Secure the telecommuter's office sensibly and easily

InfoWorld - Distributed organizations, telecommuting, working from home -- no matter how you slice it, the home office represents one of the biggest security headaches IT departments must face. Companies are finding that it's one thing to protect systems in-house and another thing altogether to enforce standards in the spare bedroom. There's no hard-and-fast solution that will work for everyone, but by taking elementary precautions, businesses can save themselves a lot of headaches on the home front.

Some well-heeled companies may take the maximalist approach by restricting remote employees to using only company-owned PCs for accessing company-provided broadband services. Often, these devices have their configurations locked down with little difference from PCs in the company offices. This works to some extent when you have a well-defined and well-funded telecommuting program. Unfortunately, many companies haven't chosen that path.

In many cases, telecommuting policies are ad hoc, set up on a case-by-case basis. The employee, rather than the business, may make the arrangements and thus has a sense of ownership. Too often, we see home workers treated with an attitude of "You're on your own." It's understandable to expect a telecommuter to be able to handle basic systems maintenance, but not everyone has the time to become his own security expert. The result, as we've seen many times over, is a security breach.

Although the maximalist approach solves some of the biggest home-worker support issues, such as determining who is responsible for maintenance and upgrades, it often ignores the security weaknesses that exist in today's broadband networking options. A big problem is the built-in networking of Windows systems. Notwithstanding the known vulnerabilities of NetBIOS and the various LAN Manager and Windows security schemes, there's a bigger issue: When millions of machines have been configured to the same default settings, it should come as no surprise when someone in Peoria finds his system being probed by someone using a computer in Norway.

The emerging personal firewall software market offers several products that address networking vulnerabilities at the desktop level. Leading vendors in this space include Network ICE Corp. (acquired by Internet Security Systems Inc. in Atlanta), Sygate Technologies Inc. in Fremont, Calif., and Zone Labs Inc. in San Francisco, as well as more familiar companies such as McAfee.com Corp. in Sunnyvale, Calif., and Symantec Corp. in Cupertino, Calif. Good desktop firewalls can be had for free, but most commercial packages cost $40 to $60, and they sometimes include antivirus capabilities.

These desktop firewalls are a good first step but hardly a complete solution, because they