HostedDB - Dedicated UNIX Servers

index_23
Auerbach Publications © 2001 CRC Press LLC 08/01 As with any sound security practice, a security policy is crucial to the protection of information. Specifying data access limitations and operat- ing parameters for information exchange can greatly reduce the expo- sure of information. In other words, if a certain type of information is not needed for remote work, then remote access systems should not provide access to that information or system. By simply reducing the breadth of access provided by the remote access solution, data can be inherently protected. The practice of limiting what is actually accessible by remote users has materialized in the form of firewalls behind VPN devices seem- ingly protecting the internal network from the VPN community. Unfortu- nately, this design has enormous limitations and can limit the scalability of the VPN in terms of flexibility of access. Another eventuality is the in- clusion of filtering methods employed in the VPN access device. Filters can be created to control traffic that is injected into the internal network, and in some cases filters can be associated with actual authenticated us- ers or groups. No matter how access is restricted, at some point a remote user will require sensitive information and anyone implementing services for users has been faced with that "special case." Therefore, technology must take over to protect information. Just as we look to firewalls to protect our in- ternal networks from the Internet, we must look to technology again to protect remote systems from relaying proprietary information into the unknown. The application of host-based protection software is not en- tirely new, but the growing number of attacks on personal systems has raised awareness of their existence. However, these applications are point solutions and not a solution that is scalable, flexible, or centrally controlled or managed to maintain security. In essence, each user is re- sponsible for his or her realized security posture. CONCLUSION VPNs can be enormously valuable;  they can save time, money, expand access, and allow organizations ultimate flexibility in communications. However, the private link supplied by a VPN can open a virtual backdoor to attackers. Organizations that permit sensitive data to traverse a VPN potentially expose that information to a plethora of threats that do not exist on the protected internal network. There are many types of VPN products available, all with their own methods of establishing the connection, maintaining connectivity, and providing services usually found on the internal network. Unfortunately, if the remote system is not involved in dedicated communications with the central office via the VPN, the system can be considered extremely vulnerable. The Internet has grown to permeate our lives and daily activities, but there has always been a line drawn in the sand by which separation