Solve IT

Security Risks of the Work From Home (WFH) Model

Next-Gen NAC to secure WFH Environments

The term “new normal” is mentioned very frequently these days in many different capacities. Most often, in IT circles, it is a reference to the massive increase in WFH policies being implemented by companies of all shapes and sizes. With major companies leading the way, many other companies that were being dragged into the 21st century concept of a remote workforce are now leaping in that direction on their own.

Accordingly, this has brought much focus on securing remote worker connections to legacy on-premise data centers as well as protecting cloud hosted resources and applications. However, with a shift this large in scale and with at least some indication of it being permanent for many, we should be open to revisiting how we view our “home” networks. These are no longer our home networks – these are now our office networks. And while the focus on securing connections to our company’s legacy and cloud networks is crucial, more focus needs to be shined on our new “home premise” networks.

Real Challenges

Out of sight, Out of Mind

With the home network now becoming a premise network for workers, the state of and security of the “home premise” network should be considered. For the last several years, we have seen article after article on lateral threats within corporate networks. Other articles often make the point that the era of perimeter security with a firewall is over and we now need to protect networks from the inside, from internal threats. With workers no longer in the office, why would this concept change? That answer is simple, it does not. Lateral threats on the home premise network, where many workers now permanently reside, can be problematic.

What about that home router? Is it being compromised? How about that printer? Is HTTP, one of the most commonly exploited ports in history, enabled by default? And what about your webcam? Does it have vulnerabilities that are not patched? And this does not even begin to take into consideration other IoT devices such as TVs, refrigerators, doorbells or even lightbulbs. If you think your typical corporate network had security concerns from the inside, it pales in comparison to the average home network. So, I submit to all my friends in Cybersecurity, the threats that can move laterally within our new “home premise” networks, where many of us now work from day in and day out, are in fact real and should be taken seriously.

Out of Sight, Out of Control

The next obvious question is, with most network security solutions being designed for corporate network environments, what solution is available to quickly, easily and cost effectively provide visibility and control to a home network? Genian NAC provides passive visibility in addition to control and was designed from the beginning to be implemented without any reliance on network infrastructure. When we think of NAC, integration with the network infrastructure is typically considered a basic requirement. Dependencies include but are not limited to DHCP, Netflow/sFlow, SPAN/Mirror, SNMP, RADIUS, etc. This certainly does not translate well to a home network. With home networks, providing Flow data, Mirror or SNMP may not be an option. With home networks being flat more often than not, there is no quarantine VLAN. With home networks, features like RADIUS CoA are not typically an option. Quite simply, all of the typical visibility and control mechanisms are just not there to be leveraged.

Less Touch, Better Result

So how does Genian NAC solve this problem? By leveraging Cloud-Managed visibility and policies, Virtual Network Sensor capabilities and an optional Agent, a “home premise” network can easily be monitored, either centrally or even by employees themselves. The option of empowering employees to monitor and secure their own “home premise” network not only ensures internal/lateral threats can be identified, but also provides a safer home computing environment in general while at the same time addressing privacy concerns. Genian NAC also leverages Device Platform Intelligence which does not require any integration with network infrastructure and provides Visibility 2.0 (EOS/EOL, CVE, Contextual Risk) for all devices connected to the network.

Follow these three simple steps on any network to see an example of how Genian NAC can address some of the challenges discussed above.

Step 1: Deploy a Cloud-Managed Policy Server

By following the steps in this short video, anyone can deploy a Policy Server in the Genians Cloud in just a few minutes. The Policy Server will provide visibility and control options which can be managed from anywhere, even a mobile device.

Step 2: Option 1 – Deploy a Virtual Network Sensor on VM Workstation

This brief video demonstrates how to install a Virtual Network Sensor in VM Workstation in under 10 minutes. Once deployed, all information the Sensor detects on the local network will be reported back to the Policy Server deployed in Step 1. This provides instant visibility to all IP-enabled devices on the “home premise” network. You may be surprised at what you find.

Step 2: Option 2 – Deploy a Network Sensor using the Agent

In this video example, an Agent can be easily deployed (without Active Directory GPO or SCCM) to a Windows machine and using a Sensor Plug-In, the Windows machine itself can act as a Network Sensor, detecting all IP-enabled devices and reporting them to the Policy Server.

Step 3 – Secure Your “Home Premise” Network

Adopt a Zero Trust model on your home network. Block any new devices from connecting to the network that have not previously been identified as a trusted device. This not only protects your “work” laptop from lateral threats on your “home premise” network, but also makes for a safer home computing environment in general.

Seeing is Believing

Follow the steps above and get enhanced visibility into your home premise network today in under 30 minutes and understand the environment your primary work platform is co-mingling with on a daily basis. The simple fact is, we cannot pick and choose when to point out the pitfalls of outdated perimeter security and the mandate for securing networks from the inside. If these concepts are true with employees sitting in an office building, they are also true for employees sitting at home, with dozens or more uncontrolled devices of unknown status connected to the same network as their work machine.