InfoSec Blog - Secure Remote Access
July 1, 2018
It is well publicized that today's attackers are ever vigilant in their attempts to uncover weak points in networks, computers, and mobile devices to establish a foothold and leverage vulnerabilities, thus resulting in the compromise of critical assets or personal information. Areas of concern that can lead to a breach include the lack of physical security controls available at remote locations, the use of unsecured networks, and the connection of infected devices to internal networks. The challenge is especially daunting when:
- Users are accustomed to making use of free public Wi-Fi hot spots, and some will use them to access sensitive e-mails and documents.
- Users will e-mail work documents to and from their personal account, despite numerous security problems this creates.
- Users will connect to free USB charging ports available at airports and other public places. These ports pose the risk of transferring viruses and malware to unsuspecting users.
Security Considerations with Secure Remote Access
- Apply computer and mobile device security software, applications, and operating system patches and updates regularly.
- Install and use antivirus, antispyware, and VPN software on computers, laptops, and mobile devices, keeping software definitions up-to-date and running regular scans.
- Never save or store sensitive or restricted institutional data on any remote host or external computing device.
- Use long and strong passwords and never provide usernames or passwords to anyone, not even family members.
- Ensure personal devices are secured against common threats. All remote access devices should receive the same security applications, software, and devices as those found on campus. They should employ antivirus software and data loss protection capabilities, whenever possible.
- Data sensitivity is always an important factor to be considered, as access to confidential or sensitive information should be restricted.
- Assume the worst will occur and plan accordingly. Laptops and other wireless devices are prone to loss or theft. External public networks are especially susceptible to compromise and data interception potentially leading to remote users' devices becoming infected with malware.
- Install and enable a hardware and/or software firewall.
- Configure devices so that authentication is required (e.g., password, passphrase, token, or biometric authentication), runs in "least privilege" mode (e.g., user instead of admin), and times out after a 15-minute period of inactivity.
- Activate and use a "lock" feature prior to leaving the computing device unattended.
- Set the security settings to the highest level on Internet browsers and adjust downward as necessary for Internet use.
Source: Educause Security Awareness