Don't Let Urgency Lead to Insecurity, Part 2 - WST

We wanted to expand on our WST about securing remote access from a few weeks ago with some additional thoughts.   Many institutions moved quickly to enable and support work from home users, and in a rush to get everything working for employees, we're seeing some choices were made that increase security risk.  We understand that it can be hard to think of security when you are trying to keep the business running and doing so quickly.

There are a variety of ways to allow your employees to work from home.  First, do not be tempted to open your Remote Desktop server directly to the Internet as there have been several Remote Desktop vulnerabilities recently, and the bad actors are out there looking for these to attack and gain access to networks.

Another, and more safe method of remote access is through a web interface that once authenticated, users only have access to specific applications or systems - think Remote Desktop via a web page.  Most firewalls offer this functionality, and this setup can allow for safe remote access using employee's personal home systems, as the only network traffic allowed is what's needed to refresh the screen.

For safest remote access, our general recommendation is to provide a domain joined and fully managed system (typically a laptop) to the employee that includes a VPN solution that requires multi-factor authentication for all remote access.  Once the employee is connected to the VPN network, they can access their desktop computer at work via Remote Desktop or a shared Remote Desktop server (formerly known as Terminal Server).  Some things to think about for laptop access:

• Is the laptop being managed at all?
• Is it joined to the internal Active Directory domain?
• Is it being patched?
• Does it have managed antivirus?
• Does the laptop have its local firewall enabled?
• Does it use a split-tunnel for Internet access, and if it does, is web content filtering deployed at the endpoint?
• Is the laptop encrypted?
• Through policy and user agreements, do you disallow usage of the device for non-work-related activities?

If you answered NO to any of those, your internal network is at a greater risk.  Take your time to evaluate your remote access security posture and make improvements where needed.  Better to spend resources to make things more secure than to spend money dealing with a breach.