Anonymous Internet - A Magnet for Mischief
The Hazards Of Unmanaged Public Access
What's the best place to launch a new virus into the wild? Or share copyrighted material without fear of reprisal? Where can you go to hack into corporate or government networks, yet remain anonymous?
It's easy—just head over to your local coffee shop or pizza parlor, or park outside that charming B&B or unsuspecting hotel. Lots of businesses offer broadband wireless Internet access without any regard to security, liability or how people may be using or abusing their network.
Even better for the bad guys, those same businesses often fail to take even the most basic precautions to protect their private network and computers. Without public / private network isolation, it's trivial to exploit any number of vulnerabilities and gain access to customer data and even credit card information.
'But Our Guests Are Not Hackers'
Most people are honest, and have the best of intentions. Your guests may not be hackers, but they're likely not computer security experts either. You can be certain that a significant percentage of guest computers are infected with viruses, worms and trojans. Many are also zombies controlled by botnets, participating in spam relay and distributed denial-of-service attacks without their owner's knowledge.
And what about the student sitting on the curb outside? Is she sharing the latest movie on a peer-to-peer network? Is the person in the car across the street downloading child porn through your Internet connection?
The bottom line is that a business owner is responsible for all activity on their network, and may be liable for any traffic using their Internet connection. Providing anonymous Internet access, without end user identification or public / private network isolation, is simply asking for trouble.
How Identity Management Helps
The most effective method of discouraging conscious network abuse and criminal activity is removing the cloak of anonymity. Requiring positive identification of every network user makes your Internet connection less attractive to those who would use it to mask their activities.
In larger networks, such as lodging properties or commercial districts, end user identification is essential for locating compromised computers or malicious applications, and notifying the owner or revoking network access.
Compromised computers may actively attempt to infect other computers on the network or on the Internet; may be relaying spam email or participating in DDoS attacks; or may be under the control of a remote hacker without the owner's knowledge.
The use of commercial-grade network components supports multiple levels of diagnostics, which identify excessive network traffic or abuse patterns by both hardware and IP addresses. The ability to correlate this data with a specific user enables complete trouble resolution, restoring network performance and availability for all users.
[ top ]