Administrators also find SSL especially useful since they are able to make policy changes or edit authorizations without having to update software on employee machines. In addition, SSL offers optional capability to restrict access to select, critical applications and easily incorporates multiple layers of authentication.
CDW's security experts recommend deploying personal firewalls, adware-scanning systems and intrusion-detection software on internal and mobile systems. For increased security, VPN applications can be configured to require all IP traffic to pass through the VPN tunnel, the same firewall as if the user were physically connected to the internal server, while the VPN connection is active. Mission-critical systems containing confidential corporate information should also leverage file-encryption and authentication applications.
Important things to consider before going mobile:
- Before buying, ask vendors how they test their products for security.
- Review software on the basis of security features.
- Have a process for monitoring vulnerability of the network.
- Install the latest patches, but first check newsgroups and other sources for patch anomalies.
- After adding new programs or hardware, install the latest patches.
- Use an automated tool to scan all PCs in the network for compliance and automatically download patches as appropriate.
- Use open standards such as Security Assertion Markup Language (SAML) when developing software architecture. SAML allows businesses to make statements regarding the identity, attributes and entitlements of a user to other entities.
- Do not use one server for multiple purposes (for example, Web server plus DNS server); the more services, the more vulnerabilities.
- Install firewalls inside the network, not just on the perimeter; segregate departmental applications.
- Deploy intruder-detection systems internally and within each network segment system administrators.
- Use one-time passwords -- they can be intercepted but will be invalid for future sessions.
Stan Oien manages information security and computer networking experts at CDW.