WAN managers must protect corporate data by ensuring that their road warriors are using a VPN, because being exposed on DEF CON's Wall of Sheep is the least of your worries. Learn in this tip what can happen when you don't use a virtual private network, and understand what VPNs protect against.
What happens to road warriors who are not using a VPN?
Access to the Internet is so much easier than in the past. Years ago, road warriors were limited to dial-up and the occasional hotel high-speed Ethernet connection. Today, Internet access can be found everywhere; hotspots are available at Starbucks, many fast food restaurants, hotels, airports, conference centers and so on. With all of this accessibility, it's easy for your mobile workers to forget about security. After all, when your users connect to any public Internet access, do they really know who might be between them and the recipient of the email or data stream they are creating? The answer is "no," and using a VPN is something that WAN managers need to consider and explain to their road warriors.
Most of the protocols and applications used send information via cleartext. Services such as email, Web and FTP are not designed with security in mind and send information with few security controls and no encryption. If your road warriors are not using a VPN (virtual private network) when they connect to their wireless hotspot, their information can potentially be exposed to any nearby hacker, cracker or criminal.
As an example, each year DEF CON, a well known security conference, promotes security awareness by running the "Wall of Sheep." This exercise does nothing more than demonstrate what can happen when you are not using a VPN. For the Wall of Sheep exercise, DEF CON passively sniffs traffic on its public wireless network and then posts cleartext information on a large screen at the front of the conference room. Over the years this experiment has been running, the Wall of Sheep has witnessed everything from usernames and passwords to someone filing a tax return with his accountant.
If this isn't enough to get your attention, advanced hacking tools such as Karma and Hamster can redirect the non-VPN user to a hacker's wireless access point (AP) and then capture cookies from sites like Gmail to allow the attacker to log into your account once these values are sniffed in the clear.
To provide you with a better idea of what a hacker can capture in the absence of a VPN, take a moment to look over the sniffer capture below. The item you will want to note is the cleartext password "geekgirls."
How to protect corporate data using a VPN
These security issues can be addressed, and VPNs offer a real solution. A virtual private network is really just a secure tunnel between the road warrior and his/her office or any points designated within the VPN. As an example, when I travel, I VPN back to my office so that any information between my location and my office is encrypted. Your corporate end users should also implement this practice, and you should let them know! If you get your users to implement this same type of solution, all the information they access on the Internet is encrypted as it leaves their computer and travels to your office network. Once the data is safely at your office, the server decrypts the information. No one on the public network can see what your users are doing because all the data is encrypted from the point that it leaves your client's computer until it arrives back at the office.
For more information on networking, VPN security and firewalls, visit Firewall.cx, one of the few websites recommended by Cisco Systems in its world class Cisco Academy program.
VPNs provide secure remote access for the road warrior from the offsite location to the office computer network. The one big question is how you, as a WAN manager or engineer, will implement the VPN.
The VPN can be either hardware- or software-based.
- Hardware-based VPN solutions offer the ability to move the computational duties from the CPU to hardware. The hardware add-on product handles computationally intensive VPN tasks. These solutions work well but require the purchase of additional hardware, which adds complexity to the network.
- Software-based VPNs are easy to build and implement. Several companies, such as PublicVPN.com, StrongVPN and Anonymizer offer quick, easy-to-install software VPN solutions. These options do not require an investment in additional hardware and are extremely valuable for smaller firms with a limited IT staff because they are easier for the IT engineer to set up and maintain. Some require only the installation of software and a basic configuration.
Both hardware and software VPNs offer real value and help protect sensitive company data. To get some idea of the value of these solutions, consider the costs involved in just one security breach. Exposed sensitive information can result in a damaged public image, a loss of customer confidence, and huge financial costs. Hackers and computer criminals have become much more sophisticated and actively seek out targets. The easiest way to prevent attackers from sniffing your corporate data is to implement a VPN and make your road warriors more secure.
For further reading on why road warriors need VPNs, view these articles by Chris Partsenidis:
About the author:
Michael Gregg has more than 15 years experience in the IT field. Michael is the President of Superior Solutions, Inc., a Houston-based training and consulting firm. He is an expert on networking, security, and Internet technologies. He holds two associates degrees, a bachelor's degree, and a master's degree. He presently maintains the following certifications: MCSE, MCT, CTT, A+, N+, CNA, CCNA, CIW Security Analyst, and TICSA.
Dig deeper on VPN design