Making remote access secure

When the Atlantic Health Sciences Corporation gave some 70 of its physicians the ability to remotely access the organization’s network the company learned a lot about making its network secure.

Derrick Jardine, chief information officer with the Atlantic Health Sciences Corporation (AHSC) in Saint John, N.B. said one of the first things the company discovered was just giving people remote access to the network was not a particularly safe way of doing things. Too often, carte-blanche access is an invitation to trouble.

Jardine said when physicians remotely access the AHSC’s network they are in fact not granted access right away. Using Saint John, N.B.-based Anyware Group’s ROAM (Role Oriented Access Management) system, a hosted remote access solution, physicians are first put into what might be called a virtual quarantine.

In this quarantine, the machine being used to access the AHSC is first scanned to make sure the machine meets certain criteria, such as whether the machine has anti-virus and firewalls installed and whether both are up to date. If the machine does not pass the check, the ROAM system will not allow that machine access to the AHSC network.

Brian Bourne, president of Toronto-based CMS Consulting Inc., an infrastructure consulting company that offers such services as security and remote access VPNs, said setting criteria for what machines must have before they can remotely access a network is just the first thing companies should do to make remote access more secure.

Once a machine passes quarantine, Bourne said there are other steps companies should take to ensure security.

He suggests companies set access rules for who can get access to which parts of the network and even which applications.

“You really have to ask, if someone only needs access to e-mail and the ordering system, then you should contain them so that is all they can do,” Bourne added. “If a person only needs access to a particular server, then they should only be allowed access through a particular protocol so a worm can’t blast itself from an infected home system and then infect the whole network.”

Jardine said AHSC has such a system in place for its physicians. Once physicians are given access to the network, depending on who they are, AHSC’s remote access system restricts them to only the specific applications, files and services they need.

For added security, AHSC’s system also has physicians use specific user names and passwords to access applications, services and files. Bourne added including such measures also allows for better network auditing and tracking of who is accessing the system and what is being accessed.

By keeping accurate access logs it will be easier to quickly track any security breaches, such as pinpointing where a worm or virus entered the system or which person was accessing a system or application that the person was not supposed to be using.

“Unfortunately, this is something that most people don’t even consider,” Bourne added. “In fact, most companies often know better who enters the front door of the business than who is actually accessing the network. This is absolutely true. It is a real-life fact.”

For even more security, Bourne said companies should consider using Windows Terminal Services, included with Microsoft’s Windows Server 2003. This application allows users to access files and applications on a network, but those applications and files always stay on the network. Files and applications are not transferred to a user’s home system or device, so any changes made by a user remain always on the network and secure.

Quick Link: 052026

Related links:

A NAC for security

Staff is not network security’s biggest threat

Yes, staff is network security’s biggest threat

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now