As more of the workforce transitions to working remotely, it’s increasingly important to secure remote access technologies. We have compiled some security measures that you can implement to increase your remote access security.
1. Follow the Principle of Least Privilege
The Principle of Least Privilege is the practice of starting from zero privileges and adding only what is necessary for use, instead of allowing everything and going through to remove unwanted privileges. This makes sure that the user or system has only what they need and nothing else, reducing potential attack vectors. This Principle applies to everything from Firewall Access Control Lists (ACLs) to physical keycard access, so keep the Principle of Least Privilege in mind while implementing the strategies below.
2. Monitor and Control Remote Access Methods
Make sure you have control over who and what can connect to your remote infrastructure. You should monitor connections for threats so you can quickly catch and mitigate potential attacks. Spikes in failed authentication attempts and logins from outside regions are two examples of potential attacks that can be caught by monitoring remote access connections.
Create appropriate filtering rules for routers and firewalls to ensure that you are following the Principle of Least Privilege, and block access to resources not needed for remote work such as production servers and office workstations. Make sure that your ACLs are up to date and remove accounts that no longer need access such as terminated employees or employees who are back to working in person. Ensure users create strong passwords and implement multifactor authentication. Consider using Network Level Authentication (NLA) on remote access services where appropriate.
3. Encrypt Remote Access Sessions
Ensure that you are using appropriate encryption for all remote access sessions. Encryption adds security to your data in transit across the internet. If intercepted, encryption makes it harder for a third party to read your data. Examples of encrypting sessions include VPNs, encrypted remote desktop services, and using HTTPS for company web portals.
4. Limit Access Control Points
Limiting the number of points of access can help funnel your traffic into “chokepoints” that you can then use to monitor and filter traffic. Having traffic come in through a smaller number of access points makes it easier to monitor and control. For example, instead of connecting directly to hosts externally, you could utilize a VPN to get onto your network, which consolidates all traffic through the point handling the VPN, and then connect to the once on the network. Allocate enough resources to make sure your access point can handle the traffic and your chokepoint isn’t a bandwidth chokepoint!
5. Don’t Post Remote Access Info to Your Company Website
Limit the public information available on your remote access solution in order to make reconnaissance and discovery harder for an attacker. Make sure there is no information on your remote access infrastructure on your public webpages, or lock instructions for employees behind an internal web portal. Ensure that your employees do not disclose details about the remote access solution publicly. In addition, harden public-facing servers to prevent information leakage such as the OS running, services, etc.
6. Disable Unused and Insecure Protocols and Services
Restrict unused ports, protocols, and services as well as insecure protocols and services from being accessible from remote connections. This decreases your network exposure and guards against attacks on services you are not expecting. Using the Principle of Least Privilege to build your firewall and routing rules is a great method by defaulting to dropping all traffic and adding whitelist exceptions to services that are needed.
7. Keep Remote Access Software Up to Date
Ensuring your remote access software is up to date is critical to keeping your infrastructure secure. Software updates install security patches and mitigate known security exploits that have become publicly available. An out-of-date system is vulnerable to known exploits that otherwise would not be exploitable if the security updates were applied.
Implementing these security measures will put you well on your way to locking down your remote access technology. NuHarbor Security offers a wide range of services to bring your security to the next level.
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.