Remote Access Security – Best Practices
In a previous post on our blog, Ericom CEO Joshua Behar reflected on why organizations should look into implementing virtual computing as a security solution. While it’s true that remote access to virtual computing resources can offer several security advantages over other methods of enabling remote working, it’s also true that care must be taken to avoid the risks of remote access by implementing best practices to secure your remote computing setup.
A recent article on the dangers of remote access mentions that RDP ports are a hot commodity on the “dark web”. RDP, a remote access protocol developed by Microsoft and built into the Windows operating system, is in use on an estimated 5 million internet-connected endpoints. That’s a lot of openings for hackers. Once someone has the credentials to get into a company’s servers via RDP, they can do a lot of damage, potentially finding administrator passwords and disabling anti-malware protection, not to mention stealing data or installing ransomware. Some credentials are sold as cheaply as $10; others, for high value targets, command much greater sums.
Securing Remote Access
Here are some best practices to follow to address remote access vulnerabilities:
- Make sure you only allow remote access via a secure connection, ensuring that the hosted resources are not directly accessible on the Internet. This can be by way of a hardened secure gateway or a Virtual Private Network (VPN) connection.
- Implement two-factor authentication of users. With two-factor authentication, a password alone is not enough to enable a hacker to compromise the system. The second factor is typically either a text to the user’s phone, or biometric confirmation (fingerprint, visual face ID) on the user’s device.
- Implement good password hygiene – use complex passwords and require users to periodically change them.
- Use a clientless remote access solution. With a clientless solution, there are no software or plugins on the end user device that can be compromised or hacked.
- Monitor and log all remote sessions – and keep an eye out for unusual activity. If something smells fishy – shut it down.
By following the above best practices for remote access security, a remote desktop solution can be much more secure than carrying around a laptop or other portable device loaded with sensitive corporate data. Enterprise-grade secure remote access solutions allow organizations to mitigate the risks of remote access, ensuring remote users can connect to the resources they need to do their jobs without endangering the company’s network.