Remote access and best practice

Unique logins and two-factor authentication remain critical, says Stuart Facey

A spate of new and updated malware attacks has been uncovered from Backoff, which targets point-of-sale terminals to a new version of Citadel that goes after more traditional PCs and laptops. What links all these attacks is the use of unsecured remote access technologies to gain initial access to the systems.

Many IT professionals and third-party vendors rely on remote access tools to do their jobs. These are the tools they use to manage, update and troubleshoot systems at a distance.

Access for the company's internal IT team is required, as well as for any third-party vendors or outsourcers. Remote access tools must meet their clients' security policies and enable agents to meet their SLAs within budget.

Remote access policies must cover everyone from employees to external vendors. Requiring employees to follow security best practices doesn't help much if service providers leave network backdoors open.

But access should be limited to those who actually work on those devices and systems; login policies such as account lockout settings and two-factor authentication should be put in place to deter automated attacks.

Organisations should also determine which remote access tools can be used to access their systems and block access from all unsanctioned technologies. One company we worked with found it had more than 10 remote access tools in use, with each technician using his or her favourite.

This multitude of tools made it difficult to enforce policies across the board and potentially leaves vulnerable ports open, allowing access to the company's network.

IT teams and service providers often share login details to save money on licences. This may seem to satisfy a need in the short term but it makes it impossible to work out who is doing what on company or customer systems.

When something goes wrong, poor auditing ability can make challenging situations even more difficult.

Use a centralised and approved tool for remote access, and follow best practice by adopting unique logins and two-factor authentication. This applies to inbound and outbound access.

Restrict agent access to the systems technical and provider staff need and only when they need it, reducing the risk of breach. A detailed audit trail of all session activity can help work out exactly what is happening and when.

Securing remote access is an opportunity for resellers to demonstrate their value to customers and prospects.

And while management of remote access might be a technical point, it also illustrates where organisations might be going in future when thinking about customer needs.

Stuart Facey is EMEA vice president at Bomgar