/ TitanHQ Blog
/ Keep Road Warriors Safe with Cloud Based DNS Web Filtering
Posted by C Henry on Tue, Oct 17th, 2017
For those in charge of IT security, ensuring mobile and web security for the road warrior is a big challenge. We live in a highly mobile world. The company model where thousands of employees congregate in cubicles to sit in front of a dedicated computer is fading fast. Today’s users regularly leave the safety of the on premise security compound with their mobile devices to work out in the field or from the convenience of their homes. This new way of doing business driven by the consumerization of IT is why the cloud is so popular today as no architecture provides the degree of agility, flexibility and scalability as a distributed architecture model. Many companies utilize more than one cloud for their enterprise in order to find the optimum solution to each of their business needs. As a result, users do not care where their applications and data reside. They simply expect to have access to their stuff no matter where they are.
The Challenge of Protecting Mobile Devices
The challenge is how to protect these mobile road warriors once they cross the security perimeter of the enterprise perimeter. Though these computing devices may be thousands of mile away from the corporate datacenter, securing them is just as important. Whether a user clicks on a malicious link embedded in an email, opens a virus-infected attachment or downloads ransomware through a malware deployment site, the damage is not just limited to that mobile device. Eventually, that device will come home or connect to corporate through VPN. At the least, the user will send an email within the company, possibly spreading the malicious code to other users.
Web filtering is a key component of any layered cybersecurity plan. Modern day web filtering helps protect users from known malware and malvertising deployment sites, parked sites used for typosquatting attacks, and sites known for questionable intentions. Up until recently, organizations have relied upon the tried and true model of traditional web filtering that included a web filter appliance hosted within the datacenter. Though this worked great for permanent desktops, they could not protect devices once users took them off campus. Appliance solutions today solve this dilemma by installing a client onto all mobile devices. The client then intercepts all web connections and diverts them back to the on premise web filter appliance, which enforces the same applicable uniform filter policies which results in a consistent experience whether the user is on off premise. The problem with this approach is that it puts the organization in the ISP business, as users must connect back to the mothership. This traffic backhaul can prove expensive, requiring adequate bandwidth during non-business hours as well as support. In addition, should the datacenter suffer some type of power or bandwidth disruption, the filtering solution is thwarted as a result.
Cloud Based DNS Filtering
With so many facets of the traditional datacenter being migrated to the cloud, it only makes sense that web filtering be hosted there as well. Cloud based DNS web filtering is fast becoming the implementation of choice for many organizations. Rather than traffic passing through an inline filtering appliance when on premise or being redirected back to the datacenter when off campus, DNS sessions are simply redirected to the cloud. When off premise, this process is managed by a small client of some type, ensuring that the same DNS experience is attained no matter how the devices connect to the Internet.
Just because the filtering is not hosted on premise with your LDAP servers does not mean that you can’t obtain the same granular control that traditional appliance solutions offer. Even if your LDAP server remains on premise, you can still assign web policies by groups or users because LDAP sessions are captured. Should a user be assigned multiple policies, administrators can then specify that the least or most restrictive policy be applied.
How to Avoid Public Wi-Fi Security Risks
The explosion of free, public Wi-Fi has been an enormous boon for working professionals. Since these free access points are available at restaurants, hotels, airports, bookstores, and even random retail outlets, you are rarely more than a short trip away from access to your network, and your work. This freedom comes at a price, though, and few truly understand the public Wi-Fi risks associated with these connections. Protect your mobile workers and ensuring they’re aware of the security risks will help ensure your important business data remains safe.
The Risks of an Open Network
The same features that make free open Wi-Fi hotspots desirable for consumers make them desirable for hackers; namely, that it requires no authentication to establish a network connection. This creates an amazing opportunity for the hacker to get unfettered access to unsecured devices on the same network.
The biggest threat to free Wi-Fi security is the ability for the hacker to position himself between you and the connection point. Instead of talking directly with the hotspot, you're sending your information to the hacker, who then relays it on.
While working in this setup, the hacker has access to every piece of information you're sending out on the Internet: important emails, financial information and even security credentials to your business network. Once the hacker has that information, he can access your systems as if he were you.
Hackers can also use an unsecured Wi-Fi connection to distribute malware. If you allow file-sharing across a network, the hacker can infect the network or computer with ransomware.
Even individuals who take all the possible public Wi-Fi security precautions are going to run across issues from time to time. It's just a fact of life in this interconnected age. That's why it's imperative to keep a robust web security solution installed and running on your machine. These solutions can constantly run a malware scan on your files, and will always scan new files as they are downloaded.
Throughout a mobile workers life, there's going to come a time when an unsecured, free, public Wi-Fi hotspot is the only connection available, and your work simply has to get done. Understanding public WiFi risks will ensure your important business data doesn't become just another hacking statistic.
Would you like to learn more about keeping your mobile workers date secure?
Talk to a specialist or Email us at firstname.lastname@example.org with any questions.