In most cases, businesses do not realize the repercussions of providing remote access for users, and they do little to protect themselves from threats that result from this remote access.

The higher levels of remote access, such as that which comes from a VPN, extend the LAN to include the employee's home computer, network and Internet connection. By default, many businesses employ Microsoft's VPN solution, which is included at no additional cost with Windows NT/2000 servers and is straightforward to configure.

A typical IT administrator will verify that corporate workstations are running current antivirus applications, will hopefully have a firewall in place to protect the LAN from external threats, and may even have set acceptable use policies regarding such items as password strength or music-download software/spyware. But has the administrator done the same for the employees' home computers? More often than not, the answer is "no." This creates a problem when the employee's children (or the employee) are running games, downloading software and opening e-mail with the subject "congratulations, you're a winner."

A company can implement security and save dollars, dollars and more dollars of lost revenue due to security compromises by insisting that the home employee, including the CEO and other executives, follow some simple rules:

• Antivirus software – Insist that the user maintain the latest version of AV software and keep the definitions up to date. Ask the user to provide the make/version of the software for you. If it doesn't match the corporate standard, purchase it for him/her. At only $25-$50 per installation, it's petty cash for insurance.
• Firewall – While it would be wonderful for each employee to own a hardware-based, stateful-packet inspection firewall, it can be a costly solution. Instead, purchase a trusted software-based system such as Symantec Internet Security 2003.
• VPN – Does the user connect by VPN? Whether it's a hardware-based solution or a Microsoft Windows-based solution, instruct the user how to configure it so that it becomes the default gateway to the Internet. This will protect the corporate LAN from being accessed by an Internet "guest" through the user's computer while the user is connected to the VPN.
• Technical assistance – If practical, inspect the home computer for all required software, security patches and settings as if it were a computer that you had built at the office. That way you can "sign off" on it as a secure system.
• And finally, knowledge, knowledge and more knowledge – Provide guidelines and make the employee an informed one through acceptable use policies. Ask the employee to sign a document stating that he understands the risks of remote access. A hand-written signature goes a long way to cultivating a level of responsibility from the employee once he knows the consequences of inaction.

Bradley Dinerman is an MCSE in Windows NT and 2000 and a Certified SonicWall Security Administrator (CISSA). He is the founder and chair of the New England Information Security User Group and is a founding director of Boston User Groups, Inc. Brad is the manager of technical operations for SilverSword Solutions in Brookline, MA, and holds a Ph.D. in physics to help him determine how long it will take his monitor to be launched across the local highway.