Page 10 - index
P. 10
Best Practices: Secure Remote Access to Corporate
Infrastructure
by Bob Swanson, compliance engineer, LogRhythm Labs
Many of us work remotely at some point and need to access corporate file shares and other
network resources. As an organization, the employees are as much of an effective (or
defective) means to securing remote access into a network as IT solutions that are applied. In
this article, I will discuss appropriate methods for users remotely accessing corporate or cloud
infrastructure.
Here are some areas of best practice to consider:
Always use a Virtual Private Networks (VPN): All authorized users should connect to a
centrally authenticated VPN. The client software associated with that VPN may need to be
installed on your local machine.
For connections where strict data confidentiality is required, as seen with intellectual property for
example, remote access devices should leverage end-to-end encryption.
Confirm you are logging into a legitimate site or access point: This includes both the
coffee shop up the street (public Wi-Fi) as well as your own home network. It’s important for
end users to take ownership for ensuring they are connecting to a legitimate, secure access
point.
In some public access points where a VPN is not available, data associated with strict
confidentiality should not be sent over that access point.
Ensure the login page is served up via HTTPS: When logging into a web page over HTTP, it
should be noted that credentials will be sent in clear text. This means that any man in the
middle or sniffing techniques could obtain those credential or session tokens and lead to a
potentially compromised account.
As compromised account credentials are a leading factor in opening the back door into the
network, it is vital for users to be aware of this.
Only use IT approved software or applications when using business related machines:
The only time domain credentials should be used are when logging into the domain itself or
through services known to be part of single-sign-on.
Lastly, when leveraging web facing applications, ensure they are approved and are associated
to the business such as SalesForce.com, SharePoint and Egnyte.
10 Cyber Warnings E-Magazine – July 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide