Yaksas CSC

Your Guardian in the Cyber World

  • Yaksas CSC Home
  • Home
  • About Us
    • Overview
    • Why Yakṣas?
  • Got a Question?
    • Cyber Security Basics
    • Cyber Security Education & Career
    • How to stay safe?
  • Get Invloved
    • Write for Us
    • YCSC QnA Dialogue
    • Translate Articles
  • Contact Yakṣas
  • Press Release
    • NCSAM 2015 Champion
    • STOP. THINK. CONNECT. Partner
Make Remote Access Your Ally

Uday Mittal March 23, 2016 Leave a Comment

Make Remote Access Your Ally

Today, every organization, big or small, is looking for a way to increase the productivity of their employees. They offer employees various kinds of flexibility options to help them achieve the much sought after work life balance. One such option is providing remote access to corporate network. Through this functionality employees can access their office resources from anywhere in the world. Due to the ease and benefits for providing remote connectivity many companies have shifted to a virtual office, wherein employees can work from their home.

Though a useful technology but remote access comes with it’s own set of risks. For example, organizations have no control on the network their employees are connecting from, which exposes the corporate network to the risk of malware infection, data theft etc. In order to make life simpler, most organizations implement a Remote Access Policy (RAP) and associated standards and procedures which ensures the security of their corporate network. It is essential that the RAP is comprehensive and defines adequate controls to address risks associated with this technology. Below we mention few elements which every RAP should have, at minimum.

Access Requirements

Remote access should be treated as a superpower. Not everybody gets it, only the chosen few. A RAP should clearly define the criteria to provide remote access to an employee. For example, an organization may decide to give remote access to employees who are at a particular designation / grade or above it.

Account Review

Remote access is a potential weapon in the hands of a disgruntled ex-employee. Therefore, it is essential that organizations conduct a periodic review of active accounts with remote access capabilities. The review should check for accounts of employees who have left the organization or have been terminated, dormant accounts etc. The frequency of this review should be defined in RAP.

Authentication

Since a connection could originate from any corner of the world, organization must ensure that proper authentication mechanisms have been employed. Most remote access solutions support two-factor authentication. A RAP should state the baseline authentication requirements.

Role-based user classification

It is a good practice to define roles and associated access before providing remote access to employees. It helps organizations to implement the principle of least privilege on remote access. For example, an employee in marketing department wouldn’t require access to finance applications. A remote access profile based on the requirements defined by marketing department would ensure that employees in this department get access to marketing related applications only .

Posture Assessment

Most remote access clients have the capability to assess an endpoint’s security posture before granting access. Clients can check for outdated anti-virus signatures, missing patches, account privileges etc. This feature makes sure that unsecured endpoints stay away from the network.

Encryption standards

A RAP should also define the encryption standards that need to be followed when implementing and granting remote access. It should be kept in mind that the best encryption standard might not necessarily be the most feasible option. Depending on the volume of remote connections and scalability of the solution organizations might have to make a trade off between the best and most feasible.

Monitoring and logging

As I said before, remote access is a super power. This super power can easily turn into an organization’s biggest nightmare if they let their employees lose with it. Monitoring ensures that the organization knows what employees are doing with this power. It helps them maintain compliance to the information security policy. A logfile makes sure that all footsteps are recorded and could be traced back to an employee, if required.

—

For Image Source click here.

Related Posts

  • Understand and restrict admin access in your organizationUnderstand and restrict admin access in your organization
  • CISM: Everything You Need to KnowCISM: Everything You Need to Know
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Technology Tagged With: Authentication, Information Security, Logs, Remote Access

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

Active directory Active directory lab adsecurity adsi adsisearcher Android attack active directory awareness blue whale challenge Certification CISSP crte crtp cyber-warfare Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden ellitedevs forest enumeration hacker Information Security ISACA Kali Linux lab environment lab hardware Mass Surveillance Mobile Security Narendra Modi NSA offensive security Online Safety Password Penetration Testing pentest powersploit Powerview privacy red team Risk Management Social Media user enumeration Wifi Windows

Top Posts

  • Active Directory User Enumeration using PowerView
    Active Directory User Enumeration using PowerView
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • DCPP: Everything You Need to Know
    DCPP: Everything You Need to Know
  • Active Directory Network Recon using PowerView
    Active Directory Network Recon using PowerView
  • Are you sharing sensitive information over WhatsApp?
    Are you sharing sensitive information over WhatsApp?
  • Web App Pentesting using BodgeIt Store (Part 1)
    Web App Pentesting using BodgeIt Store (Part 1)

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress