Tag Archives: firewall

Taking A Work Notebook Home

A common scenario is when someone takes home a notebook from work. The intention is to do work from home for whatever reason.

Notebook - typingThis could be a serious security risk. Most companies have gone to a lot of trouble to secure their office networks (for example by installing and managing firewalls; though a firewall is not enough to secure a network). In fact some companies have an entire department dedicated to maintaining network security. However most homes don’t have managed firewalls or any of the other network security systems or resources that companies often use. This effectively makes a home network less secure.

The risk is having an outsider gain access to the contents of the notebook. This could be achieved in a number of ways including having a trojan on another PC in the house. The possible damage to businesses can be huge, depending on the importance of the data on the notebook, or the importance of the work being done from home.

Some misconceptions need to be explained:

  • All firewalls are the same – this is not true. There are different types of firewalls making some more secure than others. They also need to be patched when the vendor discovers a vulnerability. Some home routers even claim to have firewalls when they don’t (they claim that a NAT feature is effectively a firewall – it isn’t). SPI firewalls are good (Stateful Packet Inspection)
  • No one would be interested in hacking into your home network. The internet doesn’t discriminate, every device connected to the internet is at as much risk as every other device

It’s not all bad news though. There are things you can do to protect yourself and your employer.

  • The laptop should have an antivirus program installed. It needs to be up to date.
  • The laptop would ideally have a “personal firewall” installed. Windows Firewall is not good enough. You need something that not only stops other programs getting into the notebook, it needs to stop unknown programs already on the notebook from getting out to the internet.
  • The home router should have its own firewall, or you could use a dedicated firewall device. Ideally the firewall would filter out traffic coming from or going to known sources of malware but this isn’t going to happen at home, it requires a fair bit of maintenance (i.e. it’s expensive)
  • Encrypt the hard drive in the notebook. This can protect you if you lose the notebook or it gets stolen (and statistics show this happens often). Whole disk encryption costs money and slows down the notebook a bit but it’s very important.
  • Don’t carry all your files on the notebook. Don’t keep all your emails, or your entire client list, etc. Only copy the data you need to get the job done and limit the risk.
  • A VPN to your office network can help.
  • Don’t connect your notebook to the internet. These days almost everyone needs the internet to do work so this idea might not be very practical
  • Don’t use someone else’s wireless network. Not only is this illegal in many countries, you would be sending all your data through a stranger’s network. It’s technically possible for someone to intercept that data, even to manipulate it.
  • If you use wireless at all make sure it uses a strong security protocol (WPA or WPA2)

A note about VPNs:

VPN stands for Virtual Private Network. It’s a piece of technology that can be used to join an office network to a home network. Servers and PCs on the networks would behave as if they were sitting in the same location, ignoring the fact there’s some distance inbetween, and ignoring the fact it’s really travelling across the Internet.

A VPN isn’t the be all and end all of security, it’s only a technical solution to a technical problem. You still need firewalls, virus scanners, and a little bit of tech support.

They can be setup to route all traffic to your office network and then you would trust your office network to filter the traffic for you. This is generally good. There are some caveats:

  •  Activities like internet browsing are slowed down
  • Your office network may keep a log of what websites you view from home, when you’re connected to the VPN
  • You’re trusting your office’s IT staff not to hack into your home network (it’s technically easier when you establish a VPN)
  • It costs your employer money to setup and manage a VPN
  • If you have an unreliable internet connection at home it’ll disrupt your work.

Above all find out what your company’s IT policies are and follow them as best you can. If they don’t have one then now’s a good time to suggest one. Working from home doesn’t have to be risky.

Keep critical software up to date

Some programs you use are critical to the safe use of your computer, and it’s important to keep these patched.

In this article critical software is the collection of programs (both visible and those that run in the background) that transport information from a web server to your screen. It’s the chain of data flow that you use the most often when using the internet.

You have your operating system (e.g. Windows, MacOS, Linux), a web browser, and a stack of drivers that basically make the internet work for you. This is a simplified model, most people’s computers will be unique and full of all sorts of programs.

Because information is flowing along this chain of programs, data being handed off from the operating system to the web browser, every link in the chain is critical. And like the old mantra, the price of security is eternal vigilance. In this case we’re looking at the eternal task of patching your software.

Patches are released by software vendors, whether it’s a free open source program or from a commercial software company. Patches are written because the programmers are always fixing bugs, in particular they’re always fixing security vulnerabilities as they are discovered. It’s a way of strengthening each of the links in your data chain.

The point of this article is that you should always update the following:

  • Patch your operating system (Windows, Mac OS, Linux, etc). Yes there’s a risk in being the first to install a patch, it might break something. Large companies have long complicated procedures to test patches before installing them. Small companies and home users need to take the risk and apply the patch blindly, trusting the vendor. It’s a choice between having the most secure computer possible or waiting to see if a patch is released by mistake. My advice is to take the secure option and make regular backups of all your data (backups would be a good topic for a future article). Most operating systems these days have automated patching systems in place making this simple and often a transparent process.
  • Patch your web browser. All web browsers need to be patched – Microsoft Internet Explorer (IE), FireFox, Opera, Safari, etc. Apply patches as soon as they’re released. Today a web browser is the most vulnerable program on a computer, it gets used to run code that other people write. Code that comes from all corners of the world and is almost always not certified in any way and there’s almost no way of trusting the code. Your web browser will execute it blindly, trusting that it’s safe and you trust that all other programs on your computer (including the operating system) will handle the attacks in a graceful way. Web browsers will be attacked, this is almost a certainty these days. So you need to very latest version that hopefully has had every known vulnerability fixed.
  • Patch your antivirus software. This is often automatic, and it’s often a paid service. Antivirus companies spend a lot of time and money keeping their tools up to date and it’s in your best interest to use their technology. Consider it a good investment, it could cost you thousands of dollars if your system is compromised.
  • Sometimes routers will have to be patched as well. This is a little more advanced and you should only do it if you’re comfortable working with your router.
  • Personal firewalls should also be patched. If your antivirus software includes a [personal] firewall then it’ll be patched automatically, otherwise it’s a separate process.

Chain and padlockAll software that uses the internet in any way, including the various video and music players, needs to be kept up to date. Web browsers and operating systems are the most critical and should be patched the most often. The time and effort you spend is the price you pay for having a safe computer.