Security Awareness Training: Secure Remote Access to Corporate Infrastructure

In this installment of Lab’s weekly series, Security Awareness Training, we’ll be discussing appropriate methods for users remotely accessing corporate or cloud infrastructure. Many of us work remotely at some point and need to access corporate file shares and other network resources. As an organization, the employees are as much of an effective (or defective) means to securing remote access into a network as IT solutions that are applied.

In a recent Security Awareness Training installment by another LogRhythm Lab’s team member, Zack Rowland, he discussed the need for sound authentication techniques, such as 2-factor authentication, which are very much applicable to securing remote access into the corporate network. However, the end users are just as important as the technology solutions being applied.

Here are some areas of best practice to consider:

Always utilize Virtual Private Networks (VPNs):

All authorized users should connect to a centrally authenticated VPN. The client software associated with that VPN may need to be installed on your local machine. For connections where strict data confidentiality is required, as seen with intellectual property for example, remote access devices should leverage end-to-end encryption.

Confirm you are logging into a legitimate site or
access point:

This includes both the coffee shop up the street (public Wi-Fi) as well as your own home network. To reiterate from Greg Foss’ message around securing your home network, it’s important for end users to take ownership for ensuring they are connecting to a legitimate, secure access point. In some public access points where a VPN is not available, data associated with strict confidentiality should not be sent over that access point.

Ensure the login page is served up via HTTPS:

When logging into a web page over HTTP, it should be noted that credentials will be sent in clear text. This means that any man in the middle or sniffing techniques could obtain those credential or session tokens and lead to a potentially compromised account. As compromised account credentials are a leading factor in opening the back door into the network, it is vital for users to be aware of this.

The only time domain credentials should be used are when logging into the domain itself or through services known to be part of single-sign-on. Lastly, when leveraging Web-facing applications, ensure they are approved and are associated to the business such as SalesForce.com, SharePoint and so forth.

Ensure critical updates and patches are current:

Keeping your laptop or other device connecting remotely to the network up to date on updates and patches is necessary to mitigate risk relating to contracting malware or viruses on your device. Any indication that critical updates or patches were not installed successfully on your device should be communicated with IT to address the issue before traveling or working remotely.

Notify IT of any travel outside of your normal locations before you leave:

For some of us, travel is a normal occurrence, especially in sales. Travel that may deviate from your normal locations or to countries known for a heightened presence of malicious cyber activity should be communicated to IT before departing. Procedures may be recommended to limit the risk exposure and for IT to be aware of any authentications to the network from uncommon or
risky locations.

Only use IT approved software or applications relating to file sharing:

When using business related machines, it is important for employees to leverage file sharing solutions that are approved by IT. When using public file sharing solutions, such as Drop Box, this brings business content, proprietary information, or information relating to compliance (PCI, HIPAA, SOX, etc.) outside of IT security controls. As mentioned before, reliance is placed on the end-user to adhere to IT security policies and usage agreements.

Notify IT of any rogue or potentially malicious
access points:

It is best to identify these before accessing them; however if you do connect to a rogue wireless access point, this should be communicated to IT so they can validate no infectious malware or executables were installed on your machine. If this occurs, the next step is to contain any compromised machine as soon as possible. As mentioned above, AD credentials should only be used in approved, known IT services or applications.

Be vigilant about where you leave your
computer or device:

Many of us are aware of the risks associate with leaving your computer unattended in public places such as coffee shops or airports. When in these public environments, be sure to keep your computer with you at all times and to lock your computer when not in use. Other methods of privacy can be used, such as privacy screens, if working with confidential information. Something else to consider is how we store our computers when traveling to and from work. We may stop at a store and leave the device in our locked vehicle, unknowingly putting the business device at risk. Many computers are stolen from cars that have been broken into. To mitigate this risk, ensure your computer is out of sight and locked in the trunk if you are unable to take it with you. If a business device is stolen or lost, you should communicate this to IT right away to limit the risk of compromising the device. IT can even wipe the device if a solution has been deployed, disabling the thief’s ability to access the network or
content on the computer.

In closing, IT can deploy many solutions, services and/or applications to promote secure, remote sessions for users. However; many of these controls can be trumped by end-users not being vigilant of their own security practices. Having the appropriate IT solutions deployed and an educated user base is imperative for establishing secure remote sessions into the company’s network.

Until next time,

Bob Swanson