COVID-19 is changing the paradigm of cybersecurity in organisations, especially in the remote access aspect, usually provided by virtual private networks (VPN). This technology became over the years stable, and therefore underestimated, without undergoing a proper assessment of its impact on organizational security.
With the exponential increase in remote access due to remote work caused by the COVID-19 pandemic, at a global and local level, organisations must pay additional attention to remote access infrastructures and the use of VPN solutions.
Who are the users accessing the remote access infrastructure?
It is necessary to ensure that users accessing the infrastructure are really who they say they are. The use of static, dictionary-based passwords makes access very vulnerable to brute-force attacks. Thus, it is necessary to implement nowadays more advanced authentication solutions that regulate the entire life cycle of users, Identity and Access Management (IAM), as well as the use of dynamic password techniques, such as One Time Password (OTP) or Two Factor Authentication (2FA), which increase the level of user reliability.
There is a portfolio of solutions, such as Entrust Datacard or Gemalto Safenet for OTP/2FA solutions and IBM Security Identity and Access Assurance, Azure Active Directory or Oracle Identity Cloud Service among others for IAM.
What are their profiles?
Assuming that not all users are equal, some need more resources than others, according to their criticality for business continuity. Based on this premise, it is vital that the chosen technology can differentiate the various access profiles, allowing an effective use of resources and ensuring the quality of service.
Working in parallel with an IAM solution as mentioned previously, the correct identification of the resources associated with a user can be allocated to a new generation equipment for termination of remote connections, such as Check Point Quantum Firewalls, Fortinet or similar.
What type of device is being used to access and who owns it?
The fact that the access is being made from outside the controlled environment of the company raises some security issues due to the different types of devices used to access the corporate network through the VPN (laptops, smartphones, tablets, etc.).
It is imperative to understand who owns the devices (corporate or personal) since corporate devices are easier to protect compared to personal ones because they are covered by the institution’s security policies.
Based on the above, New Generation remote access solutions should be used, supplied by several manufacturers such as Check Point, Fortinet, F5, Cisco, etc., which allow the implementation of access policies, in order to adjust profiles and accesses, in accordance with previously established restrictions, mitigating possible security flaws.
What kind of apps and data do users need to access?
From a performance perspective, the usage of cloud applications through an Always On VPN for the company does not make much sense. The technologies used have to be powerful enough to be sufficiently smart to direct traffic through the cloud without overloading on-premises equipment.
Based on this need, Cloud Infrastructure Security Broker (CISB) can be used, which will intelligently manage on-premises resources and the various cloud solutions, optimising the access to them.
Where is the user located?
With the increasing globalisation of accesses, it is necessary to assess the geographical origin of accesses to a company. If the users that normally access the remote access infrastructure are usually local, the fact that a user is accessing, for example, from North Korea, is supposed to raise alerts, because it may indicate a cyber attack.
With that in mind, when choosing remote access solutions it should be checked if the equipment supports geographic IP information and when implementing the access policy, it should be evaluated from which geographic origin the accesses are allowed.
Does the equipment comply with the security policy?
In corporate networks, the use of a Network Access Control (NAC) solution allows us to assess the equipment that connects to the network:
- Is the Antivirus up to date and active?
- Is the patch level within the Baseline defined for the company?
- Is there active Malware protection?
- Is it a corporate equipment?
By asking these questions, it will be possible to place this equipment in a quarantine network for later remediation or deny access if it does not comply with the policy.
There are complementary solutions to remote access clients, such as Check Point Mobile Client, that allow to verify if a device complies with an access policy, denying access if it is not.
In short, the implementation of remote access raises several problems that normally would be controlled or would not exist in corporate environments.
The correct analysis of the various factors to be considered when choosing a solution and defining the access policy allows the implementation of secure solutions and prevents the remote access vector from becoming a “gap” in a company’s cybersecurity.
Being specialists in this area, with experience in implementing the best cybersecurity solutions in the market, New Cognito is available to provide any further information you may require and talk about how it can create the best solutions, tailored specifically for your organisation.