Allowing access to an organization’s resources from outside the corporate network may be necessary for some businesses. Logically, when this kind of remote access is allowed, your organization takes on additional risks and the access should be handled as securely as possible by:
- Ensuring the remote access is encrypted (SSL, IPSec, etc)
- Ensuring there is strong authentication for remote access (2FA)
- Ensuring that strong passwords are required for remote access
- If possible, require remote users to use company-provided hardware that has been secured to your company standards. Otherwise, ensure that employees understand the reasonable standards they should be taking (e.g. antivirus, passwords, etc)
Examples of remote access technologies:
- Virtual Private Networks (VPN) (Note: We recommend all remote access technologies be placed behind a VPN)
- Remote Desktop Protocol (Never expose directly to the Internet)
- RDWeb (remote desktop over web)
- SSL VPN
- IPSec VPN
Limit and review who has access
- Do not allow widely scoped authorization for remote access. Be sure to limit authorization/access to only those with a business need.
- Review authorizations for remote access regularly to assure that no unwanted personnel can access.
Remote access protocols (especially Remote Desktop Protocol or RDP) pose a great risk to organizations of all size. Do not leave these capabilities active unless required. Further, you should never leave RDP exposed to the internet.
As always, Coalition is here to help you on your way. Please reach out to us for additional information!