In this age of lockdowns, social distancing and working from home, organizations must think carefully about how to extend their networks and services across the internet and into employees’ and contractors’ homes. This makes remote access security management both a timely and an imperative topic, because it has become the norm for many companies and organizations this year.
If we are to believe even the most optimistic of vaccine deployment scenarios, our pandemic situation is likely to persist for at least another six to nine months. That said, many experts think that working from home is the new normal, so even once it’s safe for us all to be together in an office again, there may be no office to go back to. The old ways of working mostly within a secure organizational perimeter are on the way out, so we need to update our security operations for the new reality.
How does remote access work?
In the simplest of terms, remote access requires that users employ a remote device of some kind to establish a connection to an organizational service. The connection is a communication link that spans the internet from the client or user side to a server or service inside the firewall.
For example, Microsoft includes both an old-line application, Remote Desktop Connection, and a new-style Universal Windows Platform (UWP) app, Remote Desktop, in Windows 10. Both use Microsoft’s Remote Desktop Protocol (RDP) to establish a remote connection between a client PC (user device) on one side and a host PC or server (server device) on the other side.
Thus, the elements of remote access include the following:
- A remote access client or application that lets the end-user request access to a remote resource of some kind
- A remote connection that connects the end-user to the resource, and vice versa
- A remote host or service to which an end-user can connect, and from which they can request information, services, resources and so forth
Securing remote access means securing all elements
For a company or organization to meet best security practice requirements for remote access, all elements involved in remote access must be secure.
Here’s a checklist of items and capabilities that fall under this large and far-ranging umbrella:
- Before users obtain remote access, they must be identified and authenticated. The best form of security for identity and authentication nowadays relies on two-factor authentication (2FA) or better, where a user’s cellphone serves admirably to provide a separate channel for ID and authentication traffic, as well as providing a tangible token of identity in and of itself.
- The client software that users employ for remote access should themselves be secure and free from known technical vulnerabilities or susceptibilities to attack through social engineering. Users working remotely need basic security awareness training to keep them from inadvertently disclosing what the organization wants kept confidential – namely, their account and password information, among other sensitive data. The client software must also be scanned for vulnerabilities (preferably at high frequency, if not continuously) and patched or fixed as security updates and fixes become available. If the organization sticks to a routine schedule for patches and updates, its IT or security team should be watching for zero-day exploits on its remote access client or server software — and be prepared to push emergency security updates outside the normal schedule, should that prove necessary.
- The connection that spans the gap across the internet may be subject to snooping and sniffing. This is why most security experts recommend that remote access technologies incorporate a secure virtual private network (VPN) as part and parcel of its connection-making and -handling capabilities. A secure VPN will encrypt all traffic across the internet using reasonably strong cryptography. In practice, this means that such traffic is reasonably secure from unwanted and unauthorized access to third parties between the connection’s endpoints.
- The application or service at the remote end of the connection must, like the client, be secure and free from technical vulnerabilities or susceptibility to attack. It, too, should be frequently scanned for vulnerabilities and patched or fixed following the same regimen described for the client-side remote access software. In addition, organizations should use anomaly detection and behavioral analysis on remote access services and applications, because they are predictable and constant focuses for attack by threat actors.
Some organizations go so far as to prepare so-called honeypots — attractive lures designed to distract attackers who do manage to penetrate network security, and keep them busy while security analysts try to identify the attack actors. Again, because remote access applications and services are such obvious targets for attack, it may make sense to dangle a honeypot, or even a honeynet (a whole network of honeypots) somewhere in the file systems and resources available to remote access users. Legitimate users won’t have any reason to start digging in, so triplines on such assets make excellent early warning alerts for potential or active attacks or compromises.
Keep remote users — and the organization — secure
By following the approach of securing and monitoring all elements of remote access — and applying best security practices to updates, patches and fixes for those elements — organizations can make remote access available to employees and contractors safely.
But remote access should always be near top of mind in terms of attention, maintenance and ongoing scrutiny, which includes anomaly detection. Anything else is an invitation to the bad guys that reads, “Come on in; this is an easy mark.” And neither your remote employees nor your organization wants this.