Computerworld - I recently changed positions and have been trying to understand the many projects already under way here. The most vital of these is a planned virtual private network (VPN) rollout. My company has many staffers who travel, as well as those who want to work from home.
Today, these people use ISDN or dial-up lines. These have very high-price rates for calls from hotels and high fixed-cost line rental and call charges from staffers' homes. If the security team and I could let users connect using existing broadband Internet connections, the performance would be better and the costs lower.
Many users appear to be connecting company laptops directly to the Internet to get fast access, but their systems get infected with viruses or worms and then propagate the infections by connecting to internal company systems. Given that, a VPN should dramatically improve security as well as save the company money.
Unfortunately, the project has been in the works for 18 months and still hasn't delivered a workable system. I was flabbergasted, since I've always run projects on a three-month cycle.
It's now just three weeks until the go-live date, but there's one huge problem that must be resolved. The IT team has put together a software package for the laptops that includes a VPN dialer and security products. This package will sit on our standard software build and include antivirus software and a personal firewall. Although the machine will be connected to the Internet, the firewall will block all inbound and outbound connections other than the VPN link.
That sounds great, but the testing that my team did revealed that the firewall loads as a service when the operating system boots and shuts down when the user shuts down the machine. Since the networking software runs as a service on top of Windows, the machine is unprotected for at least 30 seconds during boot-up and shutdown.
Worst-Case Scenario
In the worst case in our testing, it took more than two minutes for the firewall to load and start doing its job. Why doesn't it just load the protection before starting the network? Or start the network without configuration, then load the protection and configure the network?
I won't mention the name of the software vendor, since I want it to have a chance to fix the problem. I'm pretty sure the problem affects some other vendors' products, so if you have a personal firewall on your machine, it might be a good idea to check that you don't have the
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
