Remote access tools provide many benefits, but they also create some challenges. One of them is security. Opening your network up for remote access not only makes it easier for your team to administer machines but also opens up a route that unwelcome guests could potentially exploit.
Network administrators and managed service providers must, therefore, find a way to balance both sides of the security equation when it comes to remote access. Employees who need access to their data from outside the network must be provided for. At the same time, foreign intruders must be deterred from infiltrating your network.
Table of Contents
There are several steps you can take to help achieve this balance. First, your firewall must be locked down and bulletproof. User authentication standards must also be up to date and effectively enforced. All network activity in and out of your network, denied or allowed, must be logged in an understandable manner as well.
Let’s take a more detailed look at each of these steps.
Your network firewall is the first line of defense an intruder hits when trying to break into your network. It is a best practice to do all that you can to stop the intrusion from happening here. The most effective way to do this is to lock down all access by source IP address, only open what needs to be open, and keep a log of all access requests.
Proper Port Security
By default, your firewall should block all inbound access to your network. It is inevitable, of course, that some ports will need to be opened at some point. When doing so, it is best to follow these rules:
- Only open the necessary ports. At some point, ports will need to be opened. When doing so, be sure to have a good understanding of the specific ports that need to be opened, and the protocol that will be used on them. Do not leave any ports open that aren’t required.
- When possible, utilize alternate ports. Often times, port redirection can be used so that only non-standard ports are left open for access. Doing this makes it harder for intruders to guess what ports are left vulnerable.
- Perform periodic port scans from an external source. It’s always a good idea to double-check your work. Monthly port scans from an external source should indicate if you’ve left open any ports that should be closed.
These port security practices can be applied in many different situations, and these rules don't just apply to remote access. Leaving remote access-specific ports unsecured, however, leaves your network especially susceptible to intrusion.
Limit Access by Source
In almost every network environment, you are going to need to open ports in your firewall for remote access. In some cases, you will be able to distinguish where the traffic is coming from.
When possible, rules configured into your firewall allowing traffic should limit access by source IP address. This way, traffic through these ports from unwelcome guests will be blocked.
Log All Access Requests
As requests for access come into your firewall, logs should be created to notate all activity. Every detail possible should be considered. The following things should be considered for the logging process.
- Log all activities, permitted and denied. Some logs may only notate denials as confirmation of suspicious activity. A best practice is to notify permitted activities as well, just in case this information needs to be referenced later.
- Every log entry should have a time and date stamp. It's extremely important to be able to have all of the data needed when investigating an intrusion. You should have proper times and dates so that you know that remote access is occurring at appropriate moments.
- Entries should be easily readable and searchable. Having logs is one thing. Being able to read and sort through them is another. Log entries need to be easy to comprehend. All information recorded should be easy to search by keyword.
Different firewalls use uniquely designed logging tools, and there are often different levels of logging offered. It's a good idea to do some research into logging functionality before investing in a firewall.
You probably already have user authentication policies in place. However, when remote access is being considered, it's even more important to double down on standard user authentication security practices. The common user security practices that you may already have in place should be optimized for remote access. In most cases, the principle of least access will be a good baseline to follow.
Enforce Standard Security Protocols
There are a number of standard security protocols that should be reinforced when considering remote access security. Here's an overview of what should be included.
- Strong passwords should be required and should be changed regularly. It’s imperative that passwords not be easily crackable. Brute-force attacks are when a software program attempts to log in by trying a long list of different passwords over and over until access is granted. Complex, complicated passwords are the best way to fend off this type of attack.
- Record every login with a time and date stamp. You need to be aware of who has been taking advantage of remote access. Having a record of everyone who logs in is a start. It's even better to know the specific times they are logging into and out of your system. This greatly helps with the task of investigating future issues.
- No sharing of usernames and passwords. Every user that has remote access needs to be using his or her own username. The sharing of user credentials makes it much harder to control the access of individual users.
- Immediately revoke remote access to departing employees. Users that leave your company, voluntarily or not, should not have access to your data. To prevent mischief from disgruntled former employees, access should be revoked immediately upon their departure.
Following these rules will help to harden your system from intrusion from outside of your network.
The Principle of Least Privilege
The principle of least privilege is a vitally important concept to follow when establishing remote access protocols for a business. This is the concept that access should only be given to those who specifically need it. There should be no "open door policy" when it comes to your network.
While many different users may request remote access to your data, it should not be granted automatically. Consideration should be taken for each case. Be sure to draw a distinct line between users that want access for convenience compared to individuals that need a remote connection for business functionality.
In addition to the importance of keeping access logs, end-user notification is an important practice to keep in mind. The privacy concerns of institutions and individuals should be kept on par with the security of the business and its data. If both cases, there are serious legal ramifications for not taking requirements seriously.
Managed service providers and other network professionals with remote access must come to an understanding with the business owners of when data will be accessed. It's also extremely important to understand the industry to know how personal information is to be treated.
When considering security with remote access, it's always good to think back on that famous movie quote: "With great power comes great responsibility." Many standard network security rules are carried over, but their importance is exponentially heightened due to the nature of remote technology.
When you open your network up for remote access, you are increasing your surface area for attack. While the benefits of remote access are great for employees and remote support personnel alike, remote access also makes it much easier for hackers and other unwelcome guests to access your network and get their hands on your data.
To prevent this, hardening your firewall as much as possible is a great first place to start. User authentication processes should be optimized for remote access as well.
If you are opening your network up for remote access, be sure to go back and review all of your security protocols. If they aren't updated to consider remote access, make adjustments immediately.