In general, broadband wireless access technologies enable enterprises to increase productivity by providing mobile enterprise users with continuous access to critical enterprise resources. The deployment of such technologies, however, is introducing enterprise security problems. For example, an enterprise user may connect to the public Internet using broadband wireless access while simultaneously maintaining a connection to the enterprise Intranet over an Ethernet connection. This concurrent connectivity may result in significant security violations.
A variety of security violations resulting in attacks on enterprise network infrastructure may originate from outside the enterprise premises. For example, from the outside of the enterprise premises, the enterprise user system may be infected by a virus/worm over the public Internet, and may propagate this virus/worm to the enterprise Intranet. In this example, if IP forwarding is enabled, the enterprise user system operates as a router, enabling a malicious outside intruder to bypass the enterprise firewall and access critical enterprise resources. Furthermore, the enterprise may be vulnerable to other attacks in which a malicious outside user utilizes an enterprise user system with dual connectivity in order to attack the enterprise. Although enterprises are deploying expensive mechanisms to prevent such outside access of the enterprise network, dual network connectivity provides malicious outside users a capability to access the enterprise network.
A variety of security violations resulting in attacks on enterprise network infrastructure may originate from inside the enterprise premises. In fact, enterprises increasingly realize that the majority of attacks on network infrastructure occur as a result of either internal sabotage or unintentional mistakes. For example, such activities may include an employee forwarding confidential documents over the public Internet without encryption or an executive exchanging Instant Messages without adhering to enterprise security policies. Furthermore, such activities may lead to computer espionage and violations of government regulations, resulting in significant financial damages to enterprises. Although enterprises are deploying expensive mechanisms and policy controls to prevent enterprise users from engaging in such activities, dual network connectivity enables users to by-pass such mechanisms and controls and directly connect to the Internet without being subjected to the mechanisms and controls.