Supporting the always on, mobile and remote workforce can be challenging. When an employee is having trouble with their system, how do they get help? Instead of struggling over the phone, or with highly technical FAQs, a support technician can remotely connect to view and manage desktops, laptops, devices, servers and virtual machines. However, if you are not working with a trusted and proven technology, you leave yourself open to security vulnerabilities.
Seven Ways To Help You Achieve Remote Access Security
Ensuring your company utilizes strong, industry-standard encryption for your remote access tools will lessen the vulnerability and risk of stolen or intercepted data. Any time data is kept outside the corporate firewall, that connection had better be encrypted. Even inside the firewall, personally identifiable information should be encrypted to meet HIPPA, PCI DSS and other compliance regulations. Advanced Encryption Standard encryption (256-bit key) with SHA-1 hash should be the minimum default.
2) Secure Sockets Layer
SSL encrypts Web communications, but that’s only half the picture. Providing support over the internet via the updated transport layer security protocol requires an X.509 certificate. The certificate validates the identity of the server you are communicating with, ensuring the right endpoint receives the message. Utilizing SSL as the protocol for all remote access connections outside of your corporate network ensures that the client machines are available for connectivity only through the server they trust – the one you manage within your environment.
Strong Windows Authentication is the foundation of secure access, which requires users to provide the proper credentials. In order for an X.509 certificate to work properly, the user must be authenticated through Active Directory. Essentially, users must log in to prove they are who they say they are. Strong support tools that disallow common passwords such as "12345678," "password", are essential. Also, a policy should be enacted that requires lockout in Active Directory to disable an account if an employee leaves the company.
4) Two-Factor Authentication
Two-factor authentication is an extra measure that can be enacted to establish a stronger security posture. An option in two-factor authentication is the requirement of a second code before allowing a user to log in. This second code could be acquired from an SMS message to a mobile phone or in another format, such as a software-protection dongle.
5) Access Authorization
The director of IT is ultimately responsible for the livelihood of all corporately issued machines, and with that comes managing who gets to remotely access what systems. Network administrators should only grant remote access capabilities on a need-to-have basis, and should also only grant the specific pieces of remote access capabilities that are necessary.
Quite simply, all remote access activity needs to be logged. To meet compliance standards, it is mandatory to have real-time assurances that remote access connections are occurring according to policy. Connection analytics and connection reporting are needed to audit all attempted remote connections (successful and failed), along with the activities performed during those remote control sessions.
7) Get Help
Find a product developed by industry experts who understand the importance of remote access security. Proxy Networks is a leading provider of remote desktop, remote support and remote collaboration software for help desk technicians, network administrators and IT managers. PROXY Pro is used by hundreds of thousands of customers every day to manage millions of endpoints.