Don't Backoff: nail down your remote access policy or face the music

Don't let hackers exploit your remote access facilities
Don't let hackers exploit your remote access facilities

Remote access and security worries go hand in hand, and last year, we saw the likes of the Backoff malware targeting point-of-sale terminals, and updated Citadel malware, both leveraging unsecured remote access systems to gain access to networks.

For security professionals, the temptation to switch off remote access must be high. However, remote access technology is an essential tool for IT departments and third-party service providers to manage, update and troubleshoot remote systems. The issue isn't remote access technology itself, it's that these technologies are often not managed closely, if at all.

When implemented and managed properly, remote access can be secure. However, as IT professionals, it's important to look at how to govern it. Are the right policies in place when it comes to remote access by IT or third-party providers?

The right rules for everyone

To start with, let's review some best practices. These apply whether the person accessing your network is an internal employee, an outsourced service provider, or third-party vendor.

First, consolidate remote access tools so you can centrally manage and monitor all insider and external remote access. Once you have everyone using a single, sanctioned remote access solution you can categorically block all unsanctioned tools so they can't be used on your network.

Multi-factor authentication is a must. But in order to implement MFA, each individual must be using unique login credentials. Often IT teams or vendors share generic logins to save money on licenses, making it easy for attackers to use brute force methods to successfully guess the password. Not only does sharing passwords undermine access security, it makes it impossible to audit who is doing what on your systems.

Speaking of weak passwords – complexity of passwords, password length and enforcing regular changes in credentials can all help to decrease the potential of an attack.

Finally, limit access to only the specific systems and timeframes required while capturing full audit trails of all remote access activity. This way you can review what occurs during each remote session, and what actions were taken by the technician. This allows you to know exactly who accessed what systems and what they did.

Building the case for secure remote access

Last year, we all saw the impact that unsecured remote access implementations can have on businesses. One of the reasons that attacks are successful is that there are rules in place for employees using remote access technologies, yet these same rules may not be applied to external parties providing IT services.

For many companies, outsourcing and third party access to their network is a given. 88% of companies have at least one third party with access to their IT networks, according to research by Ovum. One of the respondents had more than 100 service providers using remote access to enter the corporate IT network.

Whether you have one outside supplier or 100, how do you monitor and manage their access? If they are using old or legacy remote support tools, they may be leaving unnecessary vulnerabilities or backdoors on your network that are easy for attackers to compromise. Alongside centralising and prescribing remote access tools, shutting these backdoors should be a given.

Managing policies

Over and above the physical remote access connection, it's also important to consider the rules and policies that people have to follow. This may include setting up a separate set of rules for outside providers that they have to follow as part of working with the organisation. For example, an IT outsourcer should be allowed to access your systems from his computer on his company network, but not from his iPad at home or outside standard business hours.

Security has many layers, and no one solution is going to fully protect you from a data breach. But if you can lock down the initial entry pathway just a bit more, you can significantly up your chances of keeping hackers out and your sensitive data in. With the right mix of tools and processes, threats and malware targeting your company network can be kept at bay.

  • Boatner Blankenstein is Senior Director of Solutions Engineering for Bomgar