Tuesday, April 28, 2009

Old MacDonald had a SSL VPN, E-I-E-I-O

Pandemics have come and gone throughout history and the newest variant is quickly spreading it’s ills.  1918 Spanish flu, 1976 swine flu, 1997 Avian Flu, 2003 SARS, 2006 Avian bird flu and others, along with today's new Swine Flu could equate to the human versions of ‘Bloodhound.PDF.11,’ ‘W32.Regsubdat.A!inf,’ or ‘W32.Sality.AM.’  Well, not exactly and it’s somewhat weird comparing it the other way around, huh, but does help explain it.  The problem with this new variant is that you don’t need contact with a swine and it can be transmitted via humans…to the point that they are advising against even kissing in Mexico.  As this CNN article explains, at least 75 cases confirmed worldwide, 40 in the US, 26 in Mexico and at least 149 deaths have been attributed to it with hundreds more suspected.  Travel organizations are cautioning, airports are taking extra measures with incoming passengers and there is a great concern for a much larger situation.

Hope is not lost as there are many experts who feel we do have enough doses of the antibody and while the alert level is raised, panic should not ensue.  Neither should you or your business.  I want to pause here and say this is not a fear-monger, get your duct-tape and stock up on canned goods story – nor is it’s intent to use scare-tactics to buy F5 gear – I’m not like that.  I also assume, to some extent, that your existing solution might be working well, so <insert name here> at the relevant points. 

So, if you decide to or are instructed to work from home (for the time being), a Remote Access solution, like a SSL VPN might be the perfect remedy to get you and your company through this latest outbreak.  We’ve seen with some of the recent bugs, that employees (infected or not) don’t want to venture out to avoid possible transmission - but still want and need to complete their business tasks.  SSL VPNs make this simple.  All the end user needs is a browser and after some Identity & Access Management, they can perform all their duties as if they are in their corporate cube.  This latest health crisis will hopefully pass without more casualties but don’t let your business be one of them.  You can keep you people safe and continue with your business goals with a few simple suggestions:

1. Prepare now.  Make sure you have capacity in case there is a sudden jump in VPN usage.  You can also use an ADC to properly distribute requests across VPN devices.

2. Make sure you have end-point host checks and up-to-date policies in place since many users might be connecting from a home (un-trusted) device.  On that note, also make sure your solution supports various browsers – even mobile devices.

3. Make sure you are covered globally (if you have presence) so your worldwide personnel are covered.  You might be able to add a Global Load Balancer to mange licenses and connections.  If cost is an issue, some companies route requests to less utilized units.  For instance, allow/route overflow EMEA ‘business hours’ users to U.S. based datacenter, since most N. America users are probably asleep.

4. Add additional measures, like SSL & client certificates, strong authentication or two-factor authentication since ‘riff-raff’ loves these sort of events to launch attacks.  Super Bowl, Katrina, Final Four, and other major events or news stories, always attract thieves.

5. Educate your users now on how to gain access, before it suddenly happens and your support desk is swamped.

6. Make smart choices.  Even in this tough economy, it’s not worth someone’s health/well being just to get a deal done.  BUT, you can still get that deal done with an SSL VPN. No need to choose between business and health.

ps

No comments:

Post a Comment