Computerworld - If you have given your trusted employees and key contractors remote access to your network via a client virtual private network (VPN), congratulations! By now, you have seen the productivity and cost benefits from allowing collaboration that surmounts geographical separation.
You may also have discovered that keeping your network secure is now even trickier than it was, because each uncontrolled remote computer potentially creates another avenue of access to the network for attackers. Here are 10 tips to help secure your network while ensuring the benefits of your VPN.
1. Use the strongest possible authentication method for VPN access. Exactly what this is will depend on your network infrastructure, and you should check your VPN or operating system documentation to determine your options.
For example, on a network with Microsoft servers, the most secure authentication is provided by Extensible Authentication Protocol-Transport Level Security (EAP-TLS) used with smart cards. These require a public key infrastructure (PKI) and incur the overhead of encoding and distributing smart cards securely. On these networks, Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAP v2) and Extensible Authentication Protocol (EAP) provide the next best authentication security.
Password Authentication Protocol (PAP), Shiva Password Authentication Protocol (SPAP) and Challenge Handshake Authentication Protocol (CHAP) are too weak to be allowed.
2. Use the strongest possible encryption method for VPN access. On a network with Microsoft servers, this is Layer Two Tunneling Protocol (L2TP) over Internet Protocol security (IPsec). Point-to-Point Tunneling Protocol (PPTP) is too weak to be allowed, unless your client passwords are guaranteed to be strong (see tip No. 6). OpenVPN, a Secure Socket Layer (SSL) VPN, can be run with TLS-based session authentication, Blowfish or AES-256 encryption, and SHA1 authentication of tunnel data.
3. Limit VPN access to those with a valid business reason, and only when necessary. A VPN connection is a door to your LAN, and should only be open when it needs to be. Remote employees should be discouraged from connecting to the VPN all day to check e-mail (see tip No. 5). Remote employees and contractors should also be discouraged from connecting to the VPN to download commonly needed files (see tip No. 4).
4. Provide access to selected files through intranets or extranets rather than VPNs. A secure HTTP Secure (HTTPS) Web site with safe password authentication (not basic authentication) exposes only selected files on a single server, not your whole network, and scales better than a VPN.
5. Enable e-mail access without requiring VPN access. On Microsoft Exchange servers, set up an Exchange proxy server to allow Outlook to access Exchange via remote procedure call (RPC) protocol over HTTP, protected by SSL encryption.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Four Little-Known Ways WAN Optimization Can Benefit Your Organization WAN optimization has evolved into a complete system that optimizes traffic across a broad range of most popular applications while providing deep visibility...
- SharePlan Security SharePlan is a continuous, secure, enterprise-ready file sync and share platform that facilitates smart, real-time collaboration across all devices.
- Three Ways Your DNS Can Impact DDoS Attacks Domain Name System (DNS) plays a big role in consumers' day-to-day Internet usage and is a critical factor when it comes to distributed...
- Online Video and Web Traffic: Sochi 2014 Winter Olympic Games Over 25 leading global broadcasters worked with Akamai to deliver the action, excitement and inspiration of Sochi because they understand online viewers expect...
- Video surveillance for IT: maximum image quality, minimum bandwidth Join us on Thursday, May 8th at 1 p.m. EST when Willem Ryan, Senior Product Marketing Manager at Avigilon, will discuss how IT... All Networking White Papers | Webcasts