When a business network is compromised, the financial impact can be immense. Many small and midsize businesses would be unable to recover from a data breach. Clearly, companies need to safeguard consumer data.
At the same time, they can’t be slowed down by overly complex security processes. Business agility is important in the industries with the most sensitive data, such as healthcare, manufacturing and finance, as much as in other sectors. In a connected world, remote access is one of the keys to business agility. Remote access has grown in importance, and as a result has become a target for malicious actors looking for ways to infiltrate networks.
Cybercriminals know how to exploit the mistakes and errors in the way remote access is used. This guide covers ten of the most common misconfigurations that IT teams should be able to recognize and correct. When you apply these best practices, your remote access processes and technologies will be stronger and more effective.
1. Putting Secure Devices on the Internet
There is no shortage of devices that people connect to the internet – from TVs to coffee makers and toothbrushes (and everything in between). The Internet of Things promised us big data insights, and as a result there are countless devices with some level of access to the typical business network.
However, many devices and network segments should never be exposed to the internet. That includes many production devices, machines with personal and financial information – such as ATMs, healthcare and point-of-sale devices, along with anything powering critical infrastructure, and any equipment that can cause injury. It is important to access and manage these machines remotely, but the key is to do it safely.
Use a solution that makes secure, point-to-point connections with no exposure to online threats, rather than more casual-use alternatives like TeamViewer.
2. Using a VPN When You Should Be Using Remote Access Software
It’s commonplace for businesses to let employees safely connect to the corporate network via VPN. In most cases, there is nothing wrong with that approach.
However, a VPN is not always appropriate. Consider augmenting your VPN with remote access software in uses cases like these, where remote access software is more efficient, secure, and often simpler to use:
- Accessing devices that are isolated from the main network
- Accessing devices on networks you don’t control
- Connecting to a device when a VPN is unavailable
- Remotely accessing a single device or network
- Supporting remote workers on shared or open networks
- Limiting a vendor or service provider’s access
- Setting proper access controls on a complex or highly segmented network
Review your VPN use cases, including the types of devices with network access, and review user roles and permissions. Impero offers resources to help take action to correct inappropriate VPN usage.
3. Using Too Many Remote Access Tools
All too often, teams use several remote access tools to accomplish different goals – or to make sure each team has the specific features it wants. However, it is a best practice to consolidate tools where possible.
Administering remote access software takes time. Using multiple tools means multiple rules, meaning more open firewall ports. User access and permissions have to be updated across multiple products. Updating and patching software, training for new features, and change management – these all put a burden on administrators and users.
It goes without saying that this can broaden the attack vectors malefactors can exploit. More complexity means less security, so consolidate your remote access tools to be more efficient and more secure.
4. Leaving Unnecessary Ports Open on Your Firewall
Equipment manufacturers tend to prioritize ease of use and efficiency over security. Designing and building an amazing piece of machinery takes a different skillset than that needed to securely access the controller embedded in the device. As a result, cybercriminals often try to intrude on a corporate network through this sort of machine. Specialized equipment often communicates via non-standardized ports, which are all too easy to discover.
Free tools like VNC or Microsoft Remote Desktop Connection Manager are often configured as the default selection for remote access, which can be problematic. Their security is inadequate for connections outside of a secure network perimeter and should almost never be used over the Internet. Use a VPN where appropriate but look for remote access tools that incorporate secure tunneling – such as Impero Connect – to avoid risk.
5. Neglecting to Secure LAN-based Communications
Organizations often focus their remote access security for use cases involving external devices and users. While this is obviously important, it is equally important to secure remote access within your LAN. IT best practices call for network segmentation that isolates devices with sensitive information, or pieces of critical infrastructure.
Segmentation loses its benefits if the remote access tools you use to communicate across LAN segments aren’t secure. It is nearly impossible to completely secure your entire network perimeter, so remote access security must also be layered, with multiple lines of defense. Make sure to secure remote access within your network with the same level of attention you would give to securing remote access outside of your network.
6. Not Implementing Remote Access Control Best Practices
Few teams can comprehensively monitor an entire network for unusual activity. Creating custom access roles helps increase control and visibility, without being an administrative headache to implement and maintain.
Remote access software should be configured with strict parameters that allow businesses to stay safe and efficient. Implement these access control features:
- IP address filtering
- Defined device groups
- Date and time of day
- User roles
- Whitelisted applications
- Password management policies
7. Granting Overly Broad Access to Remote Users
Most of your network should be restricted based on the access levels that are needed by specific users and roles. This is especially true for vendors who only need to access specific devices or resources, and within limited windows of time.
Network segmentation is a best practice here, along with role-based access controls. Ensure users have unique permissions based on what they are doing and the devices they use. In some cases, it helps to have specific devices only accessible via remote access software by taking them off the network entirely.
8. Ineffective Password Management
If industry analysts are right, passwords will be phased out before long. Biometrics and other authentication methods are becoming mainstream. But until they’re extinct, weak passwords are in the news every week as cybercriminals exploit them. When your business stores and processes personal data, use strong password management rules and multi-factor authentication.
9. Allowing Shared Accounts or Credentials
Shared accounts or credentials are commonplace, even when it comes to network access. This is probably most common when it comes to vendor access. Organizations don’t want to manage a vendor’s users – it’s hard enough to keep up with your own team.
This increases risk because a shared account can be compromised via any of the users who share the credentials. On top of that, forensics are more difficult after a data breach because it’s harder to pin down the point of intrusion.
Actions to take
- Don’t encourage users to share accounts or credentials.
- Provide all users their own accounts.
- Choose a remote access tool that provides multiple authentication options and supports integration with multiple directories.
10. Inadequate Event and Audit Logging
When a cybercrime happens, the next steps often revolve around an audit log. Forensic analysis centers around how the attack occurred and whether the threat is still active. Logging is also required for regulatory compliance. Companies need the ability to document and verify compliance, and logs help do that.
There are many good reasons to look for good logging capabilities in a remote access software vendor:
- Training is simpler when you can use logs to identify best practices or errors that were made.
- Billing and account reconciliation can be simplified by reviewing user actions.
- Problem resolution often requires a review of logs to identify causes and contributions when issues are reported.
When using remote desktop services, make sure the logs include video recording. To get a full picture of user actions during a remote desktop session, you need to see what happened on the screen. Make sure your remote access software also offers unalterable audit logs. Cybercriminals often try to erase the records of their actions after committing a crime, which makes unalterable audit logs a huge asset.
Conclusion
This list is not comprehensive, but it’s a good start for those who want to protect their organizations from remote access exploits. Learn how Impero Connect helps you deploy, configure and maintain remote access according to industry best practices, and download this guide in full.