The bar for remote access

On June 29, 2006, in news, by

Risks.


Real risks for a small firm.


Real risks for a small firm for remote access include such things like the misuse of kiosk computers that could steal usernames and passwords.


The US government is going to require mobile devices to support encryption and two factor authentication due to that stolen laptop (that’s now been recovered).


But some of our risk isn’t due to regulation or legistlation, but rather that someone else has set the bar for the right thing to do.  These days if your data gets accessed, the right thing to do is pay for credit checks for a year…. after this.. the right thing for access in general is two factor authentication.


At the present time RWW, my prefered way to connect won’t support two factor.  But I still think its preferable to every other method out there…and trust me… we know ’em all…..


How about you.. are you defining and redefining that bar?

 

One Response to The bar for remote access

  1. DavidS says:

    How about QSS based VPN’s on an SBS 2003 Premium box running ISA 2004? By using a L2TP / ipsec based VPN you utilize 2 way authentication and QSS gives the flexibility of quarantining the vpn clients if they don’t meet the security policy requirements for full VPN access.

    If you don’t want to create the QSS scripts yourself a good product to use that builds on the functionality is available from http://fesnouf.online.fr/ (written by Frédéric Esnouf, an MVP for ISA).