With more employees connecting to the office from their home PCs, the risks of infection and unauthorised access have increased significantly. David Hobson of Global Secure Systems (GSS) explains how to minimise those risks.

Not so long ago, anyone wanting to work from home would only be allowed to do so using a company PC and a router hardwired into a secure virtual private network (VPN) that encrypted data between the home user and the office network.

We are seeing a drift away from this situation, with many organisations allowing much freer access to their internal networks from home-based computers. This scenario presents a new set of security challenges, particularly when employees are running home wireless local area networks (WiFi).

Wireless networks replace traditional copper wires and fibre optic cables with radio signals. Early WiFi systems offered a basic level of encryption called wired equivalency protocol (WEP). But WEP was fundamentally flawed, and can be easily cracked by tools freely available on the internet. WEP is now being replaced by other security stronger protocols, most notably Wi-Fi Protected Access (WPA and its successor, WPA2), which are defined by the wireless standard IEEE 802.11i.

In a domestic environment, the biggest concern is casual piggy backing, where intruders tap into unprotected connections. While freeloading bandwidth isn't such a big loss, the real risk is from data leakage.

Corporate users need stronger protection when they access the office network from the road VPN technology makes this possible by ensuring that data is encrypted from the laptop to the remote corporate network regardless of the user's connection point or medium.

Laptops can pose security risks such as introducing malware picked up in the field to the corporate network. WiFi usually operates in what is known as an infrastructure network, where the laptop will connect to an access point and from there on to a network. There is a second type of wireless network, the ad hoc peer-to-peer network, where the wireless device will speak to another wireless device directly and not through an access point.

If a laptop has no firewall in place, hackers can use this route to gain remote control of other PCs. In one recent experiment in the US, our researcher accessed the laptop of a director of a well known physical security company.

Many companies will restrict access to the network to known, corporate PCs, which ensures that the machines are patched with the current operating system updates and antivirus software. If homes PC are allowed to connect, there is very little control of the end point. If a home PC is infected with a virus or worm, it can easily be brought into the company’s network. The virus could even evade the usual security controls if it is transmitted over a secure, encrypted VPN link.

Security is all about being aware of the risks and mitigating them as much as possible. This article has highlighted a few of these risks, but using the correct technology can mitigate them. You must ensure you are running up to date anti-virus, have a personal firewall to block unauthorised access, ensure all systems are fully patched and also run a VPN to encrypt all data between a computer and the corporate network.

Always run WEP or WPA on the access point to control access on to the network. Whilst WEP has acknowledged flaws, it is a lot better than nothing and will discourage the casual hacker.

About the author

David Hobson is managing director of Global Secure Systems [1] (GSS), CRN's Security Reseller of the Year for 2008.