Scribd
Upload
155 views

Remote Access Security Best Practices

Remote work has increased organizations' attack surfaces and vulnerability to cybercriminals. To help secure remote access, the document provides two checklists of best practices for organizations to implement, including using managed devices and encryption, keeping software updated, enforcing password policies, conducting security training, using VPNs and multifactor authentication, restricting RDP access, disabling unnecessary access, and performing regular audits and risk assessments. Implementing these practices can help organizations mitigate risks from their expanded remote operations.

Uploaded by

Ahmed M. SOUISSI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
155 views

Remote Access Security Best Practices

Remote work has increased organizations' attack surfaces and vulnerability to cybercriminals. To help secure remote access, the document provides two checklists of best practices for organizations to implement, including using managed devices and encryption, keeping software updated, enforcing password policies, conducting security training, using VPNs and multifactor authentication, restricting RDP access, disabling unnecessary access, and performing regular audits and risk assessments. Implementing these practices can help organizations mitigate risks from their expanded remote operations.

Uploaded by

Ahmed M. SOUISSI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Remote

Access Security
Best Practices
How to ensure security when so many
of your employees are working remotely
With the explosion of cloud technologies and widespread availability of broadband internet, many organizations
are allowing employees to work remotely. After all, being able to work from anywhere enhances flexibility and
productivity. But it’s not so rosy for the IT pros who need to set up the infrastructure to support remote work. As
they strive to ensure seamless access to services and applications, other important projects are getting put on
the back burner — including critical security-related initiatives. Cybercriminals are noticing that organizations
are more vulnerable than ever, and are ramping up their attacks.

Checklist 1: Making your remote setup as secure as possible

No matter how far along you are in setting up your infrastructure to support remote work, here are some
valuable tips for making it as secure as it can be:

ƒ Whenever possible, use managed devices. For every device that connects to your network.

ƒ Enable encryption using BitLocker for Windows and FileVault for macOS.

ƒ Install antivirus protection and a firewall.

ƒ Ensure all operating systems and other software are currently supported by the vendor.

ƒ Keep all operating systems and other software up to date, with all critical updates installed.

ƒ Enforce password policy, disable automatic login, and enable automatic lock.

ƒ Enable “find my device” and remote lock/wipe capabilities

ƒ If you’re not able to use managed devices, give all employees a security guide that explains the security
measures required and recommended for remote workers.

ƒ Conduct threat awareness training for your employees on regular basis.

ƒ Use VPN — remember that your employees might use public Wi-Fi networks.

ƒ If possible, use multi-factor authentication (MFA) to protect VPN accounts and cloud services from
unauthorized access.
ƒ Avoid using Remote Desktop Protocol (RDP). If you have to use RDP:

ƒ Don’t expose RDP to the internet. All activity should be go through a secure connection.

ƒ Avoid direct RDP connections. RDP sessions should be forced through Remote Desktop Gateway
(ideally, in a DMZ).

ƒ Restrict RDP access to a whitelist of users and servers.

ƒ Do not use default port numbers when setting up remote connections.

ƒ If possible, restrict remote access to a whitelist of known-good IP addresses.

ƒ Wherever possible, disable “everyone” and “anonymous” access.

Checklist 2: Mitigating the risk of your widened attack surface

Taking the steps in the previous checklist will help make your environment more secure, but your attack surface
is still larger than ever. Follow these best practices to further mitigate the risk of breaches and other security
incidents:

ƒ Follow basic housekeeping best practices. In particular:

ƒ Identify all stale and unused accounts and then delete or disable them.

ƒ Review all permission and remove excessive and unused rights, especially remote access rights.

ƒ Prune the number of privileged accounts.

ƒ Overhaul your AD delegation model.

ƒ Shut down or uninstall unused network services.

ƒ Refine your Group Policy.

ƒ Ensure that your password policy is configured correctly. Check your length and complexity requirements,
focusing on passwords to be easy to remember and hard to guess.

ƒ Have an account lockout policy in place to prevent attackers from getting into your network by guessing a
user’s password. But don’t make the number of failed attempts permitted before lockout so low that you
cause frustration and loss of productivity for legitimate users who make the occasional typo.
ƒ Use Active Directory and Azure AD groups to control access across your infrastructure. Regularly review
your groups and group membership to make sure no one has excessive permissions.

ƒ Ensure that NTFS permissions and permissions to shared resources like SharePoint, SharePoint Online,
OneDrive for Business and Teams follow the least-privilege principle.

ƒ Follow auditing best practices in each of these areas:

ƒ Configuration auditing — Make sure that the configuration of all critical resources matches your
security baseline, and audit all configuration changes for errors and malicious activity.

ƒ Access auditing — Monitor logons to both cloud and on-prem resources, as well as VPN logons.

ƒ Activity auditing — Monitor user activity around data, especially activity around sensitive data and in
cloud solutions that support remote workers, such as SharePoint Online, OneDrive for Business and MS
Teams. Watch for suspicious group membership and permission changes that could indicate privilege
escalation. And be on the lookout for spikes in suspicious activity around your network ports and VPN
connections, especially port scans and failed login attempts, which could be a sign of password-spray
or brute-force attacks.

ƒ Perform an enterprise-wide risk assessment. Pay particular attention to your remote services.

ƒ Document your policies and distribute them to everyone who accesses your IT environment.
Ensure security in the age
of increased remote work
with Netwrix Auditor
Identify and mitigate IT risks to reduce your vulnerability as your remote
workforce grows

Know who has access to what data on your file servers and SharePoint,
and remediate excessive access rights and directly assigned permissions
to protect your critical data

Be notified about suspicious changes to Active Directory and Azure AD


groups so you can promptly revert privilege escalation

Stay on top of attempts to access your systems and data

Proactively spot threats, including both malicious activity and mistakes


by overextended IT teams

Download Free 20-Day Trial

CORPORATE HEADQUARTER: PHONES: OTHER LOCATIONS: SOCIAL:

300 Spectrum Center Drive 1-949-407-5125 Spain: +34 911 982608


Suite 200 Irvine, CA 92618 Toll-free (USA): 888-638-9749 Netherlands: +31 858 887 804
Sweden: +46 8 525 03487
565 Metro Place S, Suite 400 Switzerland: +41 43 508 3472
1-201-490-8840 netwrix.com/social
Dublin, OH 43017 France: +33 9 75 18 11 19
Germany: +49 711 899 89 187
5 New Street Square +44 (0) 203 588 3023 Hong Kong: +852 5808 1306
London EC4A 3TW Italy: +39 02 947 53539

You might also like