|
Remote access and Security By agreeing to work from home and, accessing the company network from there, you have agreed to take partial responsibility for the security of the company's data. While you may access the company network from home securely, your home PC is still exposed to outside threats from the Internet. Anyone or anything gaining access to your home PC can then gain access to the company's internal network placing it a great risk. Consider these examples: A user running Windows has no idea that a webserver is running on their computer (Microsoft IIS). When connected to the Internet the PC contracts the Code Red worm. As the home PC is considered "trusted" by the company network it allows the channels that would normally be blocked to transmit traffic to other computers. Now the worm has spread to the company network. Any internal websites the company has, that use Microsoft's IIS server, will not display the normal pages. This could take hours or days to fix. A cracker gains access to the home PC (possibly using Back Orifice). Now the cracker can use the PC's VPN software to gain access to the companies entire network. The cracker could: Use the company's server to send SPAM. Steal copies of the company's source code. Destroy copies of the company's source code. Deface the company's websites. Obviously these are extreme cases but, it could happen. As someone once said: Learn this now and learn it well: they're coming for you. They want to destroy you and your site. They want to get you fired, they're going to steal your credit card data and probably make your milk turn sour. Are you paranoid yet? Good. Always, always, always pay attention to security concerns. You only need to overlook it once for all to be lost. Nothing you do will make your data %100 secure. However, if you follow the guidelines presented in this document you can rest assured that will have virtually no disasters. There are three ways in which you must protect your PC: Use a Firewall. Use anti-virus software. Keep up with current security patches for your OS. Talk to your Network Administrator Using a Firewall A firewall prevents unwanted network traffic from reaching your PC. Without a firewall your PC can be vulnerable to a plethora of attacks. When you use a firewall you block all network traffic to and from your PC. Then you specifically allow traffic in and out that you need. This "minimalist" approach is how the professionals use firewalls. You should use the same method. There are several firewalls available for Windows. ZoneAlarm is a good choice. Following the instructions that come with ZoneAlarm should give you a reasonably secure firewall. Using Anti-Virus Software Having anti-virus software and using it are two different things. However, let's first assume you do not have anti-virus software: Norton Anti-Virus along with McAfee are probably the most popular and thorough solutions available today. Using Anti-Virus software effectively requires that you: Keep your AV software up to date with all the latest patches and virus definitions. You should check to ensure that your AV software is up to date at least once a week. Scan your entire computer for viruses regularly. If your computer is used everyday you should scan for viruses everyday. Caveat: Email viruses can sometimes get past your AV software. To protect yourself remember this: Never, ever open an email attachment unless you have confirmed with the sender the nature of the attachment. If that person has not knowingly sent you the attachment in question delete it from your inbox and from your trash or deleted items folder. Keeping up with security patches for you OS Microsoft releases updates and patches to their operating systems regularly. You should check their Windows Update website for updates and patches at least once a week. Other operating systems (GNU/linux, MacOS, FreeBSD, etc.) have similar tools to ensure your system is up to date. Check your documentation or ask your network administrator. Talk to your Network Administrator Before you secure your server and gain remote access you should first talk to your network administrator. Your administrator will help you to secure you machine but, first you need to supply him with information: What type of Internet connection do you have at home? What firewall software do you use or are planning to use? What anti-virus software do you use or are planning to use? What operating system do you run at home? Do you run any network services on your home PC (i.e. file sharing, web server)? With this information your administrator can help you to secure your PC before you install remote access.