Home Users: Friend or Foe?

As a security professional I have had the opportunity to attend, appear on panels for and speak at security-related conferences and trade group meetings. It is always exciting to learn about the latest trends in the security field and to network with...


2) Because this process can be confusing and cumbersome, many encryption programs allow for the creation of self-decrypting files. These are encrypted files that decrypt themselves when the recipient enters the appropriate password or passphrase. These files are usually created as Zip or executable files, so they can be sent as e-mail attachments. One note of caution—many corporations block compressed and executable files at the firewall in an effort to reduce the introduction of viruses into the corporate network.

Choosing a Product

When evaluating encryption products it is important to look for one that is well established, has been tested and examined for many years and provides extensive support. Multiple resources exist for well-established products including books, Web sites and newsgroups. One such product is PGP (Pretty Good Privacy). Free versions can be downloaded for non-commercial, individual use. Commercial versions of PGP are available from PGP Corporation, www.pgp.com. An excellent primer on PGP, "PGP The Easy Way," can be found at http://home.mpinet.net/~pilobilus/EZ_PGP.htm.

Security professionals need to understand that corporate users that work at home can endanger the security of corporate assets. By educating these users in fundamental concepts of network security including firewall use, virus and anti-virus concepts and encryption technologies, we will go a long way in protecting corporate assets. It is also important that security professionals understand and practice these procedures in an effort to lead by example. If we do not use these technologies appropriately, how can we expect the average user to do the same?

John Mallery is chief technology officer for Clarence M. Kelley and Associates Inc., a private investigation firm headquartered in Kansas City, Mo. He manages the firm's technical service offerings, network security consulting and computer forensics. John can be reached at jmallery@cmka.com.