Setting up Ironclad Remote Access for Your Small Business
Virtual Private Networks allow businesses to connect with remote offices, but a VPN isn’t without risk. Often, the end user's PC is the most vulnerable part of the network.
Even a small business can have several remote offices, especially if employees work from home. Remote offices can access the main office's network using a VPN, or virtual private network. While a relatively safe method of encrypting and transporting data, a VPN is only as secure as its weakest point, the remote PC.
How a VPN Works
A VPN uses the Internet to connect remote sites. Because the Internet is a public network, any data sent over the VPN must be encrypted. The most common method of VPN encryption, tunneling, encloses one packet of information inside a second packet, making it unreadable during transport.
VPNs have a number of advantages for businesses. Information can be shared securely between remote locations, and cannot be read en route. Unlike earlier remote access solutions such as leased lines, a VPN can be easily expanded and grow with the business.
End User Vulnerabilities
A VPN isn’t invulnerable to attack. No standards exist for VPNs, so each company's authentication and security protocols will be slightly different. Some VPNs are vulnerable because their authentication protocols are too weak to withstand a serious attack, but by far the greatest threat to a VPN is an inadequately protected end user PC.
A business's main network is likely to be protected by a firewall that protects the system from unauthorized access. The company may include an IT department that ensures all computers have the latest operating system patches and most-up-to-date antivirus configuration files.
None of this matters if your VPN connects to a vulnerable PC. Remote user computers may have outdated antivirus programs, unpatched operating systems or lack a firewall. Any of these vulnerabilities can provide an entry point into the VPN, and through the VPN, access to your main network.
High-speed broadband connections greatly increase the speed of VPNs. However, as broadband connections are "always on," an end user may be connected to a VPN for long periods, increasing the risk of unwanted intrusion.
Setting Network Policies
The company network policy should insist that all computers used to access the VPN have a firewall, and all operating systems, antivirus programs and antispyware programs be updated regularly. Employees should read and sign the policy before being allowed on the network.
Strong passwords are essential for end users accessing a VPN network. A strong password requires a combination of letters, numbers and symbols, and should be at least 14 characters long. Company IT departments can set up networks so only passwords that meet these criteria are accepted during password creation.
Managed Software
If you'd rather not rely on a remote employee's ability to update and maintain firewalls and antiviral programs, you have the option of purchasing managed software. Managed software allows a central administrator to control updates and lock down settings.
Managed software works best for branch offices and other situations where employees use company-owned computers. For the at-home employee using a personal computer, managed software can become problematic, especially if the employee uses his or her computer for activities other than work.
Technical Defenses
A VPN network can defend itself from vulnerabilities. For instance, a remote access account lockout will lock down a user account after a pre-determined number of failed password attempts. Unfortunately, this defense does not distinguish between a hacking attack and an employee trying to remember a forgotten password.
The increased threat of always-on broadband connections can also be overcome. Virtual Private Networks can be set to disconnect a user's connection after a set amount of idle time. While this does not guarantee safety from a malicious attack, disconnecting does reduce an attacker's window of opportunity.