Remote Access Security
There is increasingly a need for remote users to the access internal resources of an organization. According to Gartner Group, by 2010, 80% of primary business activities involve exchanging data in real time via remote users. These users can be administrators, normal users or collaborators of the organization. On the other hand, the number and variety of devices used to connect to the infrastructure is rapidly growing: from mobile phones / smart phones, laptops, tablets to Internet Cafe or Internet Browser.
Enabling remote connections provides flexibility to an organization, but greatly increases the risk of leakage or loss of critical information. In the absence of strong authentication mechanisms, malicious users can take control of the organization’s sensitive information. The mobile devices host applications that are supported by code that has not been designed according to security standards, but has only focused on the functionality of implemented service, thus leaving the devices vulnerable. In the process of remote access, «Man in the middle attacks» have been observed during which an intermediate user can intercept all the exchanged information.
At the same time, remote user access is often implemented through an "insecure" network such as public wireless networks. Consequently, malicious users can gain access to the internal network of the organization. In most cases, an organization first offers remote access and then sets the rules and policies that affect security. As a result, both the IT infrastructure and the user himself and his devices are unprepared.
SSL VPN products, strong authentication mechanisms, Data Leakage Prevention (DLP) solutions, Encryption Devices, Endpoint Security (host based firewall, IPS), Unified Threat Management Firewalls.