Archon Secure Blog

The Great Firewall of China and Remote Employees

Written by Francis Knott | Jan 20, 2022 3:30:00 PM

China has become a significant power in the global market, as evidenced by the fact that so many everyday items are marked “Made in China”.

 

But China’s ability isn’t limited to simple toys and devices -- the country also has advanced manufacturing technology and mature IT capabilities. As a result, many companies from outside of China actively partner with Chinese organizations.

 

Here are some recommendations to address the unique privacy concerns and severely restricted access to online information faced by employees traveling within China.

 

The great firewall of China

Most public and private organizations use a firewall to help protect their network. By locking down unnecessary ports and services, the firewall limits the opportunity for malware or an attacker or malware to gain access to the system. Firewalls can also be used to block certain websites considered dangerous or undesirable for a work environment.

 

China takes the firewall approach to the extreme.

 

The Chinese government has taken great pains to limit the privacy of its Internet users and the information they may access by creating what has been termed the Great Firewall of China.

 

The Chinese government is very restrictive regarding online activity. The most famous example is that Google is inaccessible from within the country. China deliberately blocks publicly-used services (like Google) in an attempt to limit access to information not approved by the government.

 

China also performs a fair amount of surveillance on its citizens (and guests) and clamps down on anything that is considered dissent against the government.

 

Business implications of the great firewall

Business travelers to China are subject to the country’s rules, and this includes restricted Internet access.

 

Connecting to the Internet in China involves connecting via a Chinese telecom provider, meaning that the Great Firewall will be enforced. Because of these, US employees traveling in China may find it challenging to perform core business duties.

 

First, most employees have become dependent on easy access to information as part of the process of writing reports, analyzing data and making business decisions. When working from China, this information simply isn’t accessible.

 

Second, accessing the Internet using a Chinese connection can have a significant impact on the privacy of an organization’s data and confidential information, because China routinely monitors all Internet communications.

 

Evading the great firewall

When working from China, employees must take appropriate steps to protect sensitive data.

 

Probably the best option for evading the Great Firewall is to use a Virtual Private Network (VPN). A VPN creates an encrypted connection between the user’s computer and the VPN server, where the data is decrypted and forwarded on to its intended destination.

 

The advantage of using a VPN to evade censorship is that most firewalls look at the destination of the traffic and use that to decide whether or not to block access.

 

For example, as mentioned earlier, the Great Firewall of China blocks access to IP addresses controlled by Google. However, when using a VPN to access Google from China, the Great Firewall only sees the encrypted communication, which has a destination IP address of the VPN server. If the server isn’t on the block list, the traffic will be allowed to continue.

 

VPNs also help improve the privacy of communications by protecting sensitive information traveling over untrusted networks.

 

China can only inspect the traffic on its own networks. The traffic going through a VPN from outside the country is encrypted the entire time it is under Chinese control.

 

Keeping it simple

Many organizations use a VPN to connect remote employees to their internal network. This both protects internal communications and ensures any traffic going to external locations benefits from the organization’s cybersecurity defenses.

 

One of the issues with traditional VPNs is that the user must install, configure and support software. This is time-consuming and impractical for many remote employees and can have serious consequences, as a misconfiguration could render the VPN useless.

 

Archon Security’s GoSilent Cube is about the size of a Tic Tac box and is designed with plug-and-play functionality.

 

GoSilent plugs into any IP-enabled device, enabling the user to instantly access Internet resources without attribution - even from an untrusted region of the world.

 

GoSilent secures a connection to Archon's GoSilent Global servers (with 9 points of presence in locations around the world) and creates a secure IPSec tunnel. The user’s online activities transmit through this secure connection to a region that is considered more trustworthy, before allowing those requests to hit the open Internet. This removes the possibility of the data being intercepted in China.