone companies and the power companies that enterprises rely on to keep themselves connected with employees and customers will also be dealing with these problems. No one knows how well they will be able to keep things secure and running.

"There isn't an easy answer to this," Maiwald said. "You can walk through these scenarios, but we don't know what's likely to happen if a pandemic occurs. What happens to a society if 25% of the population is incapacitated? We don't know what will happen."

Let us know what you think about the story; email: Shamus McGillicuddy, News Editor or contact him via Twitter

Dig Deeper on Network application performance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.