Secure Working from Home in an Industrial Context

Fredrik Kilemark

AbstractThis thesis project investigates the security risks that need to be considered when companies are opening their networks for remote access over the Internet. The focus is on employees connecting from home or from other remote locations using the VPN technology. Especially considered is the case where employees want to take advantage of their private PCs and broadband connections to do some work in the evening or during the weekend. The main goal is to find out what the company policy should be when employees want to do this.

The situation at a particular company in Sweden has been studied to see how this is handled in practice. Important concepts related to remote access like authentication, data protection, firewalls and intrusion detection are addressed. Focus is on Windows related issues since this company operates in a Windows-based environment. The risks associated with remote access have been identified and assessed. Mitigation actions that may be used to reduce these risks are described. The report presents general recommendations for good IT security practice for both companies and home users. More specific recommendations for companies in the same situation as this particular company are also given.

The usage of private PCs is not as widespread as initially thought, mainly because many employees are still using dial-up modem connections. But broadband connections are becoming more and more common and it is wise for companies to have a policy ready that addresses these security issues.
Keywordsremote access, security, risks, VPN, home users
TypeMaster's thesis [Academic thesis]
Year2004
PublisherInformatics and Mathematical Modelling, Technical University of Denmark, DTU
AddressRichard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby
SeriesIMM-Thesis-2004-6
NoteSupervised by Professor Robin Sharp
Electronic version(s)[pdf]
BibTeX data [bibtex]
IMM Group(s)Computer Science & Engineering