Protecting Your Mobile Workforce from Sheep (Firesheep, that is)
One of the hottest discussion topics in networking circles recently has been Firesheep, an extension to the Mozilla Firefox web browser. Firesheep allows a hacker to access someone else's browsing session when they are sharing the same Internet connection. The shared public wireless network at your local coffee shop, for example, provides an amateur hacker this opportunity. At this point, Firesheep has been downloaded more than 598,000 times.
Firesheep works by hijacking the unencrypted cookie that is often sent by a website to the user’s computer after a successful login. The cookie is stored on the user’s computer, and is used to facilitate authentication, store site preferences, and track shopping cart contents, among other uses. With the hijacked cookie, a hacker can masquerade as the victim. taking actions as that user on the site, and potentially revealing confidential data (i.e., who all your ‘friends’ are).
To understand the impact of Firesheep when it's in action, read this excellent article "The Firesheep don't even look up."
Although Firesheep has some alarming implications for your network and IT security, a strong countermeasure is available: using a virtual private network (VPN) service, as recommended in "Five Ways to Shear Firesheep," an article from ZDNet.
SSL VPNs are a great way to ensure that a conversation between two parties is not subject to eavesdropping by a 3rd party, such as a hacker. By utilizing a VPN service that is built using secure sockets layer (SSL) technology, the security of the data of your mobile and remote network users is greatly increased. The MegaPath Managed SSL VPN service encrypts all of a user's web session using the Triple Data Encryption Standard (3DES), while also allowing the for user-based policy enforcement and custom access control policies.
This means your mobile employees can use clientless MegaPath VPNs managed service to safely login to your corporate network from anywhere, on any device—even when using an open WiFi network at a coffee shop.
Have your users encountered Firesheep? What measures are you taking to protect remote network access? Are you considering the security of your confidential business data when performing a cost/benefit analysis of using a managed security service?