Your enterprise security perimeter is now much larger than ever before, perhaps crossing continents and oceans. And like a mutating life form, that perimeter amorphously alters its contour and shape every few milliseconds. No longer is the corporate firewall or virtual private network or router the ultimate arbiter of perimeter security. The perimeter is now defined by the true extremities of the network: the user’s end-node workstation, be it a laptop in Singapore, a hotel room in Vancouver, a high-bandwidth residence in Westchester or a business partner with its own global network and set of marauding extremities.
Inexpensive, near full-time high-bandwidth connections to the Internet are now available to small offices, homes and corporate branch offices. Security-wise, that means the extremities of your network are connected to the Internet up to 24-7, yet you have no control over security. Corporate information is stored on distant laptops, home-based desktops and satellite offices that too often are not considered worthy of “real” firewall protection.
Cable modems and DSL lines add bandwidth and performance for the remote user, which is a good thing. But remember that enhanced functionality usually means a security risk. Connecting a single PC to the Internet over the new high-speed lines means that your remote worker may be exposing sensitive or proprietary corporate information for anyone to scan at will. What’s an overtaxed chief information security officer to do?
Until recently there wasn’t much more you could do than ask everyone at the network perimeter to make sure they practiced safe computing, whatever that meant to each individual. Then on Oct. 9, Gibson Research Corp. put up what I consider to be one of the most useful security Web sites I have encountered. Whether at home or the office, this site can really improve your security posture in seconds. What’s more, the service is free and GRC does not save any information about you or your machines.
When you first go to www.grc.com, click on ShieldsUP! and wait a few seconds. Depending upon how well protected your Internet connection computer is, you will receive one of two messages: “Greetings (your computer name!)” or simply “Greetings!” If you receive the first greeting, your computer or server is broadcasting its name to the Internet; if the second, your computer is not saying a word about your identity.
You are then invited to test the security of your Internet connection by pressing the “Test My Shields” button. In a few seconds you will receive a report. In some cases, especially if you have your TCP/IP bindings for print and file sharing set wrong, you will see a logical map of your computer, including all of its resources. If the GRC site can do this in seconds, so can any hacker-a frightening thought.
But it doesn’t stop there. If you receive a bad grade, ShieldsUP! makes recommendations for improving your Internet security.
The step-by-step instructions are impressive and are written for the average Joe to follow. After a few minutes of tweaking, reboot and rerun the same test. The response you hope to see is the one indicating that ShieldsUP! was unable to connect to your computer.
ShieldsUP! will also perform Evil Port Monitor tests, which will benignly scan the common ports of your computer to determine their status and give you advice on what to do if security vulnerabilities are detected. The well-documented step-by-step instructions are easy to follow.
Hundreds of thousands of travelling corporate workers out there are extending your enterprise perimeter, and the security implications are becoming more and more important to your enterprise network’s well-being. In only the last two weeks, a number of my clients have asked their employees to fine-tune their laptops and home desktop computer security in an effort to maintain a reasonable corporate security posture.
Head on down to the GRC Web site and see for yourself what it can do. I think you will be impressed.
(Schwartau is president of Interpact, founder of InfoWar.Com and a popular speaker on security issues. He can be reached at winn@infowar.com.)