Security Tactics for Servers and Wireless Networks

T16 Preventing Attacks from Employee Home Networks

August 23rd, 2012

2:45pm - 4:00pm

Mike Danseglio

Mike Danseglio

Principal Technologist

Next Direction Technologies

What’s the difference between a secure home network and a secure corporate network? Most users think there’s no difference if they give it any thought at all. Most IT professionals find it challenging to describe the difference and assume that one has no impact on the other. This invariably leads to vulnerabilities in both networks. And with the portability of working at home, VPNs, remote desktops, and common use of laptops, those vulnerabilities are more frequently creating issues in corporate networks. Today, a malware outbreak at any employee’s home usually means an outbreak throughout the corporate network.

In this session, Mike Danseglio, CISSP, former security authority at Microsoft and world-renowned security expert, dissects typical home and corporate networks piece by piece, showing how they work, how they implement security, and where they expose security vulnerabilities. Mike also explains the relative vulnerabilities of each and how to mitigate and prevent a number of commonplace attacks. Throughout the session he remains focused on the fact that home networks are largely unmanaged and unregulated by corporate security policy. The calls to action aren't just fanciful theory - they're practical, based on extensive experience in the field.

You will learn:

  • The risk of employee VPN connections
  • How attacks migrate from home to corporation and back
  • What steps can be taken to prevent these attacks