Categories
Research>The Hitlist

The Hitlist: Remote Access

Remote access is often one of the weakest points we find in a customer’s network.  Corporations allow home users, with no real security on their home network, to remotely connect to their corporate network, access, and even download content.  This alone is a breach of security, and could even facilitate a data breach.  We have all known of users who email themselves company files, but what if those files contained Personally Identifiable Information (PII) or Personal Health Information (PHI)?  We have seen it happen.  What if someone is writing a report, and then decides to bring it home to finish it up?  What if that report contains intellectual property?  To avoid these potential disasters, it is important to have proper controls in place.  You should have a secure method of accessing corporate data remotely, and there should be policies and procedures in place to ensure that users are forced to use this to access data.  We have outlined some topics to consider below:

SSL VPN/Remote Desktop Solution (not to be confused with Remote Desktop (RDP) for Windows)

Step one, you must have a secure solution in place to access corporate data remotely.  Ideally, all users with remote access privilege should be using an encrypted VPN connection, period.  If possible, some sort of remote desktop solution should be employed that provides an interface for accessing internal network resources.

Corporate Devices

If you don’t use a remote desktop solution then you should mandate that only corporate devices are allowed to access the internal networks. When employees use personally owned devices for work, they tend to use them however they want. This creates an unneeded vulnerability for your company. Corporate owned devices can help alleviate this gap in security. It will give your IT department increased accountability without taking away the employees productivity.

Policies

Step two, you must have policies in place to enforce the usage of your secure remote access solution.  Tell users what they can and can’t do, and set expectations so that if they do not follow company policy there could be repercussions.

Administrative Access

Admins should not use privileged accounts for remote access.  It is best practice for admins to have two domain accounts, one with privileged access, and a standard user account that does not have any elevated privileges.  The account with administrative access should only be used when administrative duties are required, and should never be used for remote access into your corporate network.

Network Traffic Control

In addition, you need to have tools in place to control the traffic on your network. The resources on your network are not only available at your organizations physical location, but when you add remote access capabilities, it adds an additional increase in the amount of traffic that moves around the network. Look at it like a highway, a highway is made to allow a steady flow of cars to move about from location to location with ease. At any point, there could be a heavy flow of cars that causes the highway to become congested. Depending on the situation, this backup will spread if the cars cannot leave as fast as they are approaching. This is the same for you organization’s network. If you do not have the correct tools or policies and procedures in place to control your network traffic, it could greatly deteriorate the speed of your network. This, in return, could decrease business continuity/productivity?

Application Control

Another essential tool when utilizing remote access is application control. Your network is a combination of different ways to communicate including email, instant messaging, and point to point applications. As more applications are introduced to your network, the number of risks by malicious software also increase. This is why it is very important to have a solid application control policy and assure that it is implemented throughout your organization.